Cyber defence cannot be effective unless it becomes more automated and proactive, says Raja Patel, vice-president general manager of corporate security products at McAfee.

To illustrate the point, he used the Red Queen’s race in Lewis Carroll's Through the Looking-Glass, which involves the Red Queen and Alice constantly running, but remaining on the same spot.

The Red Queen tells Alice: “Here, it takes all the running you can do to keep in the same place. If you want to get somewhere else, you must run at least twice as fast.”

Patel told the MPOWER Cybersecurity Summit in Las Vegas: “We are in the same evolutionary race against cyber predators, who are constantly evolving to resist our latest defences.

“We can’t simply change our pace – we have to change the race.” This, he said, is at the heart of McAfee’s drive to enable more proactive cyber defence.

Organisations need to think of their security posture as a lifecycle, of bringing protect, detect and correct together while making sure the environment is able to adapt to the changes yet to come, said Patel.

“It is also becoming evident that the endpoint and cloud are our future control points, and that security operations is the new situation room,” he said.

In the past year, McAfee has applied machine learning, boosted capabilities to detect and respond, enabled greater automation of remediation controls on the endpoint, and improved data loss prevention through closer endpoint-network integration.

“These reflect our commitment to product innovation at McAfee across that lifecycle, but product is just one part of the equation,” said Patel.

“The productivity opportunity is a key enabler in getting more out of the constrained assets we have – your people. And we are going to modernise security operations to help you do just that.”

In this regard, Patel said McAfee sees automation and artificial intelligence playing a “key role” in bringing new capabilities that enable organisations to get more value.

“This is about human-machine teaming to make junior analysts more effective and senior analysts more scalable,” he said.

“And finally, we want to be able to close the loop and remediate if there is an issue, with the ultimate goal of adapting your environment to protect from similar threats in future.”

To this end, McAfee has created a scalable, open data analytics platform in Enterprise Security Manager 11, which is scheduled for general release in the first quarter of 2018 after testing is complete, said Patel.

“At its heart is a data bus that allows for raw, parsed and correlated events to be shared between a variety of applications from McAfee and its partners,” he added.

Second, Patel announced a partnership with Interset to bring McAfee Behavioural Analytics to market in January 2018 to complement McAfee’s security information and event management (Siem) and data loss prevention (DLP) technologies.

Third, he said McAfee has taken on the challenge of making security analysts’ lives a lot easier. The newly announced McAfee Investigator discovers “critical insights” to rapidly orient security analysts to get the context they need, acting as a “force multiplier” for the security organisation, said Patel.

“It gathers the right data, identifies what matters, puts it into context and suggests next steps. It is a learning technology that gets smarter as it learns and evolves.”