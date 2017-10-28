A lower degree of alignment between the various threat defences deployed by organisations can deliver better defence, according to Steve Grobman, senior vice-president and CTO at McAfee.

Download this free guide Data protection: Not just about personal data and compliance From a hacker perspective, many organisations are still leaving the front door open and the windows unlocked. Failure to protect and handle data correctly can also result in punitive actions for companies participating in the digital economy. Wake up and get the knowledge to get protected. Start Download Corporate E-mail Address: You forgot to provide an Email Address. This email address doesn’t appear to be valid. This email address is already registered. Please login. You have exceeded the maximum character limit. Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent. By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

“This is what I call the threat defence correlation paradox,” he told Computer Weekly, saying that if an organisation is using perfectly aligned technologies, there will be no overall gain in efficacy.

This means that if an organisation is using three perfectly aligned technologies that each have an efficacy of 70%, the combined effect will still be only 70%, said Grobman.

“If they are perfectly correlated, that means they are essentially only going to give the same answer to everything – they are all going to detect the same things,” he said.

Therefore, deploying extra technology does not necessarily result in better threat detection, and for this reason, McAfee’s technology development typically aims at low correlation with existing technologies.

“If we are considering a new technology that covers what existing technologies already cover, then we dismiss it quickly, unless it is cheaper to produce,” said Grobman.

“Paradoxically, having a lower correlation will result in a higher level of defence because a correlation of zero means that the detection of each technology will be independent from the others.”

This means that three technologies with a 70% efficacy rate could potentially deliver a combined efficacy of 97.3% if there is zero correlation, he said.

“Since they are independent, the only time you will not detect a threat is when all three fail,” said Grobman.

“And because there is a 30% likelihood of failure for each, the combined likelihood of failure is 0.3 X 3, which is 2.7%, and subtracted from 100% gives a combined detection capability of 97.3%.”

In other words, said Grobman, with exactly the same detection rates of 70% each, a higher overall level of defence can be achieved through layering if there is a low level of correlation or overlap.

“Using this concept, we can pick technologies that might otherwise be discounted if they were looked at on their own,” he said. “Even if a technology detects only a few percent of threats, if it is in an area we do not have coverage on, it could be amazingly valuable.”

Having a highly analytical approach to technology and its deployment enables McAfee to build a much better defence capability than security suppliers that are focused on making one thing better, said Grobman.

“If you take one thing and try to make it better, you will start getting diminishing returns, but if you layer multiple technologies in a technology teaming fashion, and as long as you do that by applying well-founded scientific methods to it, you can get to a much better outcome than any technology on its own.”

In line with this approach, McAfee is designing its products to allow the inclusion of different technology modules, he said.

“So, if we find something in our research and development labs that fits this mathematical model well, we can just snap it into the product. We don’t have to design a whole new product.”