Security data exchange: if McAfee builds it, will they come?

McAfee has announced its Security Connected Plaform for security data exchange, but will other suppliers come to the party?

McAfee is the latest information security supplier to admit that the challenges facing organisations are so great that it will take cross-industry collaboration to turn the tide.

A cross-industry approach is being advocated by other big security suppliers, most notably RSA, the security division of EMC, which has embarked on several strategic industry partnerships.

But last week, in Las Vegas, McAfee announced that it plans to support this collaborative approach by providing an open platform to enable the interoperability of security technologies.

The firm’s co-president Michael DeCesare said: "McAfee’s Security Connected Platform will enable organisations to select the most appropriate technologies as part of their defence strategy."

The idea is that McAfee will provide the plumbing – in the form of a data exchange layer – in an open environment to enable customers to combine security controls from different suppliers that all work in concert to improve overall security.

We have recognised the need to enable organisations to set up orchestrated defence; to provide a data exchange layer to tie all security controls and intelligence together,” said Michael Fey, McAfee chief technology officer (CTO).

“The platform will also provide the means for organisations to consume security intelligence from multiple sources of their choice,” said Fey.

Security threat information

This will enable organisations to pull in local, as well as global, threat information to ensure they act quickly and appropriately to information security threats.

“When you have the ability to understand exactly what is going on in your environment, there are so many steps you can take in deciding how to mitigate and remediate threats,” Fey said.

According to Fey, the next three years will demand a tremendous amount of innovation, but McAfee believes organisations need to start with evolving their approach to security.

“It is not enough to block threats, we need to ask questions about who is attacking, why and from where. For this to happen, we need systems that can learn from each other,” said Fey.

This is at the heart of McAfee’s strategy to develop intelligence-led systems and to provide a platform to tie them all together to enable orchestrated, context-aware defence.

If you build it

In theory, this sounds like a good idea, but if McAfee builds it, will other suppliers come to the party and use the application programming interfaces it provides for its Security Connected Platform?

Two McAfee customers at McAfee Focus 2012 in Las Vegas were positive about the security firm’s plans from an end-user point of view.

Advocating a layered approach to security, Corey Cush, vice-president of infrastructure services for New York City Health and Hospitals said the Security Connected Platform would help.

Where McAfee does not have the best of breed or most appropriate technology available, it will give organisations the flexibility to choose the best fit for their needs, he said.

Mergers and acquisitions is another area that the Security Connected Platform is likely to be of benefit, said Gene Fredriksen, global information security officer for toy maker Tyco International.

Having an integration layer will make it easier to bring both organisations up to the same level of security capability, he said.

However, Fredriksen said McAfee is not the first supplier to open up its platform, and it remains to be seen whether other security suppliers will bite. “We’ll have to see how it goes,” he said.

Good track record with open platforms

McAfee has a good track record with the concept of open platforms as the ePolicy Orchestrator (ePO) management console demonstrates, bringing together differing products and functionality to a single point and simplified product management and oversight,  said Andrew Rose, principal analyst, security & risk at Forrester Research.

“The Security Connected Platform seems to seek to allow McAfee Threat Intelligence customers to leverage previous security monitoring investments that selected to use the Connected Platform API; they can then all communicate with McAfee's Global Threat Intelligence (GTI) solution, theoretically offering greater threat insight and actionable information,” he said.

“I feel that McAfee's intentions are good, and will be of interest to their Threat Intelligence client base, but we are likely to see adoption more with the smaller solution providers who will see this as an opportunity to feed into a widely adopted, enterprise level solution,” said Rose.

There is likely to be less activity from manufacturers with competing products who may be reticent to invest and reconfigure to feed a competitors threat intelligence solution, he told Computer Weekly.

“One nice benefit of the platform, however, is that it may enable McAfee to identify and assess potential technology acquisition targets,” said Rose.

Read more on Hackers and cybercrime prevention