Cyber defence cannot be effective unless it becomes more automated and proactive, says Raja Patel, vice-president general manager of corporate security products at McAfee.
The Red Queen tells Alice: “Here, it takes all the running you can do to keep in the same place. If you want to get somewhere else, you must run at least twice as fast.”
Patel told the MPOWER Cybersecurity Summit in Las Vegas: “We are in the same evolutionary race against cyber predators, who are constantly evolving to resist our latest defences.
“We can’t simply change our pace – we have to change the race.” This, he said, is at the heart of McAfee’s drive to enable more proactive cyber defence.
Organisations need to think of their security posture as a lifecycle, of bringing protect, detect and correct together while making sure the environment is able to adapt to the changes yet to come, said Patel.
“It is also becoming evident that the endpoint and cloud are our future control points, and that security operations is the new situation room,” he said.
In the past year, McAfee has applied machine learning, boosted capabilities to detect and respond, enabled greater automation of remediation controls on the endpoint, and improved data loss prevention through closer endpoint-network integration.
“These reflect our commitment to product innovation at McAfee across that lifecycle, but product is just one part of the equation,” said Patel.
“The productivity opportunity is a key enabler in getting more out of the constrained assets we have – your people. And we are going to modernise security operations to help you do just that.”
In this regard, Patel said McAfee sees automation and artificial intelligence playing a “key role” in bringing new capabilities that enable organisations to get more value.
“This is about human-machine teaming to make junior analysts more effective and senior analysts more scalable,” he said.
“And finally, we want to be able to close the loop and remediate if there is an issue, with the ultimate goal of adapting your environment to protect from similar threats in future.”
To this end, McAfee has created a scalable, open data analytics platform in Enterprise Security Manager 11, which is scheduled for general release in the first quarter of 2018 after testing is complete, said Patel.
“At its heart is a data bus that allows for raw, parsed and correlated events to be shared between a variety of applications from McAfee and its partners,” he added.
Second, Patel announced a partnership with Interset to bring McAfee Behavioural Analytics to market in January 2018 to complement McAfee’s security information and event management (Siem) and data loss prevention (DLP) technologies.
Third, he said McAfee has taken on the challenge of making security analysts’ lives a lot easier. The newly announced McAfee Investigator discovers “critical insights” to rapidly orient security analysts to get the context they need, acting as a “force multiplier” for the security organisation, said Patel.
“It gathers the right data, identifies what matters, puts it into context and suggests next steps. It is a learning technology that gets smarter as it learns and evolves.”
Collaboration with the industry
Patel said collaboration with the security industry is another important part of McAfee’s strategy, taking the opportunity to announce the integration of the firm’s Data Exchange Layer (DXL) with Cisco’s open pxGrid to create “one of the world’s largest open ecosystems”.
And finally, he said many organisations are struggling with visibility into their hybrid cloud environments. “But with McAfee Cloud Workload Security, we can get you the visibility you need into public cloud environments, including Amazon, Azure and VMware,” he said. “It finds all the workloads, classifies them and tells you where you may not have adequate security controls.”
According to Patel, the threat defence lifecycle “just got real” in the hybrid cloud with the ability to gain visibility of workloads, provide protection with machine learning technologies, detect and monitor lateral movement, and remediate with automation.
In conclusion, he said McAfee is delivering on automating the threat defence lifecycle of protect, detect and correct by bringing innovations to the endpoint and the cloud as the new control points and security operations as the new situation room.
“The Red Queen’s race is a perfect metaphor for the evolutionary arms race we find ourselves in every day against cyber criminals,” he said. “But I don’t think we should subscribe to the Queen’s rules, and I don’t think we should have to run at least twice as fast to get somewhere.
“Unfortunately, many of us are running as fast as we can only to find ourselves seemingly standing still. But let’s not run a different pace. Let’s run a different race. We can do that when we rewrite the rules and design an environment that is as proactive as we are. In doing so, we finally get a chance to defeat the Red Queen.”