McAfee Offers Global Response to Nationalized Malware
In medieval times, kings let barbarians break down the castle gates but made sure they paid the price once they got inside. McAfee's approach to security takes a similar approach -- since data breaches are inevitable, companies should worry less about the perimeter and more on catching the bad guys in the act.
Fri, February 21, 2014
CIO — McAfee's new Threat Intelligence Exchange sounds rather innocent, but it actually represents the company's response to the growing belief that security threats have become so pervasive and powerful that the entire security defense model has to change. When you have government funding to buy malware, and a massive market for militarized malware growing at a national level, the only way to respond effectively is through global cooperation.
No firm, nor any one government, is powerful enough alone to address this threat. No perimeter defense — which is what we've largely relied on in the past — is effective, either, and any successful response simply has to assume the perimeter is porous.
Your Perimeter, Like a Medieval Castle Wall, Will Be Breached
Imagine it's the Dark Ages and we need to defend our castle. We could build a huge wall, but we'd find that any concentrated attack would eventually breach the wall, and we'd be dead. Castle design was thus altered to include levels of defense — basically assuming that invaders would breach the primary wall but have an increasingly painful attack.
As weapons advanced, this no longer worked. States formed nations, which built armies. Today's cities and town centers are no longer walled. Police forces, national guards, armies and various security agencies provide defense, finding and eliminating threats en masse. As we stopped building massive walls, focus shifted from the perimeter, at least with regard to prevention, to finding and eliminating threats more quickly.
This goes to the heart of McAfee's approach. The Threat Intelligence Exchange is designed to layer over traditional security. It assumes there will be a breach — but it's designed to identify and respond to breaches, all while notifying administrators so damage can largely be eliminated. It recognizes that no wall is strong enough to defend against the class of attacks we now see, much like the knights of old discovered that gunpowder and dynamite made walled cities largely pointless. The defense had to change to match the powerful attacks that were overwhelming traditional models.