Security is the New Business Enabler

Saturday, December 04, 2010

Rahul Neel Mani


Michael Sentonas, Vice President and CTO Asia Pacific at McAfee Inc, has been with the company since 1999.

He is a regular speaker on security issues at industry events and executive roundtables across the Asia Pacific region, and is a passionate advocate of the business value of IT security management.

In an interaction with R Giridhar at the recent McAfee Focus 10 event, Sentonas discusses the evolving security landscape and the new approaches to security.

Q:What technology trends will have the greatest impact on security?

A: Consumerization of IT and expanding definition of what is an end-point will have a huge influence on security. Today, there are many kinds of devices that can be connected to the enterprise network—from PCs and laptops to mobile phones and tablet PCs as well as fixed-function devices such as point-of-sale (POS) terminals, ATM machines, printers, storage and other devices. All of these IP-enabled devices have the potential for vulnerability and exploitation.

A growing problem for IT administrators is the increasing trend of users bringing in their own mobile hardware and devices to the workplace, and then detaching from the corporate LAN taking these devices home. How do you secure such devices and enforce policies in a consistent fashion?

Another technology trend that has been happening for nearly a decade is virtualization. Keeping virtual servers as well as virtual desktops protected, while ensuring performance optimization is another big challenge. Going forward, we will need to think about security for the cloud, in the cloud and from the cloud.

Q:How will these influence the way we think about security?

A: The traditional security philosophy was “defense in depth”. Consequently, IT departments employed a wide range of tools and technologies from various vendors in an effort to ensure adequate security.

While this approach has some benefits, the disadvantages far outweigh them, for example, multiple management consoles that don’t inter-operate, multiple update servers, multiple agents on an endpoint, and overlapping functionalities.

The security landscape continually changes and today, IT teams need to deal with a larger variety and volume of threats, and a dizzying array of computing platforms. The result is a proliferation security solutions and options.

Take for instance a typical corporate organization. It would have deployed solutions including host intrusion protection systems (HIPS) firewalls, desktop and server antivirus, and encryption to ensure security.

Often, these will be ‘best-of-breed’ options. The big problem for the IT department is that these security solutions don’t inter-operate or integrate with each other. So, it becomes very hard to manage them, keep them updated and patched.

Q:What is the overhead associated with multiple solutions versus providing the same functionality from one solution?

A: Organizations need to start looking at newer approaches to security: an example is next-generation whitelisting, an approach that gives you control over application behavior, not blacklisting, to reduce the management overhead. 

Basically, you need to re-think the way you do end-point security, network security, content security, security management with the goal to move to a more optimized security architecture.

Q:What is your company’s vision for next generation security?

A: The traditional model of putting in new security solutions for each new threat vector and scenario is simply not viable. Today, businesses require an integrated intelligent security solution that provides a global view of threats, vulnerabilities, and the counter measures to address them.

We think that McAfee is best positioned to provide a full suite of correlated and comprehensive intelligence that can significantly reduce risk, enhance security preparedness, help meet compliance regulations, and enhance operational efficiencies. We would like security to support business innovation, to allow the use of new technology and services and do it securely and safely rather than security being a business inhibitor.

Q:What are the elements of your next generation security strategy?

A: We are proposing a multi-component and multi-tiered approach to security that can be rapidly deployed, and is easy to manage. Some components of our initiative include:

  • McAfee Security Connected is an open framework for integrating potentially disparate security technologies. The framework enables technologies to work together through collective intelligence, it also enhances each solution’s individual security capabilities, efficiencies, and effectiveness.
  • Delivering integrated security solutions for PCs, smart phones, storage devices, embedded systems, network perimeter, data center, web gateways, mail security, content, through a choice of on-premise, SaaS and hybrid delivery models.
  • Developing predictive security solutions that can proactively find and protect against vulnerabilities, target and predict threats based on policies and events
  • Today’s networks face continuous threats and unauthorized access to resources. Combining real-time threat awareness, award-winning firewall and intrusion prevention technologies with network access control, and an optimized management platform, our goal is to deliver the world’s most comprehensive network defense.
  • Performing ongoing research and analysis to predict threats, perform ‘reputational’ scoring, and rapidly deliver the results to many kinds of connected devices through the cloud.

Q:What specific solutions have you developed that tie into this strategy?

A: While antivirus technologies are still an important part of our product portfolio, we also have network security, data protection, security-as-a-service (SaaS), and risk and compliance business units.

We work on a number of areas of security, including hypervisor-based protection, application white-listing, cloud-based security, as well as management and inter-operation of security solutions.

We have been providing SaaS solutions for over ten years with offerings that span endpoint protection, vulnerability assessment services, e-mail and Web security as well as cloud-based global threat Intelligence technologies. We will continue to advance and improve these services.

Our latest releases are Endpoint Security 9 and Security Management 5. The first provides protection for desktops, servers, virtual machines, mobile devices and embedded systems. 

The Management Optimized for Virtualized Environments Platform (MOVE) technology improves virtual machine density and performance by offloading security functions like AV scanning. It also facilitates seamless security and management control across virtual and physical environments. Our customers say that McAfee Endpoint Security optimizes security performance and reduces the total cost of ownership.

The other new solution is McAfee Security Management 5. This is a centralized management platform that delivers proactive risk management, integration with business operations, and coordinated security defenses.

It can give an IT manager a full risk profile across multiple security layers, vendors, products and solutions—enabling a good understanding of the threat landscape and business risk. When used in conjunction with the Enterprise Mobility Management 9.0 (EMM) platform, it enables enterprises to extend the data centre to smart phones with the same control, visibility and security they get with laptops.

Q:What is your advice to IT managers who need to manage enterprise security?

A: Security professionals have a growing challenge to prevent unauthorized intrusions, they have an obligation to protect the company from data loss and an even bigger challenge just trying keep up with a deluge of threats on the Internet.  Trying to do this when many businesses are keeping IT spend relatively fat in the current economic climate is one challenge.

Another is helping the business understand the challenges, calculating things like annualized loss expectancy (or risk to business) in monetary terms and explaining it to senior management can be very tough. At the same time they also have to plan, implement and run the security systems to protect the enterprise from these risks.

I would suggest that IT managers begin by adopting a platform or framework for security that conforms to their industry-specific needs, and, take a proactive approach to towards both security optimization and deployment. This means that you should:

  • Create and implement a security policy for your organization. Make sure that the policy is frequently reviewed and that it takes into account the evolving threat landscape.
  • Make sure that the people responsible for security are closely aligned with business requirements — otherwise the security policy will not succeed. Security should not inhibit business or impose unwarranted costs and inflexibility.
  • Get good understanding of all your corporate assets and their vulnerabilities. Learn about the counter measures. Anything that can connect to or transact on your network should be understood, only then can you figure out how it can be compromised and of course protected. Audit your network and connected devices regularly and assign a business value to the device.  Based on the value you place on a device or service and understand what vulnerabilities and exposures exist, you can determine the amount of protection technology to deploy.
  • Build protection strategies for the entire organization (including firewalls, intrusion protection systems, and anti-malware programs). Based on your appetite for risk you can choose the solution, vendor and service. Take steps to streamline and unify disparate security strategies.
  • Implement a phased measurement and compliance process to ensure that your security policy is functioning, the protections are adequate, and your organization meets compliance needs. You should have consistent information that gives you a complete view of the risk landscape. Leverage a unified platform to deploy, manage and report on security.
  • Keep yourself updated on the evolving security landscape and threats, and adapt your security policy and protection measures. Educate users about security. People are often the weakest link in the security environment.

 Cross-posted from CTO Forum

Possibly Related Articles:
Enterprise Security Virtualization McAfee SaaS Information Technology
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.