McAfee DeepSAFE technology not yet a game changer, say analysts

Deep Defender examines memory processes, enabling enterprises to block or deny actions to provide rootkit protection. Analysts say there may not be great demand for the protection.

McAfee unveiled this week its first products using DeepSAFE technology, which is designed to monitor and control underlying memory and CPU processes, but the initial technologies are being met with a tepid response from industry analysts who question how receptive enterprises will be to adopting it.

Conceptually, there is great value in the direction these folks are headed; whether or not they can truly execute on their vision remains to be seen.

Pete Lindstrom, research director, Spire Security

DeepSAFE holds promise, but so far, initial products being unveiled are far from being security industry game changers, said Andrew Braunberg, research director for enterprise networks and security at Sterling, Va.-based Current Analysis. DeepSAFE taps into Intel chipsets and also makes Intel’s vPro technology more usable by connecting the management capabilities into McAfee’s EPO. Intel vPro enables access to a PC regardless of the state of its operating system or whether it is powered on. Up until now, few organizations have been using vPro, Braunberg said.

“I don’t think there’s much more we’re seeing here than how they really initially painted DeepSAFE,” he said. “They still haven’t gone into a lot of detail, but what we’re seeing is McAfee using vPro features that have been available.”

The new products were unveiled at the McAfee Focus 11 user conference in Las Vegas. Deep Defender, which offers hardware-based kernel-level security, was designed closely with Intel. It can detect suspicious processes that could indicate the presence of rootkits.  The company also announced ePO Deep Command, which gives administrators the ability to manage systems remotely, even if they are turned off.

McAfee indicated they are the first in a line of new hardware-based security technologies that can run beneath the operating system using Intel chipsets, as well as Intel’s vPro technology. The company said its product strategy aims to provide security for devices with smaller footprints, such as smartphones and tiny embedded devices. 

The Deep Defender technology will report, block and quarantine suspicious processes that attempt to load in memory. The company claims Deep Defender can detect the presence of rootkits with 90% effectiveness. The technology works with Intel i3, i5 and i7 processors.

Rootkit detection is good, but really this is just the tip of the iceberg and it’s not something the entire industry would say is the most pressing problem that needs to be solved.

Chenxi Wang, vice president and principal analyst, Forrester Research Inc.

McAfee’s DeepSAFE technologies hold promise, but whether they are a game changer or not remains to be seen, said Chenxi Wang, vice president and principal analyst at Cambridge, Mass.-based Forrester Research Inc.

“Rootkit detection is good, but really this is just the tip of the iceberg and it’s not something the entire industry would say is the most pressing problem that needs to be solved,” Wang said. “DeepSAFE itself has the potential to be very unique in terms of what is available in the industry today, but we have to wait and see how receptive customers are to this technology.”

McAfee is integrating its DeepSAFE products with its ePolicy Orchestrator (EPO) for centralized management capabilities. Also unveiled this week was ePO Deep Command, which relies on Intel vPro and its Active Management Technology, enabling IT teams to remotely connect to computers, check system configurations and provide energy management capabilities, regardless of whether a machine is turned on. It does not enable remote patch management capabilities.

Laptops that have Intel’s vPro processors have had hardware-based security and manageability capabilities. Other security vendors have used Intel chipset technology to provide similar security features. Austin, Texas-based Absolute Software uses the same technology as McAfee to connect to Intel’s anti theft technology. The company doesn’t provide rootkit protection, but it embeds its software in the firmware and can remotely wipe devices, prevent the OS from booting, recover data from them and track them using location data when the PC is off or the operating system is down.

McAfee’s ePO Deep Command is also similar to other currently available security management technologies. BigFix, which was acquired by IBM last year and is now called IBM Tivoli Endpoint Manager for Security and Compliance, integrates with Intel’s vPro to provide power management capabilities. The IBM endpoint manager can reach endpoints regardless of location, connection type or whether they are on to provide remote patch and configuration management.

McAfee is headed in the right direction with hardware-based security, but it may take some time before enterprises recognize a need, said Pete Lindstrom, research director at Malvern, Penn.-based Spire Security. Further complicating McAfee’s strategy is that hardware-based security adoption has been minimal. vPro penetration in the enterprise has also not been comprehensive in any way, Lindstrom said.  It’s unlikely that many enterprises are going to undergo an overhaul of their laptop environment, he said.

“The idea is that we’re so virtualized and so distributed that the rug is being pulled out from under us from a systems perspective,” Lindstrom said. “Conceptually, there is great value in the direction these folks are headed; whether or not they can truly execute on their vision remains to be seen.”

There are also subtle signs that McAfee’s overall strategy may be changing under Intel after the departure of McAfee president Dave DeWalt in June, according to Forrester’s Wang.  DeepSAFE was the main message to attendees at McAfee’s user conference this week, she said.  Attendees heard little about McAfee’s cloud computing security plans or about its strategy to further integrate with Wind River Systems, which was acquired by Intel for $884 million in 2009 – both themes that resonated at the 2010 Focus user conference.

“It seems they’re now focusing mainly on endpoint- and platform-level security, but they tell me that the commitment and investment is there to continue progress in other areas,” Wang said.

A McAfee spokesperson was unavailable for an interview Wednesday. In an email message, Anthony Jennings, vice president of business development and strategy for Intel at McAfee, said the company remains committed to its product roadmap.

"McAfee continues to invest in cloud and Wind River extensively. We look forward to some announcements coming out in six to 12 months,” he wrote.”We have taken some of Intel's technology and integrated it into our cloud strategy."

Dig deeper on Security Industry Market Trends, Predictions and Forecasts

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close