Intel Security has a dream of seeing customers using nothing but McAfee products, but understands that it probably can't have it all. Instead, Intel's Security Connected strategy places Intel as the hub for all products, regardless of vendor, in a company's portfolio. Meanwhile, experts worry that the management hub is getting too complex.
Partnerships have become a major focus of the Intel Security Connected strategy, said Ryan Allphin, senior vice president and general manager of security management at Intel Security, by building off of the McAfee Security Innovation Alliance (SIA), a partnership program that has been in existence since before Intel purchased McAfee.
The SIA partners are given the tools to integrate products with Intel Security technologies, most notably the E-Policy Orchestrator (EPO) which is the central security management hub of the Intel Security portfolio. According to Allphin, the SIA had more than 150 partners as of April 2015.
"We knew that that's only as good as what's deployed, and as much as I would love to have all Intel Security products deployed, that's not a reality with our customers," Allphin said. "We know there's going to be multiple vendors and they will want to deploy certain types of products, and so we know that platform, the Data Exchange Layer, needs to be open and at the same time, secure."
The Data Exchange Layer (DXL) was one of two platforms, along with the Threat Intelligence Exchange (TIE), introduced by Intel Security in October 2014 and aimed at building deeper integration among products. TIE includes the well-known McAfee antivirus to detect new objects on endpoints and determine what actions need to be taken, while DXL is the standard protocol for sharing information between products.
According to Jon Oltsik, senior principal analyst for Milford, Mass., consultancy firm ESG Inc, Intel has done well to determine what needs to be done to solve the technical challenges of this type of integration.
"They have introduced some middleware layers [DXL and TIE] which I think are especially encouraging, if I'm a customer," Oltsik said. "They've thought about how you externalize the connectivity between applications and that's the way you build enterprise software, so they're taking the right approach."
Oltsik said that this strategy works because it would be very difficult to get enterprises to purchase nothing but Intel Security products, given all the purchases a typical enterprise has already made.
"Historically, the way people bought security tools was they bought best of breed," Oltsik said. "If I have 70 different tools in my environment, each one of those has a different amortization schedule, so I can't just rip and replace them."
There are inherent challenges though, Oltsik warned, because this is a big transition both for Intel Security and for customers in the market. Oltsik said that Intel Security will not only have to compete at the product level against companies like Symantec and Trend Micro, but will also prove the value of its vision for the Security Connected architecture.
"That's one of the biggest challenges for Intel and for everyone else: Do they have the sales skills, the right go-to-market model, security architects who can work with customers?" Oltsik said. "Because, it's sort of a new approach to start thinking about an integrated security architecture. They're going to have to help their customers consume this."
The initial work by Intel has been to build out DXL and TIE within its own products and eventually extend these out to other products. According to Rick Holland, principal analyst for security and risk management at Forrester Research Inc. based in Cambridge, Mass., that work of extending the protocols should be aided by the existing partnerships in the Security Innovation Alliance.
"They have a pretty good path for integration because so many people are integrating with EPO through SIA that they already have the relationships with a number of vendors," Holland said. "If I was going to go with one vendor, I think they have the best story as far as orchestration and automation in the environment."
Kay said that the aim of EPO is to be the centralized hub at the endpoint and make workflow easier for system administrators, but at least one Intel Security customer noted that workflow was one of the biggest issues with Intel Security products as they stand now.
Sean Slattery, founder and chief technology officer for security analyst firm Caribbean Solutions Lab Ltd., based in the Cayman Islands, has been a McAfee customer for 15 years. He said that the strength of McAfee products is in the power of the tools, but that comes at the cost of complexity. While managing its products has become second nature to him, it can be daunting for new customers and smaller businesses.
"If you combined the on-premise with the framework-as-a-service (FaaS) offerings, the interfaces are completely different, they don't work together per se," Slattery said. "If I create a file that says block these types of files in my email, I don't really care if it's the email scanner for my desktop, for Exchange, for a gateway or FaaS. I want the same policy to apply. It seems like the most logical thing in the world, and we've been asking for it for 10-plus years."
Kay said this was an inevitable challenge for the Intel Security portfolio because it must constantly evolve to meet new and sophisticated threats in the ecosystem.
"Our product designers are continually balancing the need to manage increasingly sophisticated security solutions with the need to ensure customers can quickly deploy, configure, and maintain these solutions," Kay said. "The balance is especially important as more and more customers embrace cloud technologies to secure critical assets."
Slattery noted that this isn't an issue that is unique to McAfee products, but because Intel Security has such a large footprint in the market, the issues can be compounded and the size of the company makes it slow to improve.
Slattery also said there isn't enough collaboration within Intel Security groups when designing products, which only adds to the complexity of the interfaces. He noted that in order to figure out what is running on an endpoint to diagnose a potential issue, you may have to go to four or five different McAfee tools to get the answer.
"McAfee is so large and has so many groups, and they just reorganized again late last year to three business units -- endpoint, network, and management," Slattery said. "It's a weird mix because you can't have management without the endpoint tools playing nice, but the management team doesn't build the management piece for the endpoint. That comes from the endpoint group."
Slattery said the ultimate issue could be a matter of focus for Intel, which he said may be prioritizing integration over workflow right now.
"The whole thing is I want seamless workflow. If I see a bit of data in one dashboard, but I have to manually copy and paste that into something else, that's not integration for me," Slattery said. "That integration workflow is what really needs to be worked on."
Kay said creating this integration workflow is a continuous challenge and noted that through the SIA program, Intel Security has worked to create scripting tools and open interfaces throughout the security management platform to allow users to script workflows across endpoint products from McAfee/Intel and partners.
"Overall, security platforms are alive: they adapt and evolve with changing threats, technologies, and business requirements. Integration is not a ‘once and done’ initiative," Kay said. "Security Connected is the Intel Security vision for how all security products should work together to provide a seamlessly orchestrated solution for customers. Our control, management, analytics, intelligence, orchestration, and context layers enable this vision to become more real with every release."
Learn more about McAfee Complete Data Protection.