McAfee Focus 2013

McAfee Focus 2013: Security is about enabling tech benefits, says McAfee

Warwick Ashford

Information technology can remove barriers to open up the world, but only if people know they can use it without risk, according to Mike DeCesare, president of security firm McAfee.

“Our job is to make customers feel free to be online and use the internet in a positive way,” he told the opening session of

    Requires Free Membership to View

McAfee Focus 2013 in Las Vegas.

The information security industry’s challenge, he said, is to enable the upside of a connected world, cloud and mobile in the face of increasingly sophisticated attack methods available to adversaries.

In the past 12 months, the main trends have been an increase of targeted Trojans through free applications and an increase in the use of detection evasion techniques, said DeCesare.

Evasion techniques

One example of this is breaking up attacks into benign components to sneak them past detection systems, said Mike Fey, executive vice-president and chief technology officer at McAfee.

“On its own, diet Coke is harmless and Mentos sweets are harmless, but put them together and you have an explosive soda fountain,” he said.

In a live demonstration, Fey showed how Conficker could reach its target by being broken down into harmless pieces and then reassembled and executed on the client network.

But this type of attack is detected, he said, by anti-evasion technology that will be available to McAfee through the acquisition, finalised in July, of Finnish firewall company Stonesoft.

DeCesare said Stonesoft is an “incredible asset” because it was key to enabling McAfee to be a major player in network security.

Another increasingly common evasion technique is the ability of malware to halt execution if it detects it is in a sandbox.

“This means the security industry has to go beyond the simple sandbox to trick the malware into executing in what appears to be the target environment,” said Fey.

It also requires static code analysis to raise alerts where there is any chunk of code that is not executing, because this could indicate sandbox evasion.

Security innovation

“In the past year we have seen very aggressive innovation by our development teams, driven by an understanding of these and other major trends,” said Fey.

This innovation, he said, has been aimed at making products “secure by design” and bringing to fruition McAfee’s five-year-old vision of security connected, now being adopted by others in the industry

McAfee’s development teams have been driving hard at creating best of breed products, he said, as well as providing a data exchange capability.

DeCesare said point to point information exchange is useful, but he said it is not sustainable. “A data exchange capability plugs in everything in an open, standard and scalable way,” he said.

Fey said the data exchange layer is like the human body’s central nervous system, feeding data from security controls across an organisation, including third-party products, into a central system.

This is McAfee’s vision of "security connected" to enable real-time, automated threat identification and mitigation supported by security analytics.

"I am committed to bring automation to security to help overcome the fear [of using technology]," said Fey.

In conclusion, he said the full realisation of the vision is getting closer: “Security connected will be open, it will be extensible, and it will happen.”