At the Black Hat event in Las Vegas, McAfee has made a plethora of announcements involving updates to its products. They also expanded their OpenDXL initiative with a new portal, OpenDXL.com, and announced new vendor members of their McAfee Security Innovation Alliance.
The theme running through the product announcements is the need to strengthen human-machine teams, expanding machine learning capabilities in a collaborative fashion with human capabilities.
“Our belief is that we don’t have enough humans, but also that we can’t just throw tools at a problem to solve it,” said Barbara Kay, Senior Director, Product and Solutions Marketing at McAfee. “We have to harness them together. That balance, that force multiplier in human-machine collaboration, is important. There are certain tasks that machines are well-suited for, and there are others where it’s important to have humans in the loop. Our view is that collaboration is really where the industry needs to focus.”
One solution, McAfee Advanced Threat Defense (ATD) software, has had machine learning capabilities added to it for the first time in its 4.0 version.
“The machine learning capability in ATD is new, although it did have six different layers of analytics before,” Kay said. “The machine learning complements the other capabilities. It’s now able to detect certain types of ransomware more effectively because of the way that it works.”
In addition, the McAfee ATD Email Connector now lets email security gateways forward suspicious attachments to McAfee ATD for analysis.
The McAfee Enterprise Security Manager (ESM) SIEM offering has been upgraded by better integrating risk analysis from McAfee GTI.
“We have now fully integrated risk visibility and vulnerability assessment into the core product,” Kay indicated. “This was present before, but was separate from the product, and it is now native to it.
Kay said that this will make it easier for the SOC to identify threats and assess the impact of new vulnerabilities.
“We give you an ongoing threat intelligence feed, so you can really understand how relevant something is,” she said.
McAfee also announced McAfee Connect, a new content portal to access SIEM content packs and compatible SIA partner solutions that improve the functionality of McAfee Enterprise Security Manager.
McAfee is also stressing the fuller integration theme around its McAfee Data Loss Prevention (DLP) products — DLP Endpoint, DLP Prevent, DLP Discover and DLP Monitor.
“In the past, we integrated some of these capabilities but we didn’t have the same common classification engine and dictionaries all integrated from the ground up,” Kay said. “This is something that we have been unifying over the course of several years. It is more efficient and provides a better user experience.”
The technology in McAfee’s dynamic endpoint protection, which leverages machine learning to improve detection capabilities, has been extended. A new integration between McAfee Cloud Threat Detection (CTD) and McAfee Threat Intelligence Exchange (TIE) lets McAfee Endpoint Security (ENS) forward suspicious samples to a cloud sandbox for in-depth analysis.
“This is all about human-machine teaming as well,” Kay said. “The same interaction that we use on endpoints is now available on our sandbox-as-a-service.”
Last November, the company announced that the McAfee Data Exchange Layer (DXL), a messaging bus which provides a standardized application framework to share threat intelligence in real time, across vendors, will be open sourced through their OpenDXL initiative. The idea is to massively expand the technology’s use. Now they are building on that by announcing a new portal, OpenDXL.com, to serve as the focus for the open source community around DXL.
“Last year, we made the Python Client open source, and while we have a place where the source code lives, it’s not ideal place for a community – for forums and conversation,” Kay said. “OpenDXL.com also provides a one stop shopping experience through a new app marketplace for OpenDXL apps. In addition, we have introduced a bootstrap utility to make it easier to connect API service wrappers to the fabric. We introduced the service wrappers earlier this year at RSA. They reduce the complexity of doing an integration and allow for selective opening of APIs. This expands that by reducing the writing time for service wrappers by about 60 per cent.”
Finally, the company announced a dozen new members in their McAfee Security Innovation Alliance technology partner program. In alphabetical order, they are: AGAT Software; Cisco Systems; Extreme Networks; Gigamon; HPE; Identiv; Kemp Technologies; Lumeta; Resolve Systems; Siemplify; SkyFormation; and Swimlane.