Last week I attended the annual McAfee event in Las Vegas, Focus 2014. The event was very interesting and offered an educational discussion on cybersecurity, so today I'm breaking the unwritten law by sharing some of my event highlights… What happens in Vegas doesn't always stay in Vegas!
The event centered around the theme: “Pulling it all together”, or in other words, building an Orchestrated defense. McAfee is beginning to move away from disconnected endpoint security, preferring a more holistic approach. Their aim is to share threat intelligence between all the security appliances and software to build a more secure computing environment.
Creating a central repository to gather and manage all the threats from various sources (like IPS, GIT, NSP, ACE and others) allows suspicious behavior detection intelligence to be shared quickly and more efficiently. Not only that, but relying on shared threat information reduces the need to examine and analyze some of the packets (based on history) reducing network latency and improving performance. The McAfee repository product is TIE (Threat Intelligence Exchange) and through a Data Exchange Layer (DXL), all McAfee technology partners (like Tufin) can be part of this joint effort
Backing the McAfee vision, Gartner analyst Lawrence Pingree shared Gartner's perspective on network security. He believes that attackers are now using advanced evasion techniques to their advantage, making the visibility of evasion intelligence essential. He shared an interesting framework, IASC – Intelligence Aware Security Controls that alongside the concept of Adaptive Security Infrastructure can help organizations move towards next gen IT security.
Unsurprisingly, SDN and SDDC were very hot topics at the event. Stand-out for me was a panel that included Curt Aubley, Dr. Ratinder Ahuja, Ram Venugopalan from McAfee security team, Tom Corn from VMware, Zane West from Dimension Data and Scott Carlson from PayPal. The team agreed that today's security wasn't built for tomorrow's data centers (the Software Defined Data Center) and as such a new approach to security must be developed and adopted. The new paradigm is known as “Software Defined Security” and it contains three main pillars:
- Ubiquitous and Agile – Security functions adapt to workload requirement and changes
- Secure – Use Software Defined Infrastructure (SDI) for context awareness and automated remediation
- Efficient and Extensible – Optimized architecture, automated management and investment protection.
Scott Carlson solutions architecture & integration specialist at PayPal has found from his team's experience at Paypal that SDDC delivers:
- Compute capacity that we use anywhere (no more silos)
- Dynamic network isolation within large security zone
- Flexible network topologies
- Service-oriented approach to delivering capacity
The event was full of further innovations and ideas, but who am I to share all of Vegas' secrets?! I'm looking forward to returning next year for more insight on this evolving space.