McAfee CEO looks to security in virtual environments

McAfee is hunkering down to integrate the security technologies it has bought over the past several months into its varied line of security software and appliances. Two trends in the company's activities are developing parallel products for deployment as software on endpoints and as network-based appliances. This week, for instance, the company is announcing that NAC software can be installed on its IntruShield IPS appliance to give customers the option of enforcing NAC policies in the network, not just on the endpoint. The company is bringing management of these platforms under control of its ePolicy Orchestrator (ePO) in an effort to centralize control of network security. Network World Senior Editor Tim Greene spoke with McAfee CEO Dave DeWalt about these efforts as well as other issues facing the company.

McAfee made significant acquisitions in buying Secure Computing and Reconnex. What will you do with their technologies?

With these acquisitions we have a state of the art, never-been-broken firewall that we can begin to integrate with IPS, we can also integrate NAC, we have e-mail and Web filtering on an appliance, we have data-loss prevention at the gateway, we have encryption at the gateway we can do archiving at the gateway - we have a suite of offerings that enable us to do what we were doing at the endpoint, creating a suite with more functionality.

We're not fully integrated into ePO on every component of that yet having just acquired Reconnex and Secure Computing, but the goal is to integrate that into ePO.

How will ePO evolve?

As we launch our next major release of ePO [next year] it will have a lot more user and event management capabilities in the product. We have a major effort underway in engineering with virtual device capabilities.

We're starting to see virtual desktops and servers massively deployed and we started thinking about to manage both physical IDs as well as virtual IDs. It enters into a new stratosphere of management. We're looking to do things the market has never seen, particularly in how it comes back to NAC. Unified secure access is an endpoint problem and a network problem. We feel we're pretty uniquely positioned to leverage and interlock our endpoint strategy with our network strategy. McAfee is the only security vendor that offers a product for the network as well as a comparable product on the endpoint and really integrates them.

Like we've done on the endpoint for host intrusion prevention and network intrusion prevention, where we can import signatures from our network product into our host product, match the policies, create a multi-layer defense.

Things like we're doing with data loss and prevention, we can classify data and block it at the port, block it at the host as well as block it through the protocol on the network.

Now you've got the NAC solution which is the same type of thing where you can control network access, quarantine users, unmanaged users both inline and out of band can both be monitored through the network as well as protected on the host. As we evolve that you'll see more and more of that capability coming out of McAfee.

Doesn't that increase complexity?

We think it's the opposite. When you have a console then the secret sauce is having one set of policies that can govern both the network and the host through ePO.