McAfee announces real-time reporting and multi-vendor focus for Policy Orchestrator 5.0

No more 'silo operating' as security firm opens its solutions

McAfee CTO Michael Fey announced a real-time reporting focus for the company's Policy Orchestrator platform at McAfee's FOCUS 12 event in Las Vegas today.

Fey spoke of a need for a ‘Mission Impossible' outlook on shutting off options for system infiltrators.

Security, said Fey, is currently "like a rat searching for cheese. Every time they hit a dead end, they turn around and start again. To be an attacker is a trial and error process.

"Systems need to learn from each other," Fey continued. "It should be more like Mission Impossible; pressure sensors and lasers and all that stuff. So they don't come back tomorrow. We need to change the economics of the attacker."

Fey's solution is that security systems need to change so that they are reporting threats in absolutely real time, using the context of individual attacks to intelligently determine their origin and intent. Part of this, said Fey, is for the system to ask questions not like "is HIPS [Host Intrusion Prevention System] running, but "is HIPS running?"

Demoing McAfee's Policy Orchestrator 5.0, Fey showed how a Google-style search UI allows security managers to ask direct questions of the system, and receive intelligent answers based on transparent real-time information.

"What this provides for you," said Fey "is the ability to take action on a global level."

Fey explained how what he described as this "dramatic" step for security software has stemmed from a belief by the company that it's time to leave behind the "Crime Scene Investigation" style of relying on historical data to solve security breaches after the event.

Fey echoed yesterday's words about Intel's influence on the company's forward planning, saying this new dedication to real time will mean McAfee is "going to have to force ourselves to innovate more over the next three years more than the last ten. And that's our commitment."

The move seems to be good news for other security vendors, however. Acknowledging that a wide-reaching security network may require bringing in third parties to offer ‘best in breed' packages to enterprise customers, Fey admitted that McAfee decided a while ago it was "time to open this up", and operate less in "silos" both internally, as product planning teams, and externally with other vendors.

"We've started down the path of working with partners for some time," said Fey.

"Our programme is quite large. You don't wake up one morning and decide ‘Hey let's start integrating'. It takes time to get it right; it takes practice."