Cisco and McAfee teamed up on email security, integrating two products the companies claim can detect highly camouflaged threats disguised as email attachments. These emails can be an entry point to introduce malware into telecommunications networks.
Integrating Cisco’s Email Security Appliance (ESA) and McAfee’s Advanced Threat Defense (ATD) improves enterprises’ security against zero-day threats, said DJ Long, head of the McAfee Security Innovation Alliance (SIA).
“The area that has the greatest exposure to creative threat vectors that try to penetrate enterprises tends to be email — phishing attacks or attacks that occur like WannaCry,” Long said. “Everything we fear in an enterprise environment can be delivered through email. Steps like this can help make it a safer environment.”
Some 224 new threats happen every minute — or four threats every second — according to the June 2017 McAfee Labs Threats Report.
The email security integration works like this: When ESA receives an email attachment that it’s never seen, it sends the file to McAfee ATD for inspection. McAfee ATD then runs the file in its sandbox — this is a security mechanism for separating running programs. It also conducts a static code analysis to determine a severity level.
After making its determination, McAfee ATD sends this over to ESA, and ESA takes the appropriate action, such as killing the file.
More Cisco-McAfee Security to Come
Other security integrations with Cisco are in the works.
“This is the beginning of what we believe is going to be a long-term and mutually beneficial partnership,” Long said. The two companies will announce additional products “in the near term” that will be available by the end of the fiscal year, he added.
“Areas include their NAC [network access control] products,” Long said. “We have a range of endpoint integrations that are certainly of interest to us as well. We started with email gateways because we had customer demand for it and so did they.”
The partnership comes as both Cisco and McAfee are among the tech giants that reportedly allowed Russia to review their security products’ source code in order for Russia to permit their products into the country. However, providing Russian officials an opportunity to find vulnerabilities in the products could also make it easier for Russia to hack into U.S. networks.