In June, McAfee and Cisco teamed up on email security, integrating two products the companies claim can detect highly camouflaged threats disguised as email attachments. At the time, DJ Long, head of the McAfee Security Innovation Alliance (SIA), said other security integrations with Cisco were in the works.
The new collaboration creates what McAfee and Cisco call the “industry’s largest open security fabric.” It integrates McAfee’s Data Exchange Layer (DXL), which allows communication between endpoints on a network and across multiple vendors’ products, with Cisco’s Platform Exchange Grid (pxGrid), a similar cross-platform network system.
The two fabrics, which have close to 100 integrated partners between them, now work together to share threat event context across vendors’ security products. The interoperability allows customers to set automated policies across the two security grids to respond to potential threats.
“This is huge,” said Steve Grobman, CTO at McAfee. “It gives complete access to the entire pxGrid ecosystem from a McAfee environment or viceversa.”
McAfee open sourced DXL a year ago through the OpenDXL initiative.
New McAfee Security Products
Additionally, the company launched two new security products. The McAfee Investigator allows security analysts to assess and respond to threats in less time using machine learning and artificial intelligence.
“If you think about a SOC [security operations center] environment, there’s a tremendous amount of data,” Grobman said. The new product allows analysts to focus on the most significant threats by using advanced analytics to automatically collect, piece together, and visually present suspected attack intelligence.
“You’re not going to have the level of specificity from the initial alerts, but what McAfee Investigator does is allow you to pivot off of an initial alert and find whether an incident is high-impact, and if it is, what the specifics are,” Grobman said. “This gives you the next level of tools to identify the situation in a much more rapid period of time, and build a remediation or containment plan to prevent it from causing additional harm.”
The second new product provides better visibility into hybrid cloud environments. Cloud Workload Security supports Amazon Web Services (AWS) and Microsoft Azure, Grobman said. “It makes cloud workloads a first-class citizen in the way that we think about defending a modern organization. It will do things like automatically discover new cloud workloads that have been spun up or have been removed.”
Additionally, the company also added capabilities to its endpoint security products, including deep learning to improve decision making and threat assessment. It also added pre- and post-execution machine learning. This means the software reviews files using machine learning both before and after they execute, gaining knowledge with new data and increasing threat protection.