Managing the threat landscape

Not surprisingly, the news isn’t good. Malware is growing at an
exponential rate and cybercriminals are better organized than ever
before. The problem is so staggering, most people probably aren’t even
aware of how vulnerable they are. Not that DeWalt is deterred. His
company is working on solutions that should help users, both corporate
and consumer, avoid the worst of it. DeWalt spoke to Canadian Security
about advanced encryption standards, cloud computing, and how mobile
devices have changed the way we think about malware.

CSM: Why did you make a stop in Ontario?

Dave DeWalt: I was hoping to see the Maple Leafs, but they didn’t make
the playoffs (laughing). No, I’m here for a number of reasons . . .
first and foremost a number of customer and partner events that we have
going on here. We’re doing a security seminar. We’ve had well over 100
customers come, as well as our partners. I did a keynote talking about
McAfee’s vision and trends in the marketplace.
We have a large development centre near Toronto in Waterloo and it does
all our development operations for our consumer business. It gave me a
chance to meet the employees, do a tour and meet some customers too.

CSM: What are you doing as a company to address growth in malware and the continuing rise of cybercrime?

DD: One of the things that I talked to (in my keynote) was some of the
startling trends occurring in the marketplace, most notably around the
amount of malware we’re seeing and the sophistication of cybercrime and
cyberterrorism. We have a chance at McAfee to see a lot of trends that
are happening with malware. In the last year, we’ve seen an exponential
increase in malware. In fact, in 2007, 40 per cent of the malware that
was ever produced in history was produced last year. On average last
year, we saw 372 net new malware pieces every day. We’re estimating
we’ll see  more than 750 (a day) ”“ almost twice that of 2007. It’s a
pretty amazing problem. The reality is, it’s accelerated so
dramatically in the last two years, we are in a pretty challenging
environment ”“ and then when it’s coupled with the amount of cybercrime
that goes along with that, it’s become a daunting problem. We’re seeing
pandemic-type scenarios.

CSM: When the growth rate is so alarming, how do you try to stay one step ahead?

DD: We’ve created a global framework for research ”“ our AVERT labs.
Initially, that stood for anti-virus emergency response team, but it
evolved into research labs that are stationed all over the world that
become the early warning for major problems that the world is facing.
In some cases, they receive thousands of samples a day ”“ from consumers
and corporations who have been infected with something. Our labs
process them and then they write signature files or DAT files to
distribute back out, creating immunities to these problems.

In Waterloo, for example, we have researchers connecting with Canadian
samples, just like we do in the U.S. and Japan and China and Europe.
They have the ability to process them, manage them and ultimately
resolve them for their local countries.

CSM: Most people have decent spam filters on their email, so they’re
not always aware of the amount of spam or viruses out there. Does that
create a false sense of security?

DD: Spam is an interesting problem. What we’re talking about is the
adware market, which is generally perceived to be spammers. The way
viruses were once transmitted, either through email or through physical
kinds of mechanisms ”“ one computer at a time ”“ has changed dramatically
with the advent of virtualization, the Web and mobile computing. It’s
changed a lot. We see a lot of different threats. It used to be, “Hey,
I’ve got a virus on my computer.” But now, it’s “Somebody’s watching
everything I’m doing on my computer.”

CSM: If you were talking to an IT manager or security manager in a company, what would your advice be?

DD: It’s a little different depending on the size of the corporation.
Obviously, larger corporations already have a lot of security
infrastructure. Part of our value proposition has been to reduce the
complexity while giving a higher protection/lower cost model. In the
past, a lot of people have been trying to solve problems by throwing a
lot of different vendor products at them. Over time, that creates even
more complexity and bigger cost. So it’s a different problem for the
enterprise.

For smaller companies and start-ups, there’s a series of technologies
that can be on the premises as well as in the cloud. What I mean by “in
the cloud” is security as a service. If I was looking to solve this
problem today, I would look at technology that offered me a fast model
to solve my security problems, which is something enterprises can’t
always do but smaller companies can. For example, McAfee, as well as
some of our rivals, has a very advanced capability as a service online
that can automatically scan, remediate as well as immunize small
businesses from problems. In our case it’s TOPS for small businesses
(total protection suite).

CSM: Last year you bought a company called SafeBoot, which offers
encryption products. How do you plan to incorporate that technology
into your existing security software?

DD: SafeBoot has been a very strong asset for us already. SafeBoot
focuses on a market segment called data protection: full disk
encryption, file encryption . . . Think of your laptop as a
vulnerability in that if you lost your laptop, someone could pull the
disk out and get everything on the disk. What this technology enables
you to do is encrypt the entire drive and make that drive useless
through what’s called 512 AES (advanced encryption standard)
encryption, which has never been broken. It prevents data loss or data
theft.

This has been important for legislation that been administered around
the world for PCI (payment card industry). PCI has produced a certain
set of mandates that requires anybody who has access to consumer data ”“
like credit cards or social security numbers ”“ to report it, and they
have to notify every consumer of the loss of data. Sometimes it can be
very embarrassing and involve penalties and fines. [Editor’s note: the
Information and Privacy Commissioner of Ontario created standards for
encryption following the loss of a laptop last year belonging to a
Toronto physician which contained 3,300 patient records.]

The technology from SafeBoot helps companies adhere to PCI compliance
as well as prevent data theft. This has been a vast, growing market for
us. We’re advancing it into a whole suite of products we’re calling
TOPS for data. It’s a fascinating area.