Security as a service

Not surprisingly, the news isn’t good. Malware is growing at an
exponential rate and cybercriminals are better organized than ever
before. The problem is so staggering, most people probably aren’t even
aware of how vulnerable they are. Not that DeWalt is deterred. His
company is working on solutions that should help users, both corporate
and consumer, avoid the worst of it. DeWalt spoke to Canadian Security
about advanced encryption standards, cloud computing, and how mobile
devices have changed the way we think about malware.

CSM: Why did you make a stop in Ontario?

Dave DeWalt: I was hoping to
see the Maple Leafs, but they didn’t make the playoffs (laughing). No,
I’m here for a number of reasons . . . first and foremost a number of
customer and partner events that we have going on here. We’re doing a
security seminar. We’ve had well over 100 customers come, as well as
our partners. I did a keynote talking about McAfee’s vision and trends
in the marketplace.
We have a large development centre near Toronto in Waterloo and it does
all our development operations for our consumer business. It gave me a
chance to meet the employees, do a tour and meet some customers too.

CSM: What are you doing as a company to address growth in malware and the continuing rise of cybercrime?

DD: One of the things that I
talked to (in my keynote) was some of the startling trends occurring in
the marketplace, most notably around the amount of malware we’re seeing
and the sophistication of cybercrime and cyberterrorism. We have a
chance at McAfee to see a lot of trends that are happening with
malware. In the last year, we’ve seen an exponential increase in
malware. In fact, in 2007, 40 per cent of the malware that was ever
produced in history was produced last year. On average last year, we
saw 372 net new malware pieces every day. We’re estimating we’ll see
more than 750 (a day) ”“ almost twice that of 2007. It’s a pretty
amazing problem. The reality is, it’s accelerated so dramatically in
the last two years, we are in a pretty challenging environment ”“ and
then when it’s coupled with the amount of cybercrime that goes along
with that, it’s become a daunting problem. We’re seeing pandemic-type
scenarios.

CSM: When the growth rate is so alarming, how do you try to stay one step ahead?

DD: We’ve created a global
framework for research ”“ our AVERT labs. Initially, that stood for
anti-virus emergency response team, but it evolved into research labs
that are stationed all over the world that become the early warning for
major problems that the world is facing. In some cases, they receive
thousands of samples a day ”“ from consumers and corporations who have
been infected with something. Our labs process them and then they write
signature files or DAT files to distribute back out, creating
immunities to these problems.
In Waterloo, for example, we have researchers connecting with Canadian
samples, just like we do in the U.S. and Japan and China and Europe.
They have the ability to process them, manage them and ultimately
resolve them for their local countries.

CSM: Most people have decent
spam filters on their email, so they’re not always aware of the amount
of spam or viruses out there. Does that create a false sense of
security?

DD: Spam is an interesting
problem. What we’re talking about is the adware market, which is
generally perceived to be spammers. The way viruses were once
transmitted, either through email or through physical kinds of
mechanisms ”“ one computer at a time ”“ has changed dramatically with the
advent of virtualization, the Web and mobile computing. It’s changed a
lot. We see a lot of different threats. It used to be, “Hey, I’ve got a
virus on my computer.” But now, it’s “Somebody’s watching everything
I’m doing on my computer.”

CSM: If you were talking to an IT manager or security manager in a company, what would your advice be?

DD: It’s a little different
depending on the size of the corporation. Obviously, larger
corporations already have a lot of security infrastructure. Part of our
value proposition has been to reduce the complexity while giving a
higher protection/lower cost model. In the past, a lot of people have
been trying to solve problems by throwing a lot of different vendor
products at them. Over time, that creates even more complexity and
bigger cost. So it’s a different problem for the enterprise.
For smaller companies and start-ups, there’s a series of technologies
that can be on the premises as well as in the cloud. What I mean by “in
the cloud” is security as a service. If I was looking to solve this
problem today, I would look at technology that offered me a fast model
to solve my security problems, which is something enterprises can’t
always do but smaller companies can. For example, McAfee, as well as
some of our rivals, has a very advanced capability as a service online
that can automatically scan, remediate as well as immunize small
businesses from problems. In our case it’s TOPS for small businesses
(total protection suite).

CSM: Last year you bought a
company called SafeBoot, which offers encryption products. How do you
plan to incorporate that technology into your existing security
software?

DD: SafeBoot has been a very
strong asset for us already. SafeBoot focuses on a market segment
called data protection: full disk encryption, file encryption . . .
Think of your laptop as a vulnerability in that if you lost your
laptop, someone could pull the disk out and get everything on the disk.
What this technology enables you to do is encrypt the entire drive and
make that drive useless through what’s called 512 AES (advanced
encryption standard) encryption, which has never been broken. It
prevents data loss or data theft.
This has been important for legislation that been administered around
the world for PCI (payment card industry). PCI has produced a certain
set of mandates that requires anybody who has access to consumer data ”“
like credit cards or social security numbers ”“ to report it, and they
have to notify every consumer of the loss of data. Sometimes it can be
very embarrassing and involve penalties and fines. [Editor’s note: the
Information and Privacy Commissioner of Ontario created standards for
encryption following the loss of a laptop last year belonging to a
Toronto physician which contained 3,300 patient records.]
The technology from SafeBoot helps companies adhere to PCI compliance
as well as prevent data theft. This has been a vast, growing market for
us. We’re advancing it into a whole suite of products we’re calling
TOPS for data. It’s a fascinating area.