John Viega Vice President and Chief Security Architect for McAfee, helps shape the technical directions for the company’s products and, among other things, he is also a well known security expert and cryptographer.
He believes the next year will see variations of current threats, rather than witness the emergence of new and unknown ones. But, as Viega explained, McAfee will also direct its time to addressing big business problems that enterprise customers face.
“A lot of them [risks] have to do with compliance. We just did two acquisitions that can support that piece of it. One being a company, Citadel, and the other being a company out of Israel, Onigma.
“Citadel is a compliance management/vulnerability management product and Onigma a compliance product that focuses on data leakage prevention, making sure that sensitive information doesn’t inadvertently leave your network,” explained Viega.
The acquisitions cost McAfee a total of approximately US$80 million and they all occurred in the latter months of the year -- a true signal that McAfee is geared up to take action in 2007.
Gaining the required technology was a necessary step for McAfee to expand its knowledge and capability in the fast-growing compliance and risk management market. However, as Viega described, there’s only one key step remaining: to integrate the technologies into a single unified product that provides companies with better operational efficiency.
“We’re integrating [risk management and compliance capabilities] into one console and layering on top a bunch of additional value in terms of prioritisation of problems.
“There is a couple of point products in the market, but they generally sit on the network and try to prevent data coming off the network, but if you take your laptop home you can still accidentally let your data leak out,” said Viega.
“In the next year, you’ll see us tick the new technologies we’re acquiring, put them in the same environment so you’ll be able to push out data leakage prevention to every machine on your network and manage it centrally, without the people who run machines really doing anything.
Viega explained that the two acquisitions this year helped bring forward the required components for a functional and comprehensive protection package.
“The two things that you really can do is policy management -- that’s what we’re doing with the Citadel product. And then for the data leakage problem, that’s directly compliance driven, which is more about preventing disclosures,” he said.
The technology will with no doubt gain momentum in the coming months, not only from McAfee but from security vendors all round, but are CIO’s aware of the regulations the technology is built for? Viega said the US has had the regulations in place longer than other developed countries, but users were initially confused.
“The regulations have been in place and it’s just taken a while for people to figure out how they’re going to deal with it and for the technology… to mature to the point where they’re actually addressing a need in a cost effective way.
“For example, if you’re in the state of California or plenty of other states you have to disclose to any customer that you lost their personal data… that somebody stole it,” said Viega.
McAfee’s next step for 2007 is to create better threat intelligence services that will help users establish risks and automatically mend breaches, explained Viega.
“For instance, we can look at a network and say here is a new worm, it doesn’t apply to your network because you already had a proactive signature that prevented against it.
“Or we could similarly say, hey you’ve got this problem, it’s a high risk problem because it affects 10 percent of your users and you don’t have any mitigations in place for them,” said Viega.
On another note, Viega explained that enterprises are actively tackling security and compliance issues, however, SMBs continue to lag behind.
“Large enterprises are generally on top of the regulatory environment in which they live, it’s the SMB where they may not have enough hours in the day to really be aware of new responsibilities. That’s certainly a challenge.”
Interview with John Viega, Vice President, McAfee Inc
By Negar Salek on Nov 27, 2006 2:40PM