McAfee has squeezed out the first product based on its DeepSAFE technology, created in collaboration with owner Intel.
Called McAfee Deep Defender, it is capable of detecting “nearly all kernel-mode malware,” according to McAfee and should be hugely useful to IT departments concerned about stealthy rootkits.
The DeepSAFE technology was announced at IDF 2011. Many expected such sub-operating system security to come out of Intel’s acquisition of McAfee.
“Together, McAfee and Intel are rethinking the entire approach to security and McAfee Deep Defender is a proof point of how security is changing to provide a new level of protection,” said Renee James, Intel senior vice president and general manager of the software and services group.
“We are working to ensure users have an engaging, secure and productive computing experience across all Intel platforms using McAfee technologies. Security is one of the top concerns to organisations of all sizes and industries. It is essential that computing is protected against intrusions from security breaches and malware in more effective ways.”
The technology comes with CPU and memory monitoring, allowing administrators to see what is going on below the OS. In particular, it should give IT teams the ability to spot nasty rootkits.
According to McAfee, the product will “report, block, quarantine and remove known and unknown stealth techniques attempting to load in memory.”
For suspected unknown threats – otherwise known as zero-day threats – Deep Defender sends a “fingerprint code” off to the McAfee Global Threat Intelligence network for analysis.
Administrators will be able to watch over all the action via the ePolicy Orchestrator console, which should soon benefit from recently-acquired NitroSecurity technology.
“The bad guys are getting smarter about hiding malware, but they can’t hide it when interacting with the hardware, memory or operating system. We can now detect these interactions, and provide an unprecedented level of protection,” said Todd Gebhart, co-president of McAfee.
The general industry opinion of the sub-operating system model is that it is the future of security. However, Intel and McAfee will have to open up the model so other security vendors can join the market. Intel chips are found in around 80 per cent of PCs being used today.
Got the city on lock down
McAfee has also launched ePO Deep Command, which gives administrators the ability to remotely patch systems, even if they are turned off.
Using Intel’s Active Management Technology, IT teams can switch computers on and off to execute security tasks, or simply to implement green IT policies.
“McAfee ePO Deep Command enables security administrators to quickly respond to disabled PCs with a remote call for help functionality to ensure proper security is in place to protect against today’s fast propagating threats,” said Brian Foster, senior vice president of product management at McAfee.