McAfee says it's developing a product it calls "Threat Intelligence Exchange," which it expects to introduce by mid-year as a core means to garner information about cyber-attacks and response for the enterprise.
Threat Intelligence Exchange is described as a "messaging framework" that would initially collect information about Windows-based endpoints in the enterprise and whether they had been compromised, identify patterns and allow for a rapid "immunization" of assets. According to Brandon Rogers, McAfee senior vice president of product solutions and marketing, it will include a client add-on agent for McAfee's anti-malware software that could be deployed via McAfee ePolicy Orchestrator management console. There will also be a server-based Threat Intelligence Exchange component that will work as a VMware-based virtual-machine that could reside in the organization's data center to centrally collect the wide variety of contextual information related to threats.
The messaging framework from McAfee will initially be oriented toward collecting and orchestrating response from only McAfee products, including intrusion-prevention systems, anti-virus and Web gateways, says Rogers. Much remains to be known about Threat Intelligence Exchange, but it is being tested by AT&T, and the senior IT security manager there, Chet Black, indicated he thinks it will dramatically reduce the time from when a cyberthreat is encountered to its containment.
In terms of the security messaging framework, Jon Oltsik, senior principal analyst, Enterprise Strategy Group, said McAfee is "thinking in terms of information security middleware so different applications/services can exchange data, adhere to common policies, and automate policy enforcement." He adds it's similar to the way middleware might work in a message bus in enterprise applications or transaction processing.
At this early stage, it's unclear what Threat Intelligence Exchange might be compared to, but possibly Cisco's Platform Exchange Grid or the IF-MAP concept from the Trusted Computing Group, says Oltsik.
But will McAfee be proposing some sort of security messaging standard when it introduces Threat Intelligence Exchange around mid-year? That's not expected, though McAfee is leaving the door open for third-party product integration, possibly with McAfee's closest vendor partners, such as those in the McAfee Security Alliance Partner program.
Oltsik indicated he's hopeful there will be openness to standards and third-party integration in the future in all this, saying too many vendors "try to play the proprietary game" which proves an obstacle to product integration.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: [email protected]