IDF 2011: Intel unveils first fruits of McAfee acquisition

IDF 2011 logo

McAfee has stepped up the fight against cyber criminals by tapping into the power of hardware rather than just focusing on software-based defences.

The security giant, which was acquired by Intel for $7.68 billion in August last year, took the wraps off the technology dubbed DeepSAFE at the Intel Developer Forum in San Francisco.

As the bad guys continue to circumnavigate security software such as firewalls and antivirus protection, those wishing to keep their data safe need to fight back. But using the same weapons of old is no longer viable, or won't be in the long term, according to the two companies.

With the DeepSAFE technology platform, we're actually able to protect our customers and save them time and money.

By opting for a hardware-related approach and utilising features already present in Intel processors, threats residing beneath the operating system can be tackled in real-time before they affect consumer or business machines and cause any damage, according to McAfee. This approach will be particularly useful in combating rootkit attacks, the company claims, adding that it estimates there are currently 1,200 new rootkits detected on daily basis.

What we think...

As a means of securing the software layer from the hardware layer, it's a good approach. Trend Micro has tried doing this before, and various BIOS builders have also built in capabilities to prevent root kits and so on. Indeed, Intel itself has stuff in the trusted computing platform that should do stuff like this.

One of the biggest issues though is if a false positive is flagged - such an approach is almost impossible to override. So a critical piece of software may not be installable.

For Intel, the biggest issue it has to worry about is that whatever it does at the silicon level with McAfee has to be open and something that others can also do otherwise the DoJ will jump down its throat on an anti-compete charge.Clive Longbottom, founder, analyst firm Quocirca

"Many attacks are triggered when we launch a video or an application from one of our favourite sites. Often, users will see a warning that they click on through and ignore it," said Candace Worley, McAfee's senior vice president and general manager of Endpoint Security, as she demoed the technology in action.

While in beta now, the first DeepSAFE products are expected to hit the market this year, most likely initially focused on enterprise protection.

"Let's take a look at a system that's actually running the DeepSAFE technology. Here, running on top of DeepSAFE is beta software for a soon-to-be-announced product from McAfee that will do kernel node rootkit prevention," she added.

"Once again, the user clicks through the warnings and unknowingly installs the Agony rootkit. But, because the DeepSAFE technology and beta software is used, utilising the VT technology from Intel, we actually recognise the rootkit as it attempts to load into memory and we block the attack in real-time."

"With the DeepSAFE technology platform, we're actually able to protect our customers and save them time and money," Worley concluded.

CPU events can be monitored in real-time using the technology, which will also remove the hiding place for some of today's threats, meaning the currently undetectable becomes detectable and resolvable.

"2011 might be the year the industry got serious about security," Paul Otellini, Intel's chief executive, said during his keynote speech at IDF. "Intel has been serious about security for a long time Smartphones and tablets are not immune [from the threats]."

Alex Thurber, McAfee's senior vice president of worldwide channel operations took to Twitter to shout about the good news for its partner ecosystem.

"It is a new world of opportunity for our security partners," he tweeted. Indeed, Intel's Otellini highlighted the openness of the collaboration and the fact the virtualisation tech's APIs would be made available to others.

Maggie Holland

Maggie has been a journalist since 1999, starting her career as an editorial assistant on then-weekly magazine Computing, before working her way up to senior reporter level. In 2006, just weeks before ITPro was launched, Maggie joined Dennis Publishing as a reporter. Having worked her way up to editor of ITPro, she was appointed group editor of CloudPro and ITPro in April 2012. She became the editorial director and took responsibility for ChannelPro, in 2016.

Her areas of particular interest, aside from cloud, include management and C-level issues, the business value of technology, green and environmental issues and careers to name but a few.