One of the oldest names in security is a standalone company again today after the new-look McAfee LLC with a new owner opened its doors.
The spin-off from Intel, with controlling shareholder TPG Capital taking the lead, became official this morning, with CEO Chris Young promising customers “cybersecurity outcomes, not fragmented products.”
However, the product line is still the same and, at least for the time being, its strategy is too.
What’s new, besides the logo, is a motto: “Together is Power.”
“It means the only way we’ll win at cybersecurity is by bringing many things together,” said worldwide CTO Steve Grobman in an interview. “It’s about combining technologies, its about combining capabilities from not only McAfee but also its partners, and its about getting our capabilities to work together. We recognize that bad actors work together to plan their attacks, we need to make sure from an industry and technology perspective we’re putting pieces together to mount the strongest defence.”
Unlike being part of a semiconductor company, now McAfee will be “focused 100 per cent on cyber security and cyber defence.”
Whether that will be enough to convince CISOs to pay more attention to its products is a question.
In 2010 when Intel bought McAfee for US$7.7 billion there were arguments that it made sense: Intel wanted to diversify, and how could a security acquisition be wrong?
Well, for one thing the acquisition wasn’t a tight fit with the new parent. For another, with security demands as changeable as attack methods security companies have to be nimble. Even Grobman admitted that a semiconductor company that has to churn product out on a stable cadence is different from a division with an ever-changing threat landscape.
McAfee’s product portfolio had also grown too widely, which led to the abandonment of its next-generation firewalls and email security products. In 2014 the division’s name was changed to Intel Security, only to have the McAfee name brought back when sale was announced last fall.
“When you look at McAfee over the past few years they depleted their portfolio with a lot of sell-offs,” said Jeff Pollard, an enterprise security analyst at Forrester Research. “They also had products that languished, weren’t innovated upon they way they need to be for them to remain competitive in the market. So CISOs want to know if this company is going to invest in the products and in R&D to be a worthwhile [enterprise] investment.”
While he doesn’t think the brand was been damaged during the Intel years – and Forrester admits some moves, including acquisitions, were smart – Pollard said it is “frightening” that the company says its strategy hasn’t changed since its 2015 road map announcement. “Part of being spun out really should give them is the ability to completely adjust their strategy,” said Pollard.
Grobman sees it differently. The strategy meant McAfee moved from one of a broad range of products breadth to focusing on threat defence, he said, which is why it dropped a mobile device management solution and a one-time password generator, among other products. “We realized what our customers need more than anything, and the thing we have the best ability to lead the industry around, is threat defence … It’s all about preventing attacks, but also providing tools and technologies to detect breaches if they occur and helping orchestrate a response, getting a company back to a known good state.”
Nor, he said, is the company standing still. It’s focused on building out products and product strategy, he said, including management of enterprise security technology. In particular he pointed to McAfee’s recently open-sourced OpenDXL security bus and fabric, a data exchange layer that enables connectivity to security products from other vendors.
“I worked with McAfee [as an Intel official] before the acquisition as a customer partner and I’ve been with McAfee for five years and this is the strongest I’ve seen the product portfolio in all of that time. I think part of the reason is because of the focus we put in 18 months ago.
“I do think we have some challenges in getting many of our customers on the latest versions of our product. Its one of the phenomenon we see in many IT supplier business is you have customers that don’t necessarily see the need to upgrade on a year-by-year basis” … which means if it goes on too long they can be “very much out of date.”
“But if you look at our current offerings they are world-class. In many cases we have features within the portfolio that essentially are the entire business of other companies. For example our endpoint defence product (ENF 10.5) has a combination of signature defence, machine learning, artificial-intelligence based malware assessment for pre-execution, cloud based behaviour analysis built around a machine learning back end, and a de-privledged sandbox capability that if you don’t have confidence that an executable should be fully trusted it limits the damage it can do to a system.
“So I would assert we are in a far better technical position than we’ve ever been, and we have confidence that we can move event faster under this new structure.”