Pat Calhoun is the Senior Vice President & General Manager, Network Security, at McAfee. In this interview he talks about constructing the strategic direction for McAfee’s Network Security business, he defines the Next Generation Firewall of the future, and much more.
How is the fast-paced threat landscape shaping the network security business?
Recent high-profile data breaches at major retailers and financial institutions remind us that security is a moving target, as attackers relentlessly raise the bar for what qualifies as adequate protection. It’s clear that point-security solutions, and even layered solutions are not enough to keep increasingly well-armed and organized cyber criminals out of corporate networks.
What’s needed are products that function as integral parts of a much broader ecosystem of anti-threat solutions and information, both ingesting and distributing critical updates. So called “connected” security solutions should be able to share threat intelligence seamlessly across organizational and network boundaries – from the network edge, from all remote and branch offices and locations, and from within the network itself.
What have been the major changes in the last few years?
The impact of advanced threats on the security landscape is evident in the proliferation of point-security solutions. As new threats emerge, organizations and service providers are compelled either by customers, regulations, or internal concerns, to add new protections. All too often, these “bolt-on” defenses do not communicate information about new attacks with each other, resulting in a “Keystone Cops” style of response with duplication of effort, wasted time, and unnecessary data breaches.
Determined criminals will launch attacks against multiple network entry points. If other security solutions and network administrators aren’t informed of these attempts, criminals are free to continue trying all doors one by one until they discover a vulnerability to exploit.
What challenges are you facing in your current position that you haven’t experienced while working for Cisco or Airespace?
The sophistication and speed of attacks has increased dramatically in the three years since I was at Cisco. Today, the concept of a single-purpose security appliance is really no longer relevant. The only way to meaningfully increase security postures is to improve sharing of real-time, actionable threat intelligence between security solutions located across the entire network.
While I was at Airespace, the hacking techniques we were addressing were not nearly as advanced and primarily involved accessing private Wi-Fi networks. Following some early data breaches of this type, such as TJ Maxx, a whole slew of Wi-Fi defense technologies and countermeasures were developed.
How have those positions prepared you for the task of constructing the strategic direction for McAfee’s Network Security business?
At Airespace we learned to be nimble and highly responsive to new threats and changes in the security marketplace. We also realized the important role that security management solutions play in coordinating a strong defense posture. At Cisco I learned the power of enabling coordination between network IT and security departments. Since security threats ultimately impact both departments, they should have equal access to the information needed to tackle problems and strengthen defenses.
What defines the Next Generation Firewall of the future?
Connected solutions should work in concert, providing protection against the latest threats for the entire network environment. Because of its role as an active sentry at the network edge, core, and in the datacenter, the connected next-generation firewall (NGFW) is very important to the security fabric. It should be able to receive and act on the latest threat information from around the globe, as well as from other local and distributed security solutions.
Additionally, next-generation firewalls should not become a bottleneck when protections such as deep packet inspection, antivirus and virtual private networking are enabled. All too often, network administrators are tempted to disable critical security features they’ve paid for just to improve network throughput.
Will advanced behavior analytics help with the increase of highly targeted threats?
Yes. However, we must remember that analytics are only as good as the information they are based upon. This is precisely why a connected security architecture is so crucial. Accurate and timely information is needed from all security sensors in your network, such as IPS and NGFWs, in order to formulate accurate responses to threats, and to minimize false-positives. Efficient workflow analytics are also important for fast troubleshooting and identifying trends when conducting forensics.