IDF 2011: Intel unveils first fruits of McAfee acquisition

gallery

McAfee has stepped up the fight against cyber criminals by tapping into the power of hardware rather than just focusing on software-based defences.

The security giant, which was acquired by Intel for $7.68 billion in August last year, took the wraps off the technology dubbed DeepSAFE at the Intel Developer Forum in San Francisco.

As the bad guys continue to circumnavigate security software such as firewalls and antivirus protection, those wishing to keep their data safe need to fight back. But using the same weapons of old is no longer viable, or won’t be in the long term, according to the two companies.

With the DeepSAFE technology platform, we’re actually able to protect our customers and save them time and money.

By opting for a hardware-related approach and utilising features already present in Intel processors, threats residing beneath the operating system can be tackled in real-time before they affect consumer or business machines and cause any damage, according to McAfee. This approach will be particularly useful in combating rootkit attacks, the company claims, adding that it estimates there are currently 1,200 new rootkits detected on daily basis.

“Many attacks are triggered when we launch a video or an application from one of our favourite sites. Often, users will see a warning that they click on through and ignore it,” said Candace Worley, McAfee’s senior vice president and general manager of Endpoint Security, as she demoed the technology in action.

While in beta now, the first DeepSAFE products are expected to hit the market this year, most likely initially focused on enterprise protection.

“Let’s take a look at a system that’s actually running the DeepSAFE technology. Here, running on top of DeepSAFE is beta software for a soon-to-be-announced product from McAfee that will do kernel node rootkit prevention,” she added.

“Once again, the user clicks through the warnings and unknowingly installs the Agony rootkit. But, because the DeepSAFE technology and beta software is used, utilising the VT technology from Intel, we actually recognise the rootkit as it attempts to load into memory and we block the attack in real-time.”

“With the DeepSAFE technology platform, we’re actually able to protect our customers and save them time and money,” Worley concluded.

CPU events can be monitored in real-time using the technology, which will also remove the hiding place for some of today’s threats, meaning the currently undetectable becomes detectable and resolvable.

Email to a friend

Print this page