The acquisition of McAfee by Intel makes a very important statement when you view it in the context of the future of network security.
To most observers, McAfee
means antivirus software.
It's one of the big AV companies that have been
around since the birth of malware, and it competes well against market leader
Symantec. For people who think computer security is really just about this
acquisition of McAfee by Intel doesn't make a lot of sense.
But in reality,
Intel didn't buy McAfee just so it could have its own PC-based security
software. If that's all Intel wanted, it could simply license it.
But what most analysts are missing is that there's a huge, and rapidly
growing, universe of network-connected devices that are quite simply unprotected:
a wide range of products from network-connected
printers to Internet-aware security systems in buildings.
These devices can
be cell-phone switching systems, power grid controllers and HVAC systems, and
they can also be network-equipped television sets, video disc players and DVRs.
There are even network-equipped kitchen appliances. And we haven't gotten to
the mobile devices that people carry around, such as iPods, smartphones and GPS
At first glance, it's hard to see how these network-attached devices could
threaten your enterprise, but on further inspection, networked devices are
perhaps the single greatest area of risk in security today. Perhaps more
importantly, their presence is growing very quickly. They are, in a sense, a
fallow field just waiting for a crop of malware.
I was reminded of the nature of this threat when I was at Best Buy a couple
of weeks ago shopping for a new television set. My old rear-projection set had
given up the ghost (that's a technical term for "being broken") and
rather than spend more than it was worth getting it fixed, I decided that the
time had come for something bigger, better and without the complexity of older high-definition
What I hadn't expected was the flood of new consumer electronics that have
reached the market lately boasting network connectivity. Every major vendor of
televisions featured 802.11n wireless connectivity on some models, and some had
wired Ethernet as well. There were network-aware Blu-ray players in all price
ranges. Each of these devices included the ability to browse for video content,
which of course meant that each contained a Web browser. None, as far as I
could tell, included any sort of security.
The same thing is true of network-aware devices in the office. Nearly every
printer intended for the business environment is network-capable. Fax machines
come with Ethernet connections these days. And of course employees at all
levels are using their office computers to charge and sync their mobile
devices. Almost none of these has any sort of security. The only reason I can
think of that these devices haven't been used as malware vectors is that the
criminals who create malware haven't gotten around to it. But there will come a
time when some devices reach a critical mass, and-because of the unique
vulnerability of these devices-start serving up attacks against your network or
This unique vulnerability of network devices doesn't lie so much in their
design as in how they're used. Ask yourself whether you'd even notice if your
Blu-ray player were flooding the Internet with malware packets. And if you
noticed strange activity, would you know what to do about it? In some ways the
threat posed by mobile devices is even worse since they have a more direct
connection to the Internet. Would you know if your iPhone were acting as a
zombie on a botnet? The most you might notice would be somewhat shorter battery
life. And of course you'd notice the huge AT&T bill for data use, but by
then it would be too late.
And if you think the picture is bad now, think about next year and the year
after. As time passes, network-equipped devices will begin to multiply. In a
year or two they will be ubiquitous. In addition to being ubiquitous, they will
be unprotected. This
is the future that Intel sees,
and it's why the company bought McAfee.
As nice as it might be to have a profitable business selling AV software, it
will be a lot nicer for Intel to have the in-house expertise to create
hardware-based security for as many of those network-equipped devices as it can
supply network interfaces for. And remember that one of Intel's big products is
a line of wired
and wireless Ethernet interfaces.
Providing an interface with built-in
security would be a real differentiating factor that could help Intel gain
market share in the non-PC world, and this is the part of the industry that's
growing the fastest.
Now imagine one more step. Once there's a vast universe of hardware-based
security, there needs to be a way to update that security, since a static
solution won't be useful forever. Because these devices are already connected,
all Intel and McAfee need to do is create an ecosystem of device updating and
reporting that not only keeps the protection current but also reports on
emerging threats, much as McAfee's current computer security products do.
this happens, you've got a subscription model that's groundbreaking, while also
providing a significant level of protection for the Internet at large.