McAfee announced its first major products since being acquired by Intel: Deep Defender and Deep Command, which protect computers using DeepSAFE hardware-based technology.
McAfee announced two new products based on the DeepSAFE technology
which protects user computers from sophisticated malware that attacks
the hardware level.
Deep Defender and Deep Command platforms will allow security
tools to run at the processor level, McAfee said at the McAfee Focus 11
conference on Oct. 18. The announcement was made during McAfee
co-president Todd Gebhart's opening keynote.
Deep Defender protects the endpoint by using hardware-assisted security
tools to monitor system activity and detect kernel malware, Gebhart
said. Running the tools below the operating system will make it
possible to detect rootkit infections and other attacks that target
hardware, according to the company.
Deep Command is an add-on for McAfee's ePolicy Orchestrator platform
and provides administrators with secure remote access to perform
security operations such as scans, updates and patch installations,
even if the endpoint has been powered off, according to Gebhart. The
ability to detect malicious activity on the kernel level was critical
to detect increasingly sophisticated threats, he said.
"The bad guys are getting smarter at hiding malware," Gebhart said in his speech.
Deep Command will be released in the fourth quarter of this
year, with Deep Defender set for release in the first quarter of next
year. They will be the first products released since Intel acquired
McAfee for $7.68 billion. Pricing was not disclosed.
Deep Defender and Deep Command are based on the DeepSafe
technology unveiled at the Intel Developer Forum last month. DeepSafe
will allow McAfee to develop security products specifically for Intel
hardware, McAfee said.
DeepSafe creates an architectural layer that provides a direct
view of the system resources as well as the actual malware attack on
those resources. This view allows Deep Defender to perform real-time
memory and CPU monitoring. Since rootkits and other similar malware
attack the hardware and are loaded when the machine is booted up,
traditional security tools installed on top of the operating system
can't detect the malware's presence.
"The combination of McAfee and Intel brings fresh innovation to secure the future of computing and the Internet," Gebhart said.
Deep Defender also looks at behavior of anything trying to load
in memory, so it can detect and block a brand-new rootkit and other
malware even if it hadn't seen it before, McAfee said.
Deep Command takes advantage of Intel's Active Management
Technology (AMT), which is built into the company's Core i5 vPro and
Core i7 vPro processors. AMT allows administrators to remotely access
machines even when they're powered off.
"You can reach out to any endpoint, regardless of its power
state, and patch, update and scan it," Gebhart said, calling it a "new
way to manage security and manage recovery at the endpoint."
McAfee also announced a joint offering with RSA Security to
integrate security data from the ePolicy Orchestrator with business
infrastructure and compliance data collected by RSA Archer eGRC
platform and RSA Archer Enterprise Management. The Integration Package,
announced at Focus 11 on Oct. 17, is already available through RSA
Archer on the RSA Archer eGRC Exchange.
McAfee also said that George Kurtz, the company's CTO, will be
resigning at the end of the month. Dmitri Alperovitch, vice-president
of threat research at McAfee has also left the company. McAfee did not
provide any information about the departures other than the fact that
McAfee was already looking for a new CTO.