McAfee Unveils Two DeepSafe Products for Chip-Based Security

McAfee announced two new products based on the DeepSAFE technology which protects user computers from sophisticated malware that attacks the hardware level.

Deep Defender and Deep Command platforms will allow security tools to run at the processor level, McAfee said at the McAfee Focus 11 conference on Oct. 18. The announcement was made during McAfee co-president Todd Gebhart's opening keynote.

Deep Defender protects the endpoint by using hardware-assisted security tools to monitor system activity and detect kernel malware, Gebhart said. Running the tools below the operating system will make it possible to detect rootkit infections and other attacks that target hardware, according to the company.

Deep Command is an add-on for McAfee's ePolicy Orchestrator platform and provides administrators with secure remote access to perform security operations such as scans, updates and patch installations, even if the endpoint has been powered off, according to Gebhart. The ability to detect malicious activity on the kernel level was critical to detect increasingly sophisticated threats, he said.

"The bad guys are getting smarter at hiding malware," Gebhart said in his speech.

Deep Command will be released in the fourth quarter of this year, with Deep Defender set for release in the first quarter of next year. They will be the first products released since Intel acquired McAfee for $7.68 billion. Pricing was not disclosed.

Deep Defender and Deep Command are based on the DeepSafe technology unveiled at the Intel Developer Forum last month. DeepSafe will allow McAfee to develop security products specifically for Intel hardware, McAfee said.

DeepSafe creates an architectural layer that provides a direct view of the system resources as well as the actual malware attack on those resources. This view allows Deep Defender to perform real-time memory and CPU monitoring. Since rootkits and other similar malware attack the hardware and are loaded when the machine is booted up, traditional security tools installed on top of the operating system can't detect the malware's presence.

"The combination of McAfee and Intel brings fresh innovation to secure the future of computing and the Internet," Gebhart said.

Deep Defender also looks at behavior of anything trying to load in memory, so it can detect and block a brand-new rootkit and other malware even if it hadn't seen it before, McAfee said.

Deep Command takes advantage of Intel's Active Management Technology (AMT), which is built into the company's Core i5 vPro and Core i7 vPro processors. AMT allows administrators to remotely access machines even when they're powered off.

"You can reach out to any endpoint, regardless of its power state, and patch, update and scan it," Gebhart said, calling it a "new way to manage security and manage recovery at the endpoint."

McAfee also announced a joint offering with RSA Security to integrate security data from the ePolicy Orchestrator with business infrastructure and compliance data collected by RSA Archer eGRC platform and RSA Archer Enterprise Management. The Integration Package, announced at Focus 11 on Oct. 17, is already available through RSA Archer on the RSA Archer eGRC Exchange.

McAfee also said that George Kurtz, the company's CTO, will be resigning at the end of the month. Dmitri Alperovitch, vice-president of threat research at McAfee has also left the company. McAfee did not provide any information about the departures other than the fact that McAfee was already looking for a new CTO.