Blogger: Dan Blum
At the McAfee Focus 09 Security Conference last week in Las Vegas, CEO Dave DeWalt stood under the bright lights on a theater-in-the-round stage, and kicked off proceedings with the pro forma scary characterization of a dangerous threat landscape and McAfee’s strategy on the defense.
Dave highlighted the need for “multilayer defense,” “multilayer correlation,” and “situation awareness.” He said that despite the breadth of McAfee’s product line and its ongoing strategy to build its Security Innovation Alliance through partnerships that enhance the strong, integrated management capabilities of ePolicy Orchestrator (ePO), “we can’t do it alone.” DeWalt appealed to his audience of end users and partners to share their ideas of how the community can be more effectively coordinate multi-vendor products on the defense.
Later that morning, Dave arrived to answer questions from the press and analyst community. At some point as he introduced the session, or perhaps it had been during the keynote itself, DeWalt mentioned that the numbers of McAfee’s alliance partners were growing, Symantec was taking notice and might start something similar, but McAfee had better tools and application program interfaces (APIs) for effective partner coordination. That’s when I decided to ask a question.
After a brief delay while paparazzi snapping innumerable
photos blocked my view, the paparazzi sat down, I raised my hand and was
acknowledged. My question: “Mr. DeWalt, I’m
glad to hear you emphasize the need to coordinate multiple security vendors and
products. We hear that from our customers all the time. It’s great to see your
partner alliance growing in numbers. But I think it has to be more than a vendor
ecosystem and some APIs. If McAfee has an alliance, Symantec has one, and
Microsoft has one who knows at the end of the day if all the products will talk
to each other? I think there’s a strong need for standards. You spoke about situation
awareness; I’d like to call your attention to the Common Event Expression (CEE)
work on log standards which would relate to your security information
management product line. But more generally, what standards does your Security
Innovation Alliance (SIA) plan to promote?”
Paraphrasing Dave’s reply from memory: “We have all kinds of IT standards, but no standards for security. We’ll promote standards but we’ll put our own stamp on it. We’re looking in the areas of a common service bus and a common policy language. But it’s not just technical standards that are needed; it’s also standards for governance.”
A reasonable general sort of answer. But while writing this I looked at the web pages promoting the Security Innovation Alliance, and there’s nothing about standards there now. If standards will be emphasized in the future, the site needs set forth a vision, define objectives, milestones, and progress.
I didn’t really expect a CEO to respond on the spot to something as technical as CEE log standards. Although these standards could in time greatly enhance both real time situation awareness and deeper event log correlation among multiple vendors, they are fairly obscure. That’s why I worded my question to let Dave address standards in a general way. But I did hope to plant a CEE seed in McAfee land. More likely my seed blew away in the wind of a busy week, but perhaps McAfee will see this blog entry and consider what I say. Their comments are welcome here.
Comments