McAfee’s CSO: An insider’s guide to IT security

As the chief security officer at one of the world’s best known security companies, Ted Barlow is practically wearing a target on his back.

“If we don’t do security well, then our business suffers. Maybe more so than most companies,” said Barlow, CSO of McAfee Inc. “I don’t like to play that up too much, but I feel that my No. 1 job is to make sure that we are available and that we are not affected by the latest threat.”

Barlow was in Toronto Tuesday to give a seminar called “Protection in depth at McAfee,” which was basically a guided tour of how the company uses its own products to shield itself from security threats and all they entail. It can be an instructive process, he said – the company is its own best beta tester.

After his seminar, Barlow spoke to ITBusiness.ca about making his company’s products ready for the outside world, Symantec’s foray into the storage market and why Firefox might ultimately be a good thing for McAfee.

ITBusiness.ca: I’m sure you use other beta testers, but what can you learn internally by going through that testing process yourself?

Ted Barlow: It’s the fact that we use all of our products (internally). It’s how we integrate everything together. In other words, a new product or an upgrade of an existing product – how well does that fit in? How good is it at interacting with all the other pieces? Because we use the entire McAfee stack, if you will, we can really test that. We have a pretty heterogeneous environment – 3,000 people, the same number of workstations, 600 servers and a lot of applications. We get a get a chance to really test if not all the products, most of the products.

ITB: Do you find that your own users are more vigilant because they work for a security company?

TB: I’d like to believe that’s true, but there are people who work in finance or may not be product engineers who are probably pretty average in that respect. A lot of what we do is really seamless and invisible to the end user. Two weeks ago, we pushed the anti-spyware beta and nobody noticed. It just went out there and started reporting more spyware. Things like that, I don’t think the end user is aware of it. Which is good. 

ITB: McAfee moved from weekly virus updates to daily updates a few weeks ago. How many more resources did you have to allocate to make this possible?

TB: We had to prepare the delivery infrastructure. A lot of what we deliver is over our own network pipes and over our own servers. We also partner with some others. There was some tuning of that for the daily. But we didn’t really change the back-end process. What was happening before is that three or four times a day, we’d get a new variant or a new virus and create an early (fix) for that virus, then those get rolled up. Now we just roll it up on a daily basis and send it out. In fact we may roll it up more often than once a day. I think a lot of it came from customer requests that said, “Look, we feel that weekly is not enough.”

ITB: Since you’ve moved to that model, have you seen an increase in customer traffic?

TB: With the weekly release, customers automatically set their systems to check for the updates. We see spikes in traffic. I think with the daily updates, it’s sort of smoothed out the traffic a bit more, which I think allows us to predict the traffic a bit more. In a sense, it may be better for us from an operations perspective.

ITB: John Thompson, the CEO of Symantec, was in Toronto recently and talked about what he called a “day-zero” attack where a vulnerability is discovered then almost immediately exploited. What is McAfee doing to stave off these instantaneous attacks?

TB: What you’re seeing in our products is a shift away from reactionary strategy of having to use an update and towards having more proactive detection. Our Virus Scan Enterprise 8.0i really has a lot more protection that is not necessarily dependent on an update – protection from attacks like buffer overflow and things like that.
We’ve been talking about zero-day attacks for three years and we really haven’t seen too many examples of it, but it’s obviously a risk and something we should take seriously.

ITB: Now that Symantec has expanded into the storage market with its purchase of Veritas, does McAfee feel any pressure to follow suit?

TB: We were diversified and you’ve seen us in the last year or so sell off business units that really didn’t speak to our core competency, which is security. I don’t see us wandering too far away from that core competency, but we’re responding to the needs of customers and what’s out there. Never say never, but I think we are finally enacting a strategy that was embarked on about 15-18 months ago, which is really about getting back to our core.

ITB: With Microsoft entering your turf with its buyouts of Giant and Sybari, are you going to be edged out of future partnerships with the company?

TB: Our position is that we will continue to partner with them because we do a lot of different things besides anti-virus. They like to say that Sybari is a product that works with a lot of other A/V vendors and actually requires A/V engines. I think we consider them a potential competitor in certain areas, but we still continue to partner with them and I don’t think that’s going to change anytime soon.

ITB: With Hotmail now using Trend Micro products for anti-virus rather than McAfee, would you consider partnering with another e-mail provider?

TB: We have small and medium business offerings in that area. Hotmail chose Trend and MSN did an announcement last week with Symantec. We have an agreement with AOL – that’s where we’re focusing some of our partnering. I think that’s an obvious choice. (Editor’s Note: AOL used to charge its users a monthly fee for using McAfee VirusScan, but began bundling it for free last year.)

ITB: There’s been some diversification in the browser market with Firefox starting to have an impact on Internet Explorer’s user base. Does this ultimately benefit McAfee?

TB: I think it’s a boon in the sense that it’s definitely something Microsoft wouldn’t be interested in pursuing. Microsoft will do certain things in security for their platforms. I don’t see them doing enterprise-wide non-Microsoft coverage. Firefox is a good example of that. Linux is another example. It’s one of those things you can’t really prove until it happens – the hypothesis that it’s only as secure as the amount of people trying to break it. But I think there’s some truth to that and we’ll see soon. Firefox is getting quite large now, especially in the enterprise. A lot of people are moving to Firefox on the desktop in large enterprises.

ITB: With more and more anti-virus and anti-spyware software being offered to consumers for free, does that mean companies like McAfee have to move up the value chain to generate more revenue?

TB: Well we’re doing that. Our A/V product is not just protection, it’s very much prevention and we’ve added features like buffer overflow protection at no additional charge. There’s a certain willingness to expand what A/V can do and make it more (about) multi-tasking and (being) more responsive to the latest threat. That puts more pressure on people that commoditize A/V in the classic sense.

Comment: info@itbusiness.ca

Share on LinkedIn Share with Google+