Intel Security oppportunities and challenges

With the glitz of Las Vegas as a background, Intel Security (aka McAfee) held its annual FOCUS event last week, attracting analysts, customers, and the press alike. 

Intel President, Renee James was first to take the stage and articulated a vision of “creating a baseline of security across hardware, software, and the cloud.” James was followed by Chris Young, who recently joined the company (from Cisco) as SVP and GM of Intel Security. Young built on his boss’s words by stating that IT complexity and fragmentation have become the enemy of security. He went on to describe how Intel Security was well-positioned to address these problems.

These two executives (and a cast of other Intel Security executives) were certainly toeing the company line, but in my humble opinion Intel Security is one of few vendors that really do have the potential to help CISOs address ever-changing enterprise cybersecurity requirements. After all, Intel Security has:

1. One of the most comprehensive security portfolios around. The old McAfee has the whole enchilada: Endpoint security, network security, web, email, DLP, security analytics, etc. Additionally, Intel Security is a leader in most of these categories.
2. A real integration story. While McAfee grew up as a product company, it is well along the way to integrating its disparate point products into a more holistic enterprise security architecture called “security connected.” Intel Security doesn’t talk about this architecture as much as it should, but it’s real and pretty comprehensive. For example, Intel Security used its FOCUS event to showcase Threat Intelligence Exchange (TIE) and Data Exchange Layer (DEL) – two middleware components that provide for McAfee and third-party integration.
3. A well-established partner ecosystems.  In spite of its breadth and depth, James and Young realize that Intel Security can’t be all cybersecurity things to all people.  No worries, however; McAfee established its Security Innovation Alliance (SIA) years before other vendors gave a thought to a partner program. SIA is churning along nicely, providing a fast path toward TIE and DEL integration with third-party tools. 
4. A rich and popular owner. While there is still a bit of confusion about how Intel and its security division work together, there is little doubt that Intel has the resources and connections to walk McAfee into really big opportunities that would have been difficult to find on its own. This advantage will only increase as cybersecurity gains an industry-centric flavor on the back of IoT.

You can call it Intel Security or you can call it McAfee, but you certainly have to call the combined entity an enterprise security leader moving forward. Nevertheless, Intel Security has some work ahead. To reach its true potential, McAfee must:

• Establish an image beyond AV. In spite of its broad portfolio, lots of security professionals still think of McAfee as the red-box antivirus vendor. This limited perspective hurts today and could be even more damaging in the future. Why? AV software is getting pushed aside by “real” security products for malware prevention, detection, and response. For example, Intel’s NGFW is a technology leader, but it’s lost in the noise of other leading vendors like Check Point, Cisco, Fortinet, and Palo Alto Networks. If security professionals equate Intel Security with McAfee AV, it will not get a seat at the highly lucrative “next-generation” cybersecurity table.
• Balance tactical and strategic sales.  Like other leading security vendors, McAfee has always operated as a product rather than a solutions company. Selling “security connected” deals will require a new approach including CISO-level strategic planning, project management, industry-specific sales cycles, and professional services. McAfee must figure out how to add these skills without throwing the profitable cybersecurity products baby out with the solutions bath water.
• Manage Intel. Yes, Intel can take its security division to new places, but it can also bog the company down if it insists that McAfee become a CPU-based security evangelist. With all due respect to the army of PhDs at Intel, hardly anyone is using Intel-based security technologies like IPT, TPM, TXT, or vPro. In some cases, these technologies have great potential but Intel hasn’t won over ISVs or the development community. In others (like IPT), Intel-proprietary technology hasn’t got the market share to compete against promising open standards like FIDO or consumer-focused firms like Apple, Facebook, Google, or Samsung. If Intel prioritizes its CPU-based security agenda over true enterprise security requirements, its security division will become mired in internal battles and miss market opportunities left and right.

Finally, Intel Security can only succeed if it can attract the best and brightest cybersecurity minds moving forward. This will require a bit of work from Intel corporate in order to shed its stodgy reputation and present McAfee as a nexus of cybersecurity innovation and career advancement.