6 takeaways from McAfee MPower

I wrapped up my 3-week tour of the cybersecurity industry with a stop in Las Vegas for McAfee MPower.  Here are a few of my takeaways from the event:

1. McAfee now positions itself as “the device to cloud security company.” What this really means is that McAfee will focus on the security of endpoints, cloud assets (i.e. IaaS, PaaS, SaaS) and the security services that connect the two together (i.e. DLP, CASB, proxy services, etc.).  
2. McAfee is also betting on security from the cloud with its MVision series of products. MVision moves the control and management plane from customer premises to the cloud, alleviating the need for customers to invest in security technology infrastructure. The MVision lineup includes MVision ePO, MVision endpoint, and MVision mobile.  At MPower, McAfee added MVision EDR and MVision Cloud to the portfolio.  To be clear, MVision is an option, not a mandate.  In other words, customers can still deploy McAfee’s on-premises products if they choose to.  MVision simply gives them an option for security from the cloud or hybrid options. 

ESG (my employer) sees tremendous growth in cloud-based security options as organizations eschew complex security technology infrastructure deployment, maintenance and operations.  MVision certainly maps to this trend.  McAfee also made sure to provide a simple on-premises to cloud migration path for existing customers.  For example, MVision ePO migration can be automated through a series of commands and project steps that move ePO accounts to the cloud.  This orchestrated migration should help McAfee retain and delight its customer base.  Finally, McAfee believes that MVision will become a nexus for its innovation, product integration, and partner integration moving forward.  I can’t really argue with this viewpoint. 

3. When it comes to cloud security McAfee poses an astute question to the market: Why should organizations have one set of security controls for SaaS and another set for IaaS/PaaS security? Of course, there is history here as this situation grew out of supply side innovation – CASB vendors focused on security controls for SaaS while cloud infrastructure security came from others.  Customers consumed these two product categories independently at different times with different budgets and staff members.  Now that cloud computing has matured, McAfee believes these two areas should come together with common policy management, controls, and monitoring.  Former SkyHigh CEO, Rajiv Gupta, is heading up the McAfee division driving all things cloud security, including its MVision cloud security offering the whole enchilada in a cloud-delivered platform.  McAfee will bring in additional cloud security functions (of its own and with partners) over time, including web security, malware protection, authentication, etc. 
4. McAfee is intent on wringing the complexity out of its security products, focusing on areas like machine learning and automation. For example, McAfee EDR is designed to be more accessible for customers lacking the staff or advanced skills to take full advantage of an analytics tool.  McAfee helps here by automating more processes, providing analytics and runbooks for things like fileless malware and ransomware detection, and linking its EDR with the MITRE ATT&CK framework.  This type of design will be appreciated by most of the market who have too many security tasks to do and not enough people to do them.
5. McAfee is betting on artificial intelligence and machine learning. In addition to advances in its products, McAfee believes that it can marry AI and machine learning to its customer base at large.  When McAfee sees some type of new threat at one of its customers, it can query its vast repository of threat intelligence to compare the threat to current adversary tactics, techniques, and procedures (TTPs), and then communicate bulletins, investigation runbooks, and automated remediation methodologies to its customer base.  This isn’t a unique vision but while others talk about it, McAfee seems well along the way toward execution.
6. McAfee gets SOAPA – and openness. Cybersecurity has and likely always will feature a variety of products from different vendors.  This reality is why ESG created its security operations and analytics platform architecture (SOAPA) as a means for heterogeneous product integration and interoperability.  McAfee seems quite committed to SOAPA by supporting and championing software integration technologies like its Open Data Exchange Layer (OpenDXL) and Apache Kafka.  McAfee is also committed to making all MVision functions accessible through open APIs.  Heck, McAfee even hosted a presentation about lowering MTTD and MTTR using SOAPA.  Now that’s commitment!

The whole saga of being in-and-out of Intel over the past few years ago left McAfee a very internally focused company as it figured out products, created a new financial structure, and changed the organization to compete as an independent company.  Unfortunately, McAfee’s internal permutations took the company’s eye off the market and opened the door for a crowd of other more market-focused vendors. 

McAfee’s device-to-cloud message is now clear and aligns with market requirements, so McAfee’s current challenge is to make sure to get the word out through marketing communications, social media, through the channel and direct salesforce, and ultimately to customers and prospects. 

McAfee’s done a lot of the hard work figuring out what it’s going to be and executing on this strategy.  If the market hears about this more focused effort, it will respond.