Bridge the Gap Between the Security You Have and the Security You Need

By on Nov 12, 2020

Change happens – sometimes much faster than expected – like it has in 2020. When the threat landscape shifts suddenly, security professionals must quickly react and change their security posture. This not only means reconfiguring existing security investments but also adding new ones.

But given the number of heterogenous security applications sold by multiple vendors, new security expansions are tough to manage. They not only have to co-exist with the existing security infrastructure, but they must be integrated to avoid leaving security gaps attackers can exploit. User and business experience must be maintained as well. Is it any wonder, then, that CISOs continue to struggle? It’s hard to optimize and manage existing cybersecurity software investments — and expand security capabilities – all the while keeping up with shifting business needs.

It is time you demand more from your security vendors. It’s perfectly reasonable to expect them to do the following:

  • Anticipate the changes you now face
  • Offer solutions that handle those changes with pre-integrated capabilities from multiple best of breed vendors
  • Enable you to not only select the right vendor but also compose a solution quickly for your environment
  • With a few clicks, do a quick POC in your environment and move rapidly into production

Here’s where “Composable Security,” a breakthrough architectural extension from McAfee addresses this chronic IT turbulence. In practice, the concept allows MVISION ePO (ePolicy Orchestrator) administrators to add multi-vendor security modules quickly and easily assemble best-in-class solutions that meet your particular needs. Users can compose, and then re-compose, powerful, cloud-based or on-prem security solutions certified to seamlessly plug-and-play. With a few clicks, you can add new capabilities to your existing security infrastructure in minutes.

MVISION ePO now offers Composable Security capabilities. Let’s take a closer look:

MVISION Marketplace delivers value quickly and simply

The era of monolithic and often disconnected, security solutions has passed. We believe customers want a connected security architecture that can rapidly adopt and implement new tools, sensors and data from a myriad of disparate but innovative solutions. When change occurs seemingly overnight, like we saw with the explosion in the number of people working from home due to Covid-19, executives don’t have the luxury of waiting until the next budget cycle to take action. But with MVISION Marketplace, we are enabling companies to easily scale their security infrastructure.

This new application marketplace enables McAfee and our partners to deliver pre-integrated, best-in-class solutions to customers. The marketplace offers products that expand and extend McAfee solutions. Organized in easy to understand categories, the marketplace features a tile per partner. Each integration is “McAfee Certified” which means that McAfee has certified the integration with that partner.

Clicking on the tile enables you to drill down and understand the value delivered by each integration. When you see something you like, click through and try it out. Here’s where pre-integration makes the combined value proposition easy to understand. The idea is for customers to experience the value quickly before they make a decision.

By utilizing our partners in the MVISION Marketplace, you can not only evolve your security architecture; you also improve your team’s responsiveness to real-time threats—and become less preoccupied with tool integration.

We worked closely with multiple partners to build out this marketplace. These composable solutions are from leaders in their field including Attivo Networks, IBM Security, Seclore, Service Now, Siemplify, and ThreatQ. Their certified solutions extend the capabilities of existing security environments, whether cloud-based or on premise. This new ability to mix and match applications over and over also addresses many pressing business challenges. It helps organizations address technology, time, compliance, and resource constraints in minutes — rather than in hours, days or weeks.

Attivo working with McAfee delivers the best endpoint solution in the industry. Attivo’s blog covers how McAfee + Attivo are better together for customers.

Seclore working with McAfee delivers the best Information security solution in the industry. Read their blog to learn how McAfee + Seclore are better together for customers.

ThreatQuotient, Swimlane, and Siemplify, working with McAfee, deliver one of the best SOC solutions in the industry. Learn more about how ThreatQuotient, Swimlane, and Siemplify are better together with McAfee for our customers.

Our market leading Security Innovation Alliance Program has created the largest integrated security ecosystem in the industry. We’re not done. You can expect us to add new partners quickly. In the meantime, if you find a partner missing that you want us to add to our list, please reach out to me.

A new MVISION API enables customers to add their own innovations

We live in an era where more security is automated rather than managed through consoles. MVISION API’s goal is to be the single interface for your non-console interactions with the McAfee portfolio. It’s a powerful capability that delivers a single, web scale, global interface with unparalleled access to your McAfee portfolio. The goal is threefold:

  • See what McAfee sees: As you deploy McAfee controls in your IT infrastructure, McAfee products start seeing security events; they discover devices; they see users access assets; they see processes running on endpoints; they see network movement; they see cloud access as well as any files being uploaded to the cloud. That same visibility will be delivered through this API.
  • Know what McAfee knows: When it comes to threat intelligence, McAfee has vast knowledge about what is good, what is bad, what is suspicious and what is not known. All this is available to your controls from McAfee and shows up as alerts or reputations of files, URLs etc. If you are an inquisitive SOC analyst, you may want to increase your knowledge through queries and searches or get more details about a campaign. The bidirectional “Know API” is geared towards enabling you to get access to this type of information.
  • Do what McAfee can do: McAfee is the market leader in security orchestration. McAfee launched the industry’s most popular orchestration product 15 years ago as McAfee ePolicy Orchestrator (ePO). That knowledge and power is now available through the DO APIs. You can now use the DO APIs to essentially orchestrate and automate the McAfee portfolio like you have used ePO.

The API, at launch, is tuned towards an Open EDR solution enabling customers to expand and extend MVISION EDR.  Top use cases are driven by the need of SOC analysts to build playbooks, manage cases, search for IOCs, synchronize Incidents and build intelligent extensions to the vast amount of control visibility we provide.

We have very ambitious plans. So, watch this space as we make rapid progress.

What’s a marketplace without developers?

Opening up the MVISION Developer Portal to all Innovators using the MVISION APIs, application developers and ISVs can build public or private applications. This portal for application developers enables them to build, test, and certify their applications prior to making them available on MVISION Marketplace or for customers to develop and deploy their private apps.

I expect startups will leverage MVISION APIs to build their innovation on top of McAfee products. In fact, we encourage them to do so and deliver their innovations next to McAfee products and deliver them to our customers through the marketplace.

Of course, organizations can also choose to create a variety of custom apps using MVISION APIs from the MVISION Developer Portal. The only limit is your own creativity. You can build new Intelligent apps, automate your current processes, integrate your SIEM, build an OT extension, or just sit back and enjoy a comprehensive dashboard that tracks your security posture.

MVISION ePO’s Composable Security extensions are simple and quick

These capabilities work together to deliver a Composable Security Platform enabling McAfee and its ecosystem to deliver pre-integrated, high-value solutions to customers. This is a big breakthrough that will make your job easier.  All it now takes is a few minutes to make a few clicks to add valuable new capability.

Try it out and see for yourself at http://marketplace.mcafee.com/ and https://developer.mcafee.com/.  I hope you will find this set of capabilities valuable and welcome your ideas on how to make them even better. And don’t be shy. Drop me a line @ javed_hasan@mcafee.com to tell me what improvements you want to see.

About the Author

Javed Hasan

Javed Hasan is the Global Head of Enterprise Products Strategy and Alliance at McAfee. Prior to joining McAfee, Javed was the SVP of Endpoint, IaaS and Datacenter Products at Symantec. Javed is proven leader with more than 20 years of experience in building successful, high growth product lines tuned for target segments and routes to ...

Read more posts from Javed Hasan

Categories: Enterprise

Subscribe to McAfee Securing Tomorrow Blogs