New Strategy Intact, Intel Security Calls on Channel Partners

Nearly two years after dropping the McAfee name, the new Intel Security says it's ready to go to market with a mandate to become one of the largest security vendors in the IT industry, taking on the likes of Cisco, IBM, RSA and Symantec.

The heavy lifting began a year ago when Intel tapped former Cisco Security exec Chris Young to lead its security business. Intel Security last week told channel partners at its annual Focus conference in Las Vegas that it is well into delivering a complete portfolio and ecosystem that will enable them to secure everything from sensors, to mobile devices, to PCs, as well as all points in the enterprise datacenter and public cloud. Intel also intends to provide partners with the needed wares to equip a security operations center (SOC).

At Focus, Intel launched several new products to deliver on those promises and emphasized that it is doubling down on reading and providing incentives for its channel partners to carry more Intel products. Young said 80 percent of Intel Security's revenues come from channel partners and that 45 deals last quarter were valued at $1 million or more.

Young has assembled much of his new team since coming on board a year ago, with the most recent pieces of the puzzle being the addition of seasoned channel exec Richard Steranka, who took over in September as senior vice president of global channel operations. During the Focus keynote session, Steranka spoke to partners of Intel's goal to help customers pare down the number of security solutions they manage.

"The time has now come to shift away from this model of dozens of, if not 50-plus, security vendors and pare it down to five or fewer," Steranka said. "I can tell you our objective is to be your No. 1, and our programs and everything around that will be designed to do that."

Over the past year Intel Security, with annual revenues of $3 billion in 2014, has reshaped its corporate strategy to focus on the expanding attack surfaces, from the endpoint to the network and cloud control points.

While Intel Security wants to provide many of those security wares, it will partner with others to ensure it is providing all of the protection that enterprises need. Young said at Focus that Intel Security is shifting away from a strategy that relies on acquisitions to internal development and partnerships.

"McAfee traditionally was all about buying," Young said, pointing to a long history of buying companies and trying to make them fit. "Everything we did, we acquired this company, we acquired that company. I think that's something we're going to have to change. We're putting more emphasis on building a lot of our technologies." Young didn't rule out buying companies where it makes sense.

Young presided over the introduction of two key new products that he said will bring home Intel's message that the company is not the McAfee anti-virus company of the past. One is the new McAfee EndPoint Security 10.x, an endpoint threat detection and response platform that Young said is based on significant architectural changes from the initial version released early last year. Besides improved performance, the company claims it offers visibility to advanced threats and offers high-speed detection and remediation.

The other new product is McAfee Active Response, which provides continuous monitoring and enables incident response while giving administrators views via the McAfee ePolicy Orchestrator (ePO) management console.

"We're getting into the game to help our customers be better at hunting and detecting for the undetectable threats with McAfee Active Response," Young said. "We can offer our customers the ability to go out and become really, really complete by giving them better detection and correction, by automating the process that the smartest security analysts have to follow if they're going to go out and look for the hardest-to-find threats in their customers' environments. McAfee Active Response is designed to do just that."

Young also talked up support for its Threat Intelligence Exchange (TIE), based on its McAfee Data Exchange Layer (DXL), which the company describes as its "architecture for adaptive security." Intel announced the exchange last year, describing DXL as "a real-time, bi-directional, communications fabric allowing security components to operate as one immediately sharing relevant data between endpoint, gateway, and other security products enabling security intelligence and adaptive security."

Intel says it enables product integration via an open API that ties to any layer of the exchange without requiring point-to-point integration. There are now 16 DXL Alliance partners, including Windows privilege management provider Avecto, ForeScout, Titus and TrapX Security. The company added two more last week -- Brocade and MobileIron.

"We recognize while we want to be our customers' No. 1 security partner, and we will be our customers' No. 1 security partner, we're not going to be their only partner," Young said. "So connecting that ecosystem and making it smarter, faster and better is what we're going to be all about investing in all of that."

Analysts are watching Intel's new security push closely. Frank Dickson, research director for information and network security at Frost & Sullivan, said Intel Security is in a transition phase that kicked off with the hiring of Young.  "We are just starting to see the fruits of the change," Dickson said. "The key is to do more, faster. Active Response is a good first step, but it is only a first step. Security professionals are desperate for tools to simplify the administration of security. Intel Security needs to do more. It seems headed down that path. Additional analytics need to be brought to the problem of security; automated analytics that does not involve a human. I did not hear much at all on automated analytics."

Dickson pointed out that Intel emphasized last week's message around large enterprises with SOCs. "I did not hear much addressing mid-market businesses, businesses that may have a security professional on staff, but one security professional is going to be challenged to take advantage of the tools being offered."

About the Author

Jeffrey Schwartz is editor of Redmond magazine and also covers cloud computing for Virtualization Review's Cloud Report. In addition, he writes the Channeling the Cloud column for Redmond Channel Partner. Follow him on Twitter @JeffreySchwartz.