McAfee: Threat Focus
Back in 1997, McAfee Associates was primarily a provider of antivirus software. It changed its name to Network Associates that year, after merging with network analysis tools company Network General. Then last year, after divesting its non-security assets—including help-desk software that it sold to BMC—it changed its name back to McAfee.
Today, antivirus software is, once again, the hub of its offerings. The company claims that 100 million machines use its antivirus package.
Like its key competitor, Symantec, McAfee has also expanded to provide intrusion detection and prevention products, encryption software, and antispyware and antispam software. But according to some customers, McAfee has been slow to develop security products in certain areas.
Humana, a health maintenance organization based in Louisville, Ky., uses McAfee's ePolicy Orchestrator to keep antivirus definition files on desktops up to date, and to manage the McAfee host-based intrusion detection software on servers.
The company was getting "beat to death" by spyware a year and a half ago, says Mike Howell, information-technology security consultant at Humana. At the time, McAfee didn't offer software to find and eliminate spyware. So instead, Howell and his team chose to deploy Webroot Software's antispyware product. "It's not a matter of whether McAfee can do it now—it's a question of whether they had the capability we needed at the right time," he says.
McAfee has now jumped into the market with both feet: In November, the company announced AntiSpyware Enterprise. The main component of the product (set to be available by the start of 2006) is software that resides on personal computers to catch and remove programs that have surreptitiously loaded themselves. According to Steve Crutchfield, McAfee's director of product marketing, "We've seen the problem of spyware rise from the level of nuisance to a major security concern."
Meanwhile, Sappi Fine Paper, a specialty paper manufacturer with North American headquarters in Boston, uses McAfee's Entercept intrusion detection system on about 2,000 servers worldwide. But Jim Cupps, the company's information security officer, notes a limitation of the version of the Entercept software Sappi is using: As an intrusion-detection system, it watches only for specific kinds of attacks and—like antivirus software—must be regularly updated to be effective.
"The biggest danger for us was the period of time between when you get [a vulnerability] out there and when you can patch the machine," Cupps says. "I wasn't covering the gap time with Entercept alone." To plug the gap, Sappi deployed intrusion prevention software from Determina that resides in memory to look for and stop any anomalous activity on 50 of the company's most critical manufacturing servers.
McAfee says the latest version of Entercept provides the same kind of dynamic intrusion-prevention capabilities. However, Cupps notes, "It's generally good to have two different measures in place. You don't want all the eggs in one basket."