Can OpenDXL Contain the Spread of Today’s Security Threats in the Enterprise?
A new security fabric from McAfee might be able to provide the line of defence that CIOs and CISOs need to contain the spread of ransomware and malware
Enterprises face at least a billion threats from malware, ransomware, hackers and even insiders, on a daily basis. Traditional approaches to security are no longer effective in today’s context; the entry points to a corporate network have increased manifold, due to numerous consumer devices (end-points). To counter all these threats, enterprises deploy multiple security solutions. But the weakness is in containing the threat and communicating it to all users, systems and security solutions in the enterprise network. One security solution may detect a threat, but is it communicating that down the value chain? A new fabric from McAfee, introduced last year, might be just the thing that can do this. It is an open platform.
Anand Ramamoorthy, Managing Director, South Asia, McAfee says CIOs are buying a lot of security widgets and tools.
“A large enterprise may have as many as 10 security vendors. Some have over 15 and the average is 5 – 6. They are dealing with a battle between a widget and a platform story,” said Ramamoorthy.
The effectiveness of all these security tools and widgets can increase if only they could communicate with each other. Last year, McAfee introduced a fabric called McAfee DXL (Data Exchange Layer), a platform that connects different security vendors. Initially, it was a closed loop, Intel proprietary platform, but it was later opened up to other security vendors.
“We are providing customers a fabric where they can attach different technology vendors and still have a good way of exchanging threat. If your end-point is getting attacked, I want everyone in your security value chain to know about it. This is the only way you can have the fastest response once you are attacked,” said Ramamoorthy.
DXL is a communication fabric that provides a secure, real-time way to unite data and actions across multiple applications from different vendors, as well as to internally developed applications. Through this platform, enterprises gain instant communication and collaboration, connecting security solutions into an effective team. Partners gain real-time access to new data and lightweight, instant interactions with other apps to enrich security operations.
What McAfee is really providing through DXL is an early warning system, to contain the spread of a threat. This sounds like a big challenge. What’s in it for security vendors (like CheckPoint and Forceoint) to open up APIs and come on to McAfee’s platform?
To encourage security vendors, McAfee set up an SIA (System Integrator Alliance) or an ecosystem of over 300 partners. It’s OpenDXL initiative allows security vendors and developers to quickly integrate data and actions for real-time security operations. OpenDXL becomes more effective as more players come onto the platform.
“Our punchline is ‘Together is Powered’ – because we can’t solve it on our own. We are trying to make it easier for a CIO or CISO to track, at a dashboard level, what is happening in his value chain. The question is not ‘Will I be hacked?’ but ‘When?’ — you will be attacked! DXL is our calling card to how we define security in the enterprise,“ added Ramamoorthy
He is optimistic that many large Indian enterprises will soon come on to this platform. However, he refrained from giving any names of those who already on the platform, though McAfee is in talks with many companies.
Experts warn that recent attacks such as WannaCry, which hold enterprises to ransom, are going to get more frequent. Attacks like these are a daily occurrence and not widely reported. So a fabric or platform like DXL can help contain the spread of the attack, and also warn everyone. It therefore makes sense for security vendors to come on board, as it strengthens the defence.
The question is, will DXL become as universal as say, USB, which is also an Intel technology?
Intel continues to hold a 49 percent stake in McAfee, though the security firm now runs as autonomous company. The rest of the stake (51 percent) is owned by TPG Capital and Thoma Bravo.