McAfee CTO: Current security landscape is on its way to failure

McAfee CTO: Current security landscape is on its way to failure

Summary: McAfee's CTO for worldwide operations warns that the security landscape is on its way to a complete breakdown if it doesn't change its course soon.

SHARE:
password-security

SAN FRANCISCO -- Enterprise security is finally getting some attention outside of the IT department, but that doesn't solve any problems alone, based on comments by McAfee's worldwide chief technology officer Mike Fey.

"When you're living in real-time, you can do the crazy thing of 'kill it,'" Fey quipped in reference to responding to network attacks and breaches.

Speaking at the 2013 RSA Conference on Wednesday afternoon, Fey remarked that "we have what we've always wanted" when it comes to security, and that's "boardroom" attention.

At the same time, Fey warned that we have to ensure that "with this new C-level access we're getting that we use it correctly."

Based on McAfee research and interviews with customers, Fey posited that many companies just aren't ready for the sophisticated attacks headed their way these days.

"Today, the average security solution adds a wall to the maze, adds a turn, and the attacker is the rat in that maze," Fey described. "The attacker twists and turns through that maze, and when he hits a dead end, he gets to try again."

"As an industry, we have to make sure we're educating our executive teams, leverage that, and evolve our architecture as a whole so it can be there for us," Fey concluded. "We cannot operate in historical. It doesn't make sense."

Basically, Fey suggested that based on the way the enterprise landscape looks now, we're on our way to a complete breakdown if companies don't change their security strategies immediately.

Fey remarked that this starts with moving at the speed of attackers and operating in real-time environments with always-on and connected infrastructures.

"When you're living in real-time, you can do the crazy thing of 'kill it,'" Fey quipped in reference to responding to network attacks and breaches.

Fey noted an additional strategy for improving enterprise security is using open architectures "so we can push above the integration layer and innovate in a rapid fashion."

"As an industry, we have to make sure we're educating our executive teams, leverage that, and evolve our architecture as a whole so it can be there for us," Fey concluded. "We cannot operate in historical. It doesn't make sense."

More from the 2013 RSA Conference on ZDNet:

Topics: Security, Intel, IT Priorities, Privacy, Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Please make this concrete.

    Rachel, can you follow up with something on how an enterprise would "push above the integration layer"? What is meant by this with regards to security? And what it is about open architectures that enable that push?
    Techboy_z
  • Feels good, but what's the meaning?

    I don't know whether this is summarised beyond the Avogadro number, or if it's just vacuous feel-good speak. What is meant by "...the crazy thing of 'kill it' "? Is he advocating automated counter-attack of attackers, or some variation of "too many bad attempts and we'll block you for retrying for an expensive period of time"?

    I don't get "push above the integration layer" either, but I do agree that as attackers and defenders are using the same resources (including flawed humans who create code), "security" will remain an arms-race that mainly serves to enrich the soldiers.

    I think there's been a smug hope that the defenders will always have the greater resources, at least until hobbyist viruses evolved to solid and profitable business models.
    cquirke