FOCUS 09: McAfee Lays Out Security Battle Plan

LAS VEGAS — McAfee CEO Dave DeWalt shared the stage with former Secretary of State and retired four-star Gen. Colin Powell for a joint keynote address here Wednesday. The two delved into the exponential growth in malicious code affecting Web sites, the next generation of security applications to combat them and the unintended consequences of overreacting to this new breed of hackers.

Ironically, it was DeWalt who played the role of the hawk, repeatedly using military metaphors to illustrate just how pervasive and insidious hackers and spam mavens have become in the Web 2.0 world and what McAfee and other security software vendors need to do to “defend our digital fortress.”

“We’re constantly under attack,” DeWalt told several thousand attendees here at the company’s FOCUS 09 conference in the Venetian Hotel and Casino Ballroom. “The bad guys are getting organized. This is not the hacker in your basement. We’re talking about organized crime, organized terrorism and organized warfare.”

DeWalt pointed to last Wednesday’s massive spear phishing attack in which hackers stole thousands of e-mail account passwords from Windows Live Hotmail users and posted them on the Web along with passwords phished from other popular e-mail services including Google’s Gmail and Yahoo as just the latest example of how vulnerable computer users have become to organized assaults.

“At least 20 countries have invested in cyber warfare,” he said. “We see it almost everyday. To protect our assets, it’s about learning from our history — learning lessons that shape our strategy and help us to evolve our protection.”

DeWalt’s alarming call to arms during this second annual FOCUS 09 follows the latest data security report last week from the Anti-Phishing Working Group (APWG) which claimed the proliferation of malware and online scams of every iteration has made the Internet as dangerous as it has ever been.

A call for a universal architecture for security standards

During his portion of the joint address, DeWalt hammered home McAfee’s view that any meaningful attempt to stem the tide of malware infiltrating both consumer and enterprise systems requires a concerted effort by security software vendors, chipmakers and telecommunications firms to create a governing model and universal architecture for applying security standards and technologies.

To this end, DeWalt reaffirmed his support for the Security Innovation Alliance (SIA), an organization he described as “the NATO” of security software, which brings together more than 20 different vendors for the purpose of sharing techniques and technologies to combat hackers and corporate subterfuge.

The mobility of data, everything from BlackBerrys to USB sticks, presents new and more complex security challenges, he said. McAfee and Adobe last week announced they will team up on a new integrated data loss prevention and digital rights management application set that exports a company’s internal security standards and protocols to all data shared with third-party customers, partners and vendors.

“We don’t have a common architecture to coordinate our fight to resolve these threats,” he said. “We need to know if data is coming to us from a friend or foe from the IP side in real-time.”

Whether DeWalt’s presentation, complete with a slideshow that featured images of tanks, fighter jets and aircraft carriers alongside standard McAfee marketing and product data, was a tip of the cap to Powell’s illustrious military career or merely a motivational tactic designed to fire up the attendees — including more than 300 partner companies — wasn’t clear.

At one point, DeWalt acknowledged the less-than-subtle overtures, saying “I apologize for some of the military-type analogies” but “we’ve come a long way [from being just an antivirus software company]. We’re more of a security company.”

Next page: General Colin Powell on computer security issues

Page 2 of 2

General Colin Powell on computer security issues

What was immediately clear — judging from the unprompted standing ovation — was just how much the audience revered Powell from the moment he took the stage.

Powell, who is credited for the massive overhaul of the US State Department’s IT department when he joined its ranks in 2001, began with a well-received anecdote describing how he had recently purchased a netbook that came preloaded with McAfee’s standard antivirus software.

“I’d just bought the thing and it was saying ‘You’re in danger! Buy now’!” he said. “I said to myself, ‘Hey, don’t push me.” He said that every time he used the netbook, he was hit with a McAfee reminder to purchase an AV subscription before the 60-day trial expired.

“So yesterday in Cincinnati I got another message that said ‘Dave knows you haven’t bought your subscription yet’ so I finally did it,” he said, adding that he took advantage of the $20 off subscription price offer.

Powell went on to chat about his transition from the heights of governmental power where he “met with kings and premiers and prime ministers” to lingering around the house all the time and annoying his wife of 47 years.

But the tone turned more serious when he discussed the transformation of the military and the private sector to what he called a “transactional world” where data is the lifeblood of “our economy, our democracy and the world’s ability to create wealth.”

“In the infantry we used a phrase called protect the force,” he said. “As the leader, I was the CIO, the guy in charge. Someone else had the title but I was the one responsible for protecting the force.”

Powell said that because data is so vital and so vulnerable, the natural inclination is to close ranks and error on the side of caution to a fault.

The danger of too much protection

“We want and need not only to protect the data but spread the data,” he said. “You can’t have so much protection that you create another risk. That risk, that challenge is to shutdown those vulnerabilities without constraining the potential and the data that makes those systems so valuable in the first place.”

Despite the circumspect view, Powell’s perspective was anything but Pollyanna as it pertains to protecting personal data from hackers.

“The worst thing that could possibly happen would be if we became so threatened by malware and viruses that people start to lose confidence in [technology],” he said.

However, Powell himself lost a bit of faith recently when what appeared to be a legitimate e-mail from a lifelong friend popped up in his Gmail account.

“Hey, all my computers are protected,” he said, eliciting a chorus of knowing laughs from the audience. “But some people are still getting through.”

Turns out, Powell was the intended victim of a garden-variety 419 scam requesting the former Chairman of the Joint Chiefs of Staff to wire cash to a distressed man in Nigeria in need of lodging expenses.

“What scared me was whoever this [hacker] was knew the right guy to use to get my attention,” Powell said. “He somehow knew the relationship between us,” adding that he followed up with the state department and confirmed that his friend was in fact at home and in no need to financial assistance.

News Around the Web