McAfee Aims to Secure Forgotten Files

Security vendor McAfee (NYSE: MFE) is pitching new tools designed to secure virtual systems and SAP applications. It also announced technology to support EMC and Sun storage environments.

The vendor’s VirusScan Enterprise portfolio now includes McAfee VirusScan Enterprise for Offline Virtual Images, McAfee VirusScan Enterprise for SAP NetWeaver, and McAfee VirusScan Enterprise for Storage.

The new tools for the SAP and virtual image environments are a continuation of McAfee’s tool focus on end-to-end security, and reflect why enterprise security must continuously respond to changes around application use and new technologies.

Earlier this month the vendor pushed out a new utility as part of its ePolicy Orchestrator to provide an audit trail, and a new USB drive designed to prevent data loss.

“Mission-critical applications once were run in silo, secured environments,” Malav Patel, McAfee group product marking manager, end point security, told InternetNews.com. “But now they’re being expanded beyond those silos and as a result they can be exposed to outside attack,” he said.

SAP has typically served as a supply-chain application. Now the software is used by lots of internal organizations, from financial to human resources departments, which rely on the application to gather and store external information. One example is a Web-based resume system tied into an HR SAP system, said Patel.

“Now that application presents a back-door for hackers as those documents are pulled into the system without any scan or security review,” he said. “This is about bringing proven security technology to the end point.”

As virtualization technologies take deeper root a similar vulnerability comes into play.

According to McAfee, research indicates there are as many as five offline virtual images for every one online image. The files often sit dormant for long periods within a virtual environment, and are missed when security updates and patches are applied to the virtualization technologies.

The VirusScan Enterprise for Offline Virtual Images automatically updates and patches the offline virtual images periodically so they no longer pose a security risk when they are activated.

“People back up and archive files on these virtual machine but they’re not getting patches or being scanned as other files are during security applications are updated and applied,” explained Patel.

Security analyst Peter Christy said many organizations just assume that all files and applications is assured given security already in place.

“What McAfee has done is realize how applications are being adapted and the vulnerabilities in new exciting technologies, like virtualization, and adjusted their tools to secure these areas,” Peter Christy, principal analyst for McAfee’s Internet research group, told InternetNews.com.

“Organizations are gaining such benefits from technologies, like virtualization, the goal is not to break that by forgetting about security,” he added.

The VirusScan Enterprise for Storage, which initially supported just NetApp storage devices, can now be used to protect files stored on EMC and Sun systems, said Patel.