Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
McAfee has squeezed out the first product based on its DeepSAFE technology, created in collaboration with owner Intel.
Called McAfee Deep Defender, it is capable of detecting “nearly all kernel-mode malware,” according to McAfee and should be hugely useful to IT departments concerned about stealthy rootkits.
The DeepSAFE technology was announced at IDF 2011. Many expected such sub-operating system security to come out of Intel’s acquisition of McAfee.
“Together, McAfee and Intel are rethinking the entire approach to security and McAfee Deep Defender is a proof point of how security is changing to provide a new level of protection,” said Renee James, Intel senior vice president and general manager of the software and services group.
“We are working to ensure users have an engaging, secure and productive computing experience across all Intel platforms using McAfee technologies. Security is one of the top concerns to organisations of all sizes and industries. It is essential that computing is protected against intrusions from security breaches and malware in more effective ways.”
The technology comes with CPU and memory monitoring, allowing administrators to see what is going on below the OS. In particular, it should give IT teams the ability to spot nasty rootkits.
According to McAfee, the product will “report, block, quarantine and remove known and unknown stealth techniques attempting to load in memory.”
For suspected unknown threats – otherwise known as zero-day threats – Deep Defender sends a “fingerprint code” off to the McAfee Global Threat Intelligence network for analysis.
Administrators will be able to watch over all the action via the ePolicy Orchestrator console, which should soon benefit from recently-acquired NitroSecurity technology.
“The bad guys are getting smarter about hiding malware, but they can’t hide it when interacting with the hardware, memory or operating system. We can now detect these interactions, and provide an unprecedented level of protection,” said Todd Gebhart, co-president of McAfee.
The general industry opinion of the sub-operating system model is that it is the future of security. However, Intel and McAfee will have to open up the model so other security vendors can join the market. Intel chips are found in around 80 per cent of PCs being used today.
Got the city on lock down
McAfee has also launched ePO Deep Command, which gives administrators the ability to remotely patch systems, even if they are turned off.
Using Intel’s Active Management Technology, IT teams can switch computers on and off to execute security tasks, or simply to implement green IT policies.
“McAfee ePO Deep Command enables security administrators to quickly respond to disabled PCs with a remote call for help functionality to ensure proper security is in place to protect against today’s fast propagating threats,” said Brian Foster, senior vice president of product management at McAfee.
This article originally appeared at itpro.co.uk
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.