For while Las Vegas trades on its Ocean's Eleven-style glamour, it makes most of its money from the wallets of ordinary people willing to drop a few dollars more in the casinos, restaurants and nightspots. And they don't come so often these days.
However, amid the gloom there are always reasons for optimism. One would be that McAfee managed to break all attendance records for its annual Focus event by attracting 3,000 delegates from 63 countries, a 32 per cent increase on 2010, according to the company. All of us – customers, partners, analysts and journalists – were here to discover where exactly the company was headed.
McAfee's logo now has the legend “An Intel Company” sitting neatly beneath it. And McAfee used Focus 11 to launch Deep Defender – the first product to build on the Intel-inspired DeepSAFE technology unveiled earlier this year.
According to the company, Deep Defender operates beyond the operating system and is designed to “detect, block and remediate advanced, hidden attacks”. It resides between the memory and OS to perform real-time memory and CPU monitoring. McAfee's big claim, and it is big, is that DeepSAFE can stop zero-day attacks, defeat root-kit attacks and remove known and unknown stealth techniques attempting to load in memory.
“The bad guys are getting smarter about hiding malware, but they can't hide it when interacting with the hardware, memory or operating system. We can provide an unprecedented level of protection to our customers by blocking an entirely new range of stealthy threats,” said Todd Gebhart, co-president of McAfee.
Some high-profile rivals have been openly dismissive of Intel's acquisition of McAfee, notably Enrique Salem at Symantec and Eugene Kaspersky, who both believe it will take McAfee out of the traditional AV markets – and that the company will gradually disappear.
"There's nothing different about us. We are substantially larger than Kaspersky, but when a competitor takes a negative view of us, we take the positive. McAfee is committed to all its product lines and competing with Eugene,” said co-president Michael DeCesare, clearly unwilling to knock the Russian company in public.
“Although Intel acquired McAfee, the day-to-day business is running as normal. It can still make its own acquisitions (Nitrosecurity) to beef up its own offerings. The acquisition means that McAfee can now get first dibs on advanced Intel technology,” he added.
(Todd Gebhart later admitted to me that they would have probably have said the same thing about Kaspersky if Intel had bought the Russian outfit.)
Michael Busselen, SV-P, global external affairs, enlarged on this theme during a conversation with me later at the conference. “The $7bn dollar acquisition of McAfee was roughly equivalent to all the acquisitions that Intel has made in its lifetime. Intel has not had a good record of driving the value of those acquisitions, so it approached McAfee very differently. McAfee is an arms-length subsidiary. There were no synergies in this acquisition. Nobody lost their jobs.”
“McAfee has continued to grow and hire. We have more employees than when they bought us, more engineering, more sales. We have more capability. So the impression that we have somehow gone is a misconception. Our brand remains. It is a different kind of acquisition than any other you can think of. This is not Oracle crushing PeopleSoft. Renee J. James [Intel's SV-P] has built a moat around us, filled with alligators, with guns. She's desperate for us not to be ruined by the hordes of Intel. She wants Intel and McAfee to create that future of security that we've been talking about at this conference.”
He added: “The security industry is doing a worse job of providing engine-level AV protection than it did five years ago. The reason is simple. We are being washed over by this tide of malware. We need new solutions. These can be found with the addition of hundreds of extra engineers – people who can come up with new ideas and share that vision. Intel has those people. It has more than we do. It has even more than Eugene has. We are no less focused on competing in the global marketplace.”
The numbers game
One number stood out during the keynotes at the conference. According to McAfee, the annual value of IP theft is now $1trillon, a figure described by veteran Financial Times technology journalist Joseph Menn as “not completely laughable” – a strange kind of endorsement to make public here. But McAfee is no different to any other vendor when it comes to using numbers and stats to create an impression. Here's a few:
· 66 per cent of management are in the dark when it comes to security threats.
· 92 per cent of companies have flat or declining IT staff numbers.
· There has been 75 per cent growth in the security appliance market.
· The cloud SaaS market would be worth $10.5bn by 2014.
· In 2016 there will be 200 million unique pieces of malware.
· The average automobile has 30 unprotected computers.
· Everything in the world will one day have an IP address.
· Stuxnet would not have happened if DeepSAFE technology had existed.
Of course, there is no way of proving that last claim. On the second day of the conference, Michael Fey, SV-P, advanced technologies at McAfee, took the stage with a punchy and captivating look at what security may look like in five years' time.
Embedded devices will be the next great target, he said, including, presumably, all those unprotected devices in cars. "You won't have to be that bright to hack an embedded device in five years' time. Attack one embedded device and you will easily be able to hack another," he said.
He also gave, for me, the first plausible reason we have not yet seen the much-anticipated explosion in attacks on mobile devices and smartphones. "It hasn't made sense,” he said. “Think about how long it takes to download 16GB of data on a 3G network – but in five years on a 5G network, it will be hackable in minutes.” He warned too about all those out-of-contract devices still lying around the house, still connected to WiFi networks; they will multiply. "The end-user is still as under-educated and naive as ever," he said.
The emergence of consumer clouds is a new threat and a way into our homes via these devices. “Companies may remote wipe employee devices, but data has already uploaded to the cloud. My digital identity is out there whether I want it to be or not," Fey said.
According to Fey, the “trust” model we use is broken. “Black and white lists won't scale... we don't make black-and-white decisions on whom we trust in the rest of our lives, so why here?” he asked.
He unveiled what he called the “Next Generation Endpoint Engine”, with black lists and white lists judged against actual context. He said the operating system was now irrelevant. "I don't care about OSes, there's too many of them anyway. We used to have three or four – now we have 60.”
He was critical of the state of the art in situational awareness and response technology. Another plug for recent acquisition Nitrosecurity, but a convincing demo nonetheless. "We need threat intelligence through better next-generation technology so you can see what's happening in seconds. We need real-time command and control,” he said.
And we do. We also need some optimism that the information security industry is ready to meet the challenges of an increasingly uncertain and nervous world. Beyond the glossy distractions of the Las Vegas Strip and the lavish presentations of Focus 11, there is a stark reality of a world facing more and greater cyber threats. That much is true.
One thing I learned from Las Vegas is that despite the criticisms, the new Intel-backed McAfee is innovating and delivering products based on DeepSAFE technology like it promised a year ago. Now we need to see whether they are effective (particularly against cyber threats) and whether, as was so emphatically claimed, McAfee can keep ploughing its own furrow.