In the future, you may not have to buy antivirus software for your laptops and mobile devices if Intel is able to live up to the promise of integrating technology from acquisition target McAfee, experts said on Thursday.
In announcing its plans to acquire security company McAfee for $7.68 billion, Intel executives said they see security as being as critical to computing as performance and connectivity and that they plan to combine security with its hardware and expand further into the mobile market.
While Intel has been pushing more and more functionality down into the chips, a marriage with McAfee will mark a shift away from the security firm’s traditional product strategy, experts told CNET.
“Delivering security in Intel products and platforms is a huge departure from the way McAfee has delivered security technology in the past, as an add-on software product to an insecure platform,” said Chris Wysopal, chief technology officer at Veracode. “This is where security needs to be, baked in.”
The strategy dovetails nicely with the fast adoption of mobile devices and the more guarded move to cloud computing, where data is stored on remote servers instead of on local computers and accessed over the Internet, he said.
“I think this acquisition shows the critical importance of security in our now mobile, increasingly cloud-based, everything-always-connected world,” he added. “Everyone building hardware and software needs to be thinking about the security of those products from the very beginning of their design, and customers are going to demand it. Anything less is not going to cut it in the computing environment of today.”
For businesses in the mobile security market, the deal is seen as further validation that they are on the right track.
“Intel’s acquisition of McAfee signals to the industry that smartphones and other connected devices are joining the web of devices we trust with critical data and that these devices need to be protected,” said John Hering, chief executive of Lookout. “We have seen threats rising across the major mobile platforms and expect this trend to increase as mobile devices continue to become the dominant computing platform.”
Don’t expect to see security software hardwired onto the chip, said Tim Bajarin, president of analyst company Creative Strategies. Rather, there will likely be a bridge on the core CPU (central processing unit) to a security element, much like there are bridges to additional graphics chips and modems, he said.
“This particular deal allows Intel and McAfee to work together to tie future generations of software security to the processor via some sort of SOC (system-on-a-chip) solution,” Bajarin said. “Today if a hacker wants to come into a system it almost always is done through software. But Intel and McAfee are capable of adding even another level of security, which would make a hacker have to break the hardware code as well as the software code.”
McAfee will still sell antivirus and other security software, but their work with Intel could change the technology landscape fundamentally down the road, according to Bajarin.
“Intel becomes their strategic partner for them to innovate with on next-generation security software that can go all the way down to the chip level, and that has not been done yet by anybody,” he said. “It will be fascinating to watch not only how they innovate, but how they go about securing everything from servers and PCs to wireless devices. That will be their challenge.”
Marc Maiffret, chief technology officer at eEye Digital Security, predicted Intel would add the security in hardware at the device level but not necessarily at the chip level, while eventually phasing out McAfee’s software-based products.
“TVs and other devices and cars continue to have more and more embedded Internet connectivity and really are becoming computers, and Intel sees the opportunity to bring McAfee’s intrusion prevention and antivirus across all the devices,” he said. “Intel was in the antivirus security market in the late ’90s with the LANDesk product, but they sold it off to Symantec, so they definitely are not going to be getting back into that classic security software business.”
Several analysts questioned why Intel executives felt they need to acquire McAfee to get the security enhancements in future products when they already have development partnerships with McAfee and others.
“I think it’s going to be more of a chipset assist than embedding everything in the chip,” said Josh Corman, research director for enterprise security at The 451 Group. “And many of those opportunities will be open to McAfee’s competitors…and have been happening with joint development. They are going to continue to have multiplatform support.”
Peter Firstbrook of Gartner was similarly skeptical.
“If Intel creates some firmware hooks for McAfee to exploit, then other security vendors can exploit those APIs as well,” he said. “Most significantly, all the antimalware vendors have had security products for cell phones for years, but nobody has been willing to pay for it because the threat environment has been relatively benign and the ISPs or device manufactures are building security into the network or the device.”
The shift to “baked-in” security and the focus on integration that the deal will require will definitely impact McAfee’s existing business, Chris Silva, a senior vice president of research and service delivery for research firm IANS, predicted in a blog post.
“We’ll see a stagnation of innovation for McAfee’s existing product line and a drain of talent who leave the company seeking greener pastures at smaller, more-focused vendors that are iterating on a product and security approach,” he said.