Q&A: McAfee's president talks technology, strategy

Computerworld - Despite earlier fears, Microsoft Corp.'s looming shadow in the security market appears to have done little to slow McAfee Inc., one of the few major pure-play vendors in the market. The company last month reported a healthy first quarter, its consumer business is booming, and Wall Street analysts appear to be bullish on the company's prospects, at least for the short term.
On the eve of McAfee's annual Analyst Day, company president Gene Hodges spoke about McAfee's enterprise strategy and its plans to bring new risk management and network access control products to market early next year.
What is McAfee's strategy in the enterprise market, and what can customers expect to see by way of new products going forward? At the heart of our strategy has been a shift toward behavioral detection and intrusion prevention. Obviously, we are a company with a good pedigree in reacting to attacks with our antivirus software. But we saw several years ago that the threat profile and the speed of propagation would outstrip what most companies would be able to handle in terms of incident response times. So we shifted to an intrusion-prevention strategy.
At this point, we have about a year and a half of solid data seeing these products deployed typically in larger enterprises. I can use McAfee as an example. We have stopped 96% of all the attacks on Microsoft and zero-day vulnerabilities this year. By the time an attack would appear, we had some anomaly detection capability or something else in our products that detected the problem -- even though it had not been seen before. For operational approaches, this means that reactive patching can almost stop. In our infrastructure, we have deployed just one patch so far this year in a reactive mode. It means the policy shifts much more towards risk management and intrusion-prevention policy planning and away from reactiveness. We obviously don't think that classic antivirus signature technology is [made] obsolete by intrusion-prevention technology. But we think we have a new and better way.
So what role will signature-based tools play in future? Signature-based tools at this point sharpen the edge of the knife, so that the false positive rate is very low. One of the most important things we have done is to take a host intrusion-prevention product that we acquired last year and embedded some of the core capability from that product into our standard antivirus scan software. Using a combination of behavior and signature [technologies] allows you to put down a very broad intrusion-prevention