Intel: 'We ate McAfee to slip security into silicon'

Down below the kernel where it belongs

Chip maker and now software player Intel tried on Tuesday to explain the finer points of its $7.7bn acquisition of security software maker McAfee, which closed at the end of February after jumping some European Commission regulatory hurdles.

In a conference call with Wall Street analysts, Renée James, an Intel senior vice president and general manager of the Software and Services Group, and Dave DeWalt, president of the now–wholly owned but independently standing McAfee subsidiary, did their best to explain the rationalization of the biggest acquisition that the 40-year-old chipmaker has ever done.

James said that Intel has made over 20 software acquisitions in the past three years, and many of them are of companies so small that you probably never heard of them. In September 2007, for example, Intel snapped up Havok, a gaming company with 120 employees who specialize in creating the physics engines in virtual worlds that the chip maker. Those 120 experts, who understand where gaming is and where it's going, are experts on graphics and media, and according to James they were instrumental in helping Intel come up with the feature set for the Sandy Bridge family of PC, workstation, and server chips.

She said of the 20 deals that Intel has done – gobbling 19 small software companies and one large one – the company has retained more than 90 per cent of the acquired companies' employees. What's more, Chipzilla has gained access to valuable intellectual property.

To expand into the embedded systems space, James admitted that Intel need to do "something bigger," and hence they paid $884m for embedded operating system and application development provider Wind River back in June 2009. This was a lot of money for Intel to shell out – but peanuts compared to what it paid for McAfee – to get broader and deeper access to the embedded systems market (where it wants to sell systems on a chip and other products) and to bolster its software business at the same time.

Intel, admitted James, could have bought a bunch of small companies to build up its security capabilities in a piecemeal fashion. There are thousands of vendors that together generate something on the order of $23bn in revenues (based on DeWalt saying that McAfee, with its 9 per cent of the market and generating around $2.1bn in revenues per year at its current run-rate), and Intel could have spent a lot less dough and built up a security business.

"It became clear to us that security was going to be a very important feature to help us differentiate our silicon," explains James, adding that she personally believed that the "security market will consolidate because there will be a step-function change in how security is delivered."

She said that when Intel looked at what it wanted to do to add security features to chips that coordinate with products such as the antivirus, firewalls, and other security services offered by McAfee, it became clear to Intel that it didn't just need some software, but what is in essence a security service cloud. "You need a platform to scale," James said, and McAfee had already spent five years building it.

DeWalt said that five years ago, McAfee was selling antivirus software, but has expanded into firewalls, intrusion prevention, servers, storage, and endpoint security for mobile devices, which is either embedded in the device or sold by the carriers who don't want unsecured devices on their networks.

McAfee just entered the mobile security market five months ago, DeWalt said, but in the fourth quarter alone it added 1.25 million users. Another 246 large enterprises deployed McAfee's software on their own mobile devices and internal networks. So the company has the bulk of the Fortune 500 (94 per cent) using its code to secure their PCs, mobile devices, and servers.

DeWalt trotted out the US government as an example, which is using McAfee products on 67 server clusters and 5.3 million endpoints. All told, McAfee has an installed base of over 300 million endpoints, and has amassed 500 patents as it built its products and the systems that keep its security products in step with malware.

"Malware is blowing off the charts," explains DeWalt. "I've never seen anything like it. And on top of this, the number of devices is exploding."

McAfee's products watch what is going on in real-time on the PCs, smartphones, and servers they are protecting, constantly comparing notes with the back-end security systems operated by McAfee. A year ago, McAfee was processing a million messages a day from its subscribers' systems. But with the proliferation of devices and malware – DeWalt said there are 48 million pieces of malware out there on the Intertubes – the company is now processing 6 billion messages a day from the devices that its back-end systems are protecting.

Intel spent $7.7bn on McAfee because it would take too much time and a lot of money to build what McAfee already had.

And now, because Intel owns Atom, Core, and Xeon chips, Wind River's embedded operating systems and development tools, and McAfee's security software and the back-end systems that keep it up to date, Chipzilla can start working with customers using embedded computers in all kinds of devices - printers, automated teller machines, televisions, cars, you name it - and bake the security right into the device. Wind River has 200 OEM partners, and they crank out about a billion new devices a year. That's a lot of McAfee licenses, if Intel can convert even a modest percentage from having no security to using the M shield.

While James and DeWalt were a little vague about how this will happen, the plan is to provide more security-assisting features on Intel's future chips, not only to help run McAfee software faster, but better. At the moment, security runs as a layer on top of the operating system, but Intel wants to push it down below the OS. "About 80 per cent of the malware is in the user space, but 80 per cent of the problem is in the kernel," DeWalt says. And so Intel wants to use features already in its chips – the VT virtualization and TXT trusted execution features, to name two – to do a better job securing computers of all kinds, and in the long run to push security down below the operating system kernel, where it belongs.

The important thing, as far as government regulators are concerned, is that Intel will be opening up whatever technologies it develops to help McAfee run better and more securely on devices so its competitors can take advantage of those features.

McAfee is, of course, exactly the kind of software company that HP's new CEO, Leo Apotheker, wants to buy. But McAfee would have probably been too pricey even for HP, and besides, Intel beat Apotheker & Co to the punch. ®

Sponsored: Designing and building an open ITOA architecture