Original URL: http://www.theregister.co.uk/2010/08/20/intel_mcafee_analysis/

Intel needs to rethink security to profit from McAfee buy

Power, performance and (now) protection

By John Leyden

Posted in Security, 20th August 2010 11:46 GMT

Analysis Intel's surprise $7.76bn acquisition of McAfee is not only the biggest pure-play security deal in history, but the most significant statement of intent by an IT superpower since Microsoft launched its Trustworthy Computing initiative back in 2002.

Microsoft launched the initiative to develop products that are more secure by design in part as a response to the Code Red and Nimda worms. Redmond has won friends and influenced people in the security industry since, and while failing to shrug off jibes that its software is insecure has at least prevented security concerns from becoming a reason for enterprises to ditch its technology.

Intel, by contrast, has no significant security detractors. You have to go way back to the PIII privacy debate to find any significant negative comment about the chip giant.

Que?

The chip giant's bold move has many security watchers scratching their heads. Intel paid an awful lot for a company with no obvious synergy.

During a conference call, the chip giant said it wanted to make security a third pillar of computing alongside energy efficiency and connectivity. By adding the number two seller of security software to its stable, Intel can add security features to its core business, microprocessors and chips.

But if the deal was technology-motivated, then Intel might have been able to gain much the same expertise by buying up one, or more, of the 20 odd smaller players in the diverse but yet mature anti-virus market. Although boasting only a fraction of McAfee's market share, some of these players arguably boast better technology and research.

McAfee is a significant player in all the security market segments it plays in, but there's nowhere from anti-virus to IPS to mobile security where its products particularly stand out. On the services front, McAfee has had some success delivering services from the cloud.

However, Trend, Panda and Symantec (via MessageLabs) have moved into that market too. Kaspersky Lab has a lucrative businesses in licensing its anti-virus technology to third-party security vendors, such as all-in-one security appliance suppliers.

Government power play

Only Symantec outstrips McAfee in size or compares in the value of its government business. McAfee's Secure Computing firewall business and EPO desktop suite are preferred products in the US government, which is looking to increase cyber security spending to respond to increased threats.

Whether Intel needs McAfee to get into government businesses seems at least questionable, and the premium it paid for McAfee's shares - 62 per cent - looks over the top. HP, a more natural fit, was rumoured to be interested in buying McAfee back in April.

Some speculate that a bidding war for McAfee may have taken place. Whether that's true or not, McAfee investors are sitting pretty with its stock hitting a ten-year high on the announcement of the deal.

Everybody needs good neighbours

Intel gave technical reasons why it had decided to buy rather than simply partner with McAfee during a conference call, but none of the rationale appeared especially convincing. Its executives half-joked that Intel and McAfee were already neighbours in many locations. McAfee is a local, established brand and therefore an easy fit. Surely that can't be the reason, or even part of the rationale, can it?

The chip giant is already a partner and customer of McAfee. Ironically it was one of the firms worst affected by a rogue security update from McAfee that froze many Windows systems back in April. Perhaps it thought it could do better or, like Victor Kiam, who said he bought Remington because he liked its electric razors so much, Intel was smitten with McAfee's kit.

Register readers, if not the general public, will know that Intel has run an extensive portfolio of software technologies for years. What's less well known is that it used to have an anti-virus business. The chip giant sold its LANDesk line of anti-virus software to Symantec way back in 1998.

Twelve years on, and Intel has decided to buy into the security software market in order to embed security in a greater range of internet-connected devices, everything from mobile phones to internet-connected TVs.

Mobile malware does exist and with the advent of smartphones has become a slightly more plausible threat. Its volumes are dwarfed by the Windows malware mess, but that doesn't mean there isn't a market for security software on non-PC devices.

Switched-on security

Intel can also build McAfee's security and management tech into its atom chips for mobile devices, and PCs. Whether the processor runs 50 per cent slower as a result, or even begins detecting USB ports as potential malign, as some wags have joked, remains to be seen.

Phoenix Technologies put anti-virus and management technology into BIOS systems with its Phoenix Core Management Environment, or CME, technology. The technology was designed to be operating system independent and used on both PCs, servers, appliances and embedded systems. The technology was designed to help users cope better with system failures. However, the idea didn't set the industry aflame. Phoenix sold out to a pirvate equity firm earlier this week, having retreated back to its core business.

Intel may be aiming for a similar play, which will give it the opportunity to charge equipment manufacturers a small extra amount for each device.

Hardware-enhanced anti-virus

The acquisition of a platform computing heavyweight of a security firm is, if nothing else, likely to mark the beginning of a shake up of the market segments and increased focus on the tricky fight against hackers and malware threats.

If Intel adds more security at the silicon level, the deal may yet prove fruitful. But it makes little sense for Intel to fight it out in the highly competitive anti-virus marketplace, simply running McAfee's existing lines of business as a high-margin software play.

There's even a potential for Intel to re-engineer how anti-virus technology is delivered. There are many components of modern anti-virus but signatures are still a core component. Intrusion detection systems are also dependent on signatures to detect attacks.

Vendors responded to performance concerns by making greater use of ASICs so that these devices could work at wire speeds. Perhaps something similar might be done in anti-malware to address the frequent performance gripes.

Cloud security or anti-malware for embedded devices addresses a modest security threat, for now at least. And McAfee's competitors are already targeting these emerging markets.

The alternative play - Intel plus security inside every cell phone, TV and car - might be helped by McAfee's expertise in talking up security threats, but fails to do much on the main front against cybercrime, which remains on desktop PCs and servers. ®