Just before Solidcore was acquired by McAfee, I went to hear Dave Dewalt’s (or DDW as he is called inside McAfee) present at the keynote at RSA. To be honest, with you, I couldn’t understand what he was talking about. He was giving the analogy of weather and these global sensors and while the analogy kind of made sense but, most people did not connect with what he was saying.

During a customer briefing several months ago, mostly to learn about the different McAfee products,  I had an epiphany. DDW’s talk suddenly made complete sense to me and it struck me that the vision was not only very powerful, but somehow the CEO had managed to get everyone in the company to think in the same direction.

The epiphany came when a story was retold by a member of the Network Business Unit about a very large customer that recently had a denial of service attack. The sites protected by the McAfee firewall were not affected since they dropped all the packets. Why did they drop all the packets? The source IP addresses belonged to a set of servers which had been flagged as sources of spam over a year back by McAfee, and I thought WOW!! Several amazing things were happening here, the intelligence collected from the SPAM gateway was used to generate rules understaood by the firewall appliance over a period of a year, again WOW!!

Now it makes sense, you have so many security point products, and there will be more, they all make decisions about good and bad. In some way they all provide services taht block the bad and let the good happen. Now they can share their definitions of good and bad with each other. In addition they can also share ‘maybe’ definitions where it cannot be determined whether its good or bad but it is questionable. Buy using different dimensions of good or bad a more complete characterization can be developed.

The obvious question to ask is can you determine ‘who’ are these attributes characterizing. For example in case of a firewall, they were characterizing the IP address. In case of Site Advisor they are characterizing a web site or a domain. They may be characterizing a user where a user is defined by an ‘web email address’ or a ‘login id’ or a ‘facebook/twitter id’ or it could be a computer.

The last part of the piece that fell into place for me was why couldn’t someboday do this and go after McAfee? After all it seems obvious once you know it and the answer which popped up was it’s because of the rich ‘history’ and experience that McAfee has cultivated. Image you want to open a credit rating service. You would fail if you did not have historical data for all the transactions that a person had done aluding to his/her character. McAfee has historical data for websites, IP addresses, and programs going back two decades. That you can’t buy and is one of the crown jewels that the company owns. As we begin to see the transformation of that data now used to build out the intelligence in the products and services, a more complete picture of the ‘trust model’ continues to evolve.

Virtualization naturally brings together the network and the system stacks into the hypervisor. You have an entirely new class of security applications that are possible and needed because of this convergence. The intelligence that McAfee has built by ‘inter-locking’ the security content across different products will enable it to emerge as the dominant player in this space.