Intel Security Open Sources DXL Technology for Wider Adoption

The OpenDXL effort was one of several announcements made by Intel Security at its Focus event around creating a more unified security architecture.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Intel security

Intel Security two years ago introduced McAfee DXL, a technology designed to enable instant communication between disparate security technologies from multiple vendors, and that is a key part of a larger solutions- and platform-based approach by the company to combating a broad range of cyber-attacks.

Now the company is broadening the reach of DXL—Data Exchange Layer—by making the messaging bus technology open-source and via the release of a software development kit (SDK), enabling partners, developers and competitors to build upon the technology and benefit from a real-time communication fabric to exchange security intelligence and address the best courses of action, according to company officials.

Through the OpenDXL initiative is in response to growing demand from customers and partners who want to see the technology adopted more widely to help them better manage cyber-threats, according to Brian Dye, corporate vice president in the Intel Security Group and general manager of the group's global security products. Companies are less interested in close, proprietary security solutions and instead are looking for broader, open offerings that can drive innovation and put them more in control of their security.

"The people we are [working] with don't want to use it and have to rely [only] on us," Dye told eWEEK. "The right way to … drive adoption is to open-source it."

The OpenDXL effort was part of a larger plan announced Nov. 2 at the company's Focus 2016 show in Las Vegas around an enhanced and unified defense architecture that officials said will better enable organizations to counteract increasingly sophisticated security threats. Intel Security a year ago shifted its strategy, moving away from selling point products and focusing more on building out a platform approach that would better address that changing threat landscape.

Traditional point products aren't going to protect customers from the evolving and complex attack methods. At the same time, there is a significant shortage of cyber-security professionals and organizations are now facing even more threats to them and their data due to the growth in the internet of things (IoT). The goal is to develop an agile technology platform that includes tools to defend the perimeter as well as ways to quickly detect when an attack is taking place, reduce the time between the attack and the detection, and resolve the situation as quickly as possible. It's about dealing with what officials call the threat defense life cycle.

At the Focus event, Intel Security officials laid out what they called the company's unified defense architecture, comprising intelligent and integrated systems in four areas: Dynamic Endpoint, Pervasive Data Protection, Data Center and Cloud Defense, and Intelligent Security Operations. The Dynamic Endpoint part uses technology in McAfee Endpoint Security 10.5 and Active Response 2.0 software and includes such features as improved protection against patient zero and ransomware and advanced persistent threat protection that uses containers and machine learning.

Pervasive Data Protection offers a wide net to offer a broad solution that stretches across endpoints, networks and cloud-based services, all of which is centrally managed, while Data Center and Cloud Defense offers strong cloud security products. Intelligent Security Operations is a way of enabling organizations to integrate and orchestrate security offerings from Intel Security and partners in the company's Security Innovation Alliance for everything from advanced malware detection and improved visibility to improved incident response services.