McAfee announced today it is acquiring CASB provider Skyhigh Networks:

In the case of Skyhigh, McAfee – whose legacy business is in endpoint security – is specifically acquiring the company for that cloud expertise.

“Skyhigh Networks had the foresight five years ago to realize that cybersecurity for cloud environments could not be an impediment to, or afterthought of, cloud adoption,” Chris Young, CEO of McAfee, said in a statement.

“They pioneered an entirely new product category called cloud access security broker that analysts describe as one of the fastest growing areas of information security investments of the last five years – where Skyhigh continues to innovate and lead. Skyhigh’s leadership in cloud security, combined with McAfee’s security portfolio strength, will set the company apart in helping organizations operate freely and securely to reach their full potential.”

“McAfee will provide global scale to further accelerate Skyhigh’s growth, with the combined company providing leading technologies and solutions across cloud and endpoint security – categories Skyhigh and McAfee respectively helped create, and the two architectural control points for enterprise security.”

It ought to be interesting to see how McAfee integrates Skyhigh solutions into their existing product portfolio.

Disclaimer: I work for McAfee.

VentureBeat discusses some plausible reasons why separating Intel and McAfee (aka Intel Security Group) is smart for both businesses:

There were a few small combinations that emerged but the pair never pulled off a bigger play, mainly because there was insufficient focus from management on making it happen. As time passed after the acquisition, it seemed that the separation between McAfee and Intel grew instead of shrinking. And 2-3 years ago, it was clear that McAfee, even as it changed its name to Intel Security, was primarily a standalone operation and not a fully integrated Intel technology play.

Of course, changing market dynamics haven’t helped. The PC market is currently troubled, with shrinking unit sales and an extended refresh cycle. That limits any benefits to Intel, as McAfee (as well as its competitors) struggle to get back to the growth of previous years. And with all of the uptake of mobile devices, most of which are not protected at all, there is minimal sales potential for McAfee in this growth market. This lowers any possible upside in volumes to make up for the reduction in PC sales. Most mobile device security is provided by an entirely new breed of player, and McAfee never sufficiently made the transition. Although it did make a few acquisitions along the way, none materialized into anything significant, due primarily to lack of focus on this emerging market by McAfee management.

Ex-McAfee CEO and current Forescout CEO, Mike DeCesare along with Vice President of Global Sales, Steve Redman, lack the necessary vision to drive a large ship like McAfee to where it needs to go. On the other hand, Chris Young, and the management team he has assembled, seem very intelligent and poised to make the right moves to get McAfee skating to where the puck will be rather than where it is right now.

Part of me wonders if Chris Young was brought onboard with the knowledge of the endgame: clean things up and get McAfee in tip-top condition so the business unit can be sold for a profit. If the was the goal, it is a tough job considering Intel paid $7bn for McAfee five years ago.

CRN is speculating on five potential destinations for Intel Security. I found this one the most intriguing:

Cisco has been betting big on its security portfolio over the past year, focusing on building out a holistic set of security solutions that it says will outpace competitors Palo Alto Networks and FireEye. That “Security Everywhere” push has led to multiple recent acquisitions, including Lancope, OpenDNS, Portcullis and Neohapsis. Most recently, Cisco said this week that it plans to acquire cloud security startup CloudLock for $293 million. Partners said Cisco’s deep pockets and a desire to continue expanding its portfolio would likely put it in the running for companies that could be interested in Intel Security.

Guess where Chris Young worked prior to joining Intel?


I am not sure if this is mere clickbait or if the Richard Stiennon actually believe what he wrote, but apparently he is under the impression that Intel should spin off McAfee just as they are in the midst of finally integrating the two companies together. He even offers up five reason for why he feels this would be a smart move:

Here are five good reasons for Intel to reverse the blunder of 2010.

1. Symantec is coming back. Symantec too has made its mistakes. Up until Intel acquired McAfee, Symantec held the record for blunders. It acquired a data center behemoth, Veritas for $14 billion in 2004. Only recently has Symantec decided to reverse that decision.

During the last four years Symantec has been a tad rudderless. It is too bad McAfee was no longer in a position to gain market share. That opportunity was left to the other vendors in the space, Sophos, Eset, and Trend Micro, to name three. On top of that a slew of endpoint security vendors have cropped up to address the failings of traditional signature based AV. Cylance, Bit9/CarbonBlack, CounterTack(which just announced the acquisition of Mantech’s Cyber Security products, the remnants of HBGary). Even FireEye, (the company Dave Dewalt went on to lead to an IPO after handing off McAfee to Intel) has made an endpoint security play with the acquisition of Mandiant.

One of the reasons I would attribute to McAfee having only flat revenue (as opposed to plummeting) since the acquisition is that its largest competitor, Symantec, has been stalled out itself. That is about to change. After Symantec finally spins off Veritas it is coming back with a vengeance.

Seriously, Symantec is making a comeback? In what universe?

2. Brand confusion. Branding is important in the security space and Intel is attempting to re-brand McAfee to “Intel Security.” It’s a great name but does nothing for the $55 billion a year Intel brand and confuses buyers of McAfee products. Regardless of the Intel acquisition, McAfee was headed towards a branding train wreck as the weirdest character in an industry known for its oddballs, John McAfee, came out of hiding from an experimental drug retreat in Belize to make a come back, first with a truly strange YouTube video, and now on the lecture circuit. This is a golden opportunity to spin off McAfee with a clean name.

Because, you know, Intel Security is not a clean name, right?

Read the rest of the article for a what seems to be a humorous look into the mind of someone who is out of touch.

I would not put much stock into what John McAfee says about cyber security but it does make for some good light reading. According to McAfee, the former anti-virus application developer, the New York Stock Exchange outage may have been a cyber attack perpetrated by Anonymous:

He points to a the hack against the U.S. Office of Personnel Management (OPM), which was ongoing for a year before someone noticed. “Most hacks are never noticed unless purposely looked for — a time consuming, costly and tedious process,” he said, adding, “I truly believe that the upper management of most large corporations and most bureaucrats, directors and politicians within our world governments do not understand this basic truth of the cyber world.”

Furthermore, based on his own research, McAfee says, “The Dark Web was rife with communications among a small group of people (allegedly members of Anonymous) congratulating themselves on a job well done on Wall Street.”

Several tweets have surfaced from Anonymous cells on twitter, but none have claimed responsibility.

He explained that the “mission-critical systems” of major corporations and governments have communications, power, processing and storage redundancies built in that allow for a seamless “hot swapover” to keep them running if one part of the system is incapacitated.

“The odds of failure of three systems like this, simultaneously, are in the trillions to one,” he said of the NYSE, United Airlines and Wall Street Journal incidents.

It is a bit coincidental and I do not generally believe in such coincidences. However, I need to see some specific data to see if there is a connection between these seemingly disparate outages. While I will not discount the possibility they were cyber attacks, or that they were coordinated, at this point I find it hard to believe.