Embedding security into chips is futile, says expert

Sophos' Cluley questions whether McAfee deal will benefit Intel customers

"The Intel-McAfee merger doesn't make any sense from an embedded security point of view," according to industry expert Graham Cluley.

The merger is expected to see McAfee security technology being embedded into Intel chips, in line with McAfee CEO Dave DeWalt's vision of security being incorporated into every level of of the IT infrastructure.

This vision may fall foul of the EU, however, which is concerned that an embedded security solution would be anti-competitive given how widespread Intel's chips are.

However, Cluley, senior technology consultant at security vendor Sophos, argues that the firms' plan is not a viable strategy anyway.

"I can't see how the Intel-McAfee merger will benefit or bring greater security to Intel's customers. It doesn't really fit with Intel's portfolio," he said.

Cluley explained that the continually evolving threat landscape means that security mechanisms need to adapt quickly, making a hardware solution unviable.

"You can't update hardware. Trend Micro started as a hardware anti-virus company. You'd stick their dongle in your computer and it would try to protect you. It was a complete and utter failure.

"What Trend Micro did right is they then put all their money into email gateway protection and subsequently became an early driver of that bandwagon. As a result they became a major security company."

But he did concede that the deal made more sense once you stop expecting a new product range to emerge from it.

"The one way it might make sense is to recognise that security is a hot industry and that Intel wants to grow, meaning it makes sense for it to have a security division," Cluley argued.

"McAfee is a viable acquisition even if no new or combined products appear, as it's already a viable business. Intel will run it as a separate unit under the McAfee brand, and it will be a source of income for Intel."

Intel acquired McAfee for $7.68bn (£4.8bn) in August 2010, and according to a statement from Intel, released at the time, the stated strategy was to enable "...a combination of security software and hardware to better protect consumers, corporations and governments as billions of devices – and the server and cloud networks that manage them – go online.