Headquarters: Santa Clara, Calif.
Technology: Security/governance risk and compliance
Why it's one to watch: McAfee's making major inroads in governance, risk and compliance — a major area of focus for financial institutions in the near future.
Spotting security risks and regulatory updates and upgrading IT systems to execute the necessary changes is a bit like shoveling snow during a blizzard — by the time you're done clearing the sidewalk, it's already covered again.
For banks faced with multiplying security threats and government mandates, there isn't enough time to get reports on new malware or data breach threats, then manually update work stations or install new tech. Security, as well as overall governance, risk and compliance, is becoming a more automated game in which banks will be required to link their risk assessments to their IT networks for fast response and fixes.
McAfee is an early leader in the race to match risk and security diagnostics to tech networks for fast response, offering a series of risk and security compliance products, including solutions for application controls, change reconciliation, configuration control, database activity monitoring, vulnerability assessment delivered as a software as a service (Saas) and other products that monitor for vulnerabilities, as well as tools to enable responses.
"The critical risk that banks are trying to manage [has become] a broader program," says Dave Anderson, senior director and solutions manager for McAfee, a subsidiary of Intel and the world's largest technology security company. "A lot of that work is pulling information from across systems and applications and doing event capture and correlation of what's going on in their environment right now."
Through a mix of products, McAfee has won the business of firms such as Scottrade, which is leveraging McAfee's software to protect customer information and monitor workstations.
"Once you've assessed what's going on, you'll be able to move into a more proactive stance," Anderson says.
The firms' efforts have also gained notice in the analyst community.
"Another step of GRC is based on resolutions, saying 'here are some vulnerabilities and [pushing out] tech capabilities" said Chris McClean, a senior analyst for Forrester Research, adding McAfee is one of the firms, along with Symantec, that form the competition to move toward that new level of integrated risk identification/map to IT network innovation in the GRC space.
