Analysis: Intel's McAfee Acquisition

What was Intel thinking? Was a vision of a hyper-connected future -- powered by hyper-secure embedded microprocessors -- a big factor?

Last month, Intel Corp.'s near-$8 billion acquisition of security specialist McAfee Inc. had industry watchers scratching their heads. Several weeks later, a lot of people still haven't stopped scratching.

"[P]eriodically, deals arise that so thoroughly contradict conventional wisdom that supporters and critics alike are shocked to their cores," writes industry veteran Charles King, a principal with consultancy PUND-IT, who describes Intel's acquisition of McAfee as "just such a deal."

It isn't as though Intel Corp. were a stranger to security, or that a case can't be made for incorporating a bigger or more robust set of security features into its products.

Instead of pulling the trigger on a tactical acquisition to shore up its semiconductor portfolio -- as Cisco Systems Inc. did earlier this year when it acquired Rohati Systems, a start-up that specialized in "agentless transactionless" network security gear -- Intel made a big strategic move.

Gartner Inc. research vice president Leslie Fiering sees it as just that. Fiering places the gambit in the context of McAfee's own M&A efforts that helped make the company especially attractive to Intel.

"Intel's announced acquisition of McAfee is not a one-off opportunistic deal. It is part of a larger strategy to enhance Intel's security capabilities as it follows other recent acquisitions of tenCube and Trust Digital," writes Fiering in a Gartner blog post. "The goal is to collect and develop [intellectual property] that can go directly to silicon and bring security down to the hardware level. The embedded security will run outside the OS with a broad variety of software developer hooks. It is highly unlikely that Intel will make any of these proprietary or in any way specific to McAfee."

Strange Bedfellows

McAfee is one of the biggest players in the business. It still markets its bread-and-butter antivirus products, but it' is also a player in endpoint security; intrusion detection and prevention (via its IntruCept appliances and host-based EnterCept technology); forensics and risk mitigation; network admission control; and many other consumer- and/or enterprise-oriented security disciplines, as its recent acquisitions of both tenCube and Trust Digital demonstrate.

Intel's stake in security research has waxed and waned over time.

In the mid-1990s, it fielded its own client-oriented security and antivirus products (via its LANDesk brand); by the late-1990s, however, it had divested itself of its LANDesk security software. In the early 2000s, Microsoft introduced Data Execution Prevention (DEP) for x86 and IA-64 versions of its Windows XP (Service Pack 2) and Windows Server 2003 operating systems. DEP exploited hardware-level support in Intel's Pentium 4, Xeon, and Itanium microprocessors.

Fiering's colleague, Gartner research director Bob Walder, says an acquisition of McAfee had "been on the cards for some time." That McAfee should have been acquired by Intel "did come as something of a surprise," Walder wrote on his Gartner blog. "I am sure we can all think of at least one -- if not more -- suitors who would have been a better fit for McAfee," he concedes.

He picks up from where Fiering leaves off, suggesting that Intel's move -- by virtue of its immensity and its audacity -- has the potential to be either a strategic triumph or an epic disaster.

"Intel obviously wants to improve the security posture of its products and can gain some good R&D from McAfee to help with this. However there appears to be very little synergy between the two companies," he writes, arguing that Intel and McAfee "have different customers, different routes to market, [and] different cultures." Walder contends that "There are no channel benefits, no new market opportunities, and not a whole lot of revenue enhancement."

Walder cites the example of the once-promising LANDesk franchise, which Intel dismantled in the late-1990's. (In 1998, the chipmaker sold its LANDesk security and anti-virus assets to Symantec Corp. and -- in 2002 -- spun off its extant LANDesk desktop management products into an independent company.)

"Intel has never really demonstrated that it actually understands the software business. Or the security business for that matter -- look what happened to LANDesk and Shiva," Walder maintains.

Nevertheless, Intel's $8 billion gambit could pay off -- assuming it is able to effectively integrate McAfee's IP into silicon.

"Bringing security down to the hardware level is particularly critical at a time when exploits at the OS level are getting more sophisticated on PCs and mobile OSs are still highly immature in the security arena," Fiering argues. "This move particularly enhances Intel's mobility strategy by adding security as a differentiator as the company girds up to combat the incumbents in the smartphone, ATM, appliance and embedded processor markets."

That, industry watchers agree, is the $8-billion-dollar question.

"The biggest area of speculation is over whether it is feasible for Intel to build in EPP-type protection into its silicon, since this would provide the most exciting outcome from this merger," Walder comments, conceding that such a move would almost certainly invite interest from regulatory authorities.

"How feasible it is to embed security at such a low level -- given that silicon is relatively fixed and security products need to be able to change on almost a daily basis -- remains to be seen," he continues. "Low-level capabilities with APIs and firmware hooks are probably the way to go here, though other security vendors will presumably be able to exploit those as well."

After scratching his head, industry veteran King has a mostly sanguine take on Intel's move. The salient issues, as King sees them, are McAfee's profitability, its name cachet and broad market reach (in both the consumer and enterprise segments), and -- of course -- bona-fide IP.

"[W]hile Intel is paying a premium and will need to make additional research investments, the McAfee burden is anything but onerous when measured against its current profitability and future potential benefits," he argues.

It's natural to think of Intel's move as boosting the fortunes (or the security bona-fides) of its bread and butter microprocessor lines -- i.e., its Core (desktop-oriented) and Xeon (server-oriented) chips. There is, however, much more at stake here, notes King, who (like Fiering) cites McAfee's expertise (and acquisitions) in the embedded, mobile, and wireless endpoint security arena.

Intel's acquisition of McAfee is a horizontal gambit, King argues -- aimed chiefly at a hyperconnected "Internet of things." The primary site of this "Internet of things?" The cloud, of course. "While IT vendors have been eloquent regarding cloud computing, few have addressed how to securely manage end points inhabiting the amorphous outer reaches of cloud networks," he argues, noting that "the technical limitations of embedded chips and the microprocessors used in wireless devices" which "don't have the headroom to support traditional security software."

That's why King likes the "Internet of things"-centric interpretation of Intel's move. "Intel's notion of building "hardware-enhanced" security features and solutions directly into firmware, chips and chipsets is the beating heart of the McAfee deal," he concludes, adding that "the McAfee acquisition should essentially transform Intel. Properly executed, that transformation could eventually extend across the entire IT industry."