Managed services, interoperability, drive gains for McAfee channel

By Arun Shankar   7 May, 2017
Managed services, interoperability, drive gains for McAfee channel

David Small, Vice President, Channel and Commercial Business in Europe, Middle East, Africa, McAfee.

The new McAfee, spun off in April 2017, has been preparing its channel partners for the move towards solutions away from products. During the time that McAfee was part of the Intel organisation, there was rationalisation in its partner programme levels to match those of the Intel partner programme. But more importantly, there was a move towards increasing the sales and technical competencies associated with each of the McAfee partner programme levels.

As the technologies supporting security solutions have evolved, an important drive by McAfee has been to ensure that its products interoperate as solutions rather than mere standalone products. And in order for partners to deliver such interoperable products built into solutions, McAfee has also raised the bar for them in terms of technology and services capability.

In November 2016, at the Focus 16 annual summit, the vendor announced to its global partner community the additional requirements of support and service delivery specialisations attached to its highest level, the Platinum Partner category. The reason: the highest level of McAfee channel partners must have the capability to deliver a solution at par with what Intel’s professional services team would deliver themselves to the end-customer.

But the focus on channel partners to have increasing technology, solution and services capability, is not just linked to McAfee’s drive towards its own technologies, solutions and products. A significant driver for McAfee’s additional competency emphasis on channel partners, also stems from end-customer expectation to have a more comprehensive answer for its cybersecurity threats. McAfee’s latest products and the new emphasis and additions in its global partner programme are meant to help channel partners deliver these expectations to the end-customer.

By introducing additional technology and delivery specialisations in its channel programme, McAfee’s channel partners will gain the confidence to deliver solutions rather than ship products. McAfee’s products and technologies are now being built to allow channel partners to interoperate them in many ways and meet the requirement of their end-customers.

David Small, Vice President, Channel and Commercial Business in Europe, Middle East, Africa, explains that the changing expectations of the end-customer and the role of channel partner skills are fundamentals in this go-to market across 2018.

“Our key drive has been always around integrating the different products together into genuine solutions, that interoperate in the easiest possible manner giving our customers the best security posture. As we have evolved our own technology offerings, the products that we bring to market support the role of the channel. And how we have evolved the programme is to actually help the channel deliver that to the customer.”

McAfee’s expectations from channel partners to increasingly transition towards solutions, has not been presented to them overnight. Small points out that McAfee has been transparent with its channel partners and presented its expectations from them in 2018, at the November Focus 16 annual summit. Channel partners are aware of the increased emphasis on technology and services certifications, translating into higher confidence levels in delivering solutions based on McAfee’s product and technology interoperability.

“While this move is incredibly exciting for the new McAfee, actually from a partner perspective in terms of the programme and all the rest, nothing changes. We will continue to effect and drive and work with our partners, and continue to enable them across the solution set,” adds Small.

Increasing security complexity and shortage of skilled resources are pain points being experienced by the end-customer. Not having an interoperable solution that works within a vendor’s own products, and not having products that are interoperable between vendors, will just keep driving up, levels of complexity for end-customers. Any solution from channel partners that reduces these pain points is going to hugely drive benefits for end-customers.

However, in order to drive these end-customer benefits, channel partners need to be able to adopt technologies that meet these requirements. This translates into opportunity areas for channel partners to work with end-customers, and for McAfee as a security technology vendor to enable for channel partners.

As a security technology vendor, McAfee is committed to working with other vendors to create an ecosystem that provides the best possible solution for the end-customer. “We are super-clear in terms of where we see the priorities going. I absolutely believe we are completely on the right track in terms of the integration that we are looking at in terms of some of the new technologies we are bringing. Part of our job is giving our partners the choice of how they go out and access customer requirements. At the end of the day it is going to be customers that make the choice around how they want to protect their organisations.”

An important interoperability solution in this area is McAfee Open Data Exchange Layer or OpenDXL, which was first developed in 2014, culminating in its new McAfee launch at the Focus 16 annual summit. McAfee is working with multiple security vendors to increase the adoption of this platform thereby enabling its channel partners to build solutions, while reducing security complexity for end users.

McAfee Open Data Exchange Layer is also being used by some of the 100+ members of McAfee’s Security Innovation Alliance. “I think that will present a very interesting possibility for a number of our channel, whether they already worked with those vendors or they can add those vendors into their portfolio to provide a solution.”

The McAfee Data Exchange Layer is also leveraged by other McAfee products, including the McAfee Global Threat Intelligence and McAfee Threat Intelligence Exchange. As a security vendor, McAfee has been gathering information from the beginning about threat events and other signatures through millions of its end points, sensors, and other networked devices in the connected world.

By leveraging the Open Data Exchange Layer, McAfee Threat Intelligence Exchange can integrate threat intelligence from other security vendors who are using the Open Data Exchange Layer SDK and APIs. “We have been in the provision of threat intelligence since the beginning. We can actually add additional threat intelligence sources to our overall knowledge base using Open Data Exchange Layer,” says Small.

McAfee Open Data Exchange Layer, allows channel partners to integrate threat intelligence feeds from multiple security vendors, when the end-customer opts in for McAfee Global Threat Intelligence. This custom-built services offering is an opportunity for McAfee channel partners to help end-customers be more agile, proactive, and cost effective, around security threat intelligence feeds. This also allows McAfee channel partners to differentiate themselves in the security solutions and services market place.

Another platform that is a core part of McAfee’s offering is to be cloud enabled. Small points out that all McAfee solutions and technologies need to be cloud enabled. Cloud enabled solutions allow channel partners to offer end-customers alternative ways of consuming technology through managed security services. McAfee is therefore enabling channel partners through its partner programme to deliver managed security services.

“I believe that managed services will grow significantly, simply because it is an easier way for our customers to consume and in the result pushing the responsibility to our channel partners who are actually delivering those solutions,” says Small. With the shortage of technical skills, customers will rely back on their trusted partners and advisors to deliver more and more.

Moving forward, after its spin-off from Intel, McAfee remains committed to its product road maps, and its go to market strategy. The goal remains to help channel partners to evolve and to help them meet customer requirements through managed security services and other recent open data platforms. “In other words, more of the same, but flexible, positive message for partners.”

Key takeaways

  • A fresh programme supports customers entering into managed services
  • Certifications for channel partners enable them with confidence to be able to deliver solution not just product
  • Cloud is absolutely a focus and core to the offering we are bringing
  • Customers are looking for different ways to consume technology
  • Customers can add threat intelligence sources to knowledge base using OpenDXL
  • Customers will make the choice how they want to protect their organisations
  • Customers will rely back on trusted partners and advisors to deliver more and more
  • From a partner perspective in terms of the programme and all the rest nothing changes
  • Integrated solutions provide additional opportunities for partners to differentiate themselves
  • Key drive has been around integrating products into genuine solutions that interoperate giving customers best security posture
  • Managed services will grow because it is an easier way for customers to consume pushing responsibility to channel partners
  • Not changing product road maps and absolutely committed to deliver them
  • Open to working with vendors in order to create ecosystem that provides best possible solution
  • Opportunity for services-led engagement from partners to customise threat intelligence
  • Part of our job is giving partners the choice of how they go out and access customer requirements
  • Part of the job is to enable partners to deliver managed services
  • Solution are focused around how technologies interoperate
  • Super-clear in terms of where we see priorities going, where we are going to drive technologies
  • The partner can implement a solution in the same way that we would do it ourselves if we used our own professional services people

McAfee Partner Programme

Partner levels

Solution Providers: McAfee Solution Providers are reseller partners with one or more areas of expertise in McAfee-based solutions. Solution Providers can tailor the programme to their interests and business needs. For example, sales approach or a technical go-to-market approach, with technology support, implementation, and or services as a focus.

Silver Partners: As an entry-level programme participant, Silver Partners have the option of completing the solution competency curriculum to become authorised and transact more complex technologies. Partners at this level have access to baseline profitability programmes and a range of online resources on the McAfee Partner Portal.

Gold Partners: Through investments in skills, competencies, and revenue growth, Gold Partners ensure that customers receive high-quality solutions and services. Participation at this level provides access to an extended level of benefits.

Platinum Partners: This is the highest level attainable, and is achieved through a demonstrated commitment to customer satisfaction, competency, and revenue growth. Platinum Partners have proven solution and services capabilities to manage the largest and most complex security deployments. As a result, these partners receive the highest level of benefits and the option to achieve a Support Provider Specialisation.


Partners can be recognised by their strengths in specific areas by earning official specialisations. As a specialised partner, they may also receive additional discounts and pricing structures.

Managed Services: This supports the growing number of customers who prefer to procure products and solutions through a managed service provider. It also extends the business model from pure resale to managed services, and generates recurring revenue.

Support Provider: This takes on levels 1 and 2 customer support to gain an additional revenue stream. For this Platinum Partner status is required.

Service Delivery: This aligns with McAfee Professional Services to deliver implementation services, which can increase profitability and customer satisfaction.


A well-trained and well-equipped partner ecosystem is best prepared to deliver the highest level of service to customers. To help succeed, the enablement framework for partners allows them to learn, grow, and profit. McAfee offers programmes and resources for executive planning and practice building to create a successful security practice. Learning options include access to free sales and technical eLearning courses, advanced sales and pre-sales technical instructor-led training, and post-sales services enablement training and certifications.

McAfee also provides sales and marketing tools, support tools, and technical tools. Guided by research into customer buying preferences, how decision-making is changing, and how partner business models are evolving, McAfee organises solutions into training categories called various solution competencies: Endpoint Security, Network Security, and Security Management.

This slideshow requires JavaScript.

McAfee Open Data Exchange Layer

Enterprises and developers can now connect, share data, and orchestrate security tasks across applications using a real-time application framework. A new, open software development kit reduces the integration effort, fragility, and time delays that are holding back cybersecurity efficiency. One-to-one integrations, manual scripts, and scheduled processes are the three most common ways security teams and their vendors link applications. These tactics stand in the way of the efficiency, accuracy, and speed required for cybersecurity teams to achieve maximum performance. They limit your ability to share threat intelligence, investigate incidents, and orchestrate response. The security industry has not had a simple, secure way to share data persistently, in real time.

Some of the reasons are:

  • Security and IT infrastructure has been built up over many years from disparate technologies, vendors, and in-house applications
  • Point-to-point, API-led product integrations are time consuming to build and difficult to maintain as you upgrade products and data formats
  • For two security products to integrate, two vendors have to negotiate, agree, and implement
  • Traditional polling and scheduled data-publishing models add time to each transaction

There is a better way, and it is becoming an open industry standard as part of the Open Data Exchange Layer or OpenDXL initiative. The goals of the OpenDXL initiative are to increase integration flexibility, simplicity, and opportunity for developers and to improve security operations for organisations that deploy it. The first phase of the OpenDXL initiative provides a software development kit to expand access to and use of the McAfee Data Exchange Layer or DXL to new developers and participants, exponentially increasing the value of a DXL integration or deployment.

Developers will use this software development kit to create or connect applications that run over the DXL communication fabric as a secure, real-time way to orchestrate data and actions across multiple applications from different vendors as well as internally developed applications. McAfee avoids repeated, one-off product-to-product integrations. Application simply publish and subscribe to message topics, or make calls to DXL services in a request, response invocation similar to RESTful APIs. The fabric delivers the messages and calls immediately, connecting your security, IT, and in-house solutions into a well-functioning system.

Unlike typical integrations, each application connects to the universal DXL communication fabric. There is just one integration process instead of multiple efforts. OpenDXL will support a broad range of languages, enabling developers to create integrations using their favorite development environment. One applocation publishes a message or calls a service; one or more apps consume the message or respond to the service request. As is the goal for any standard, the interaction is independent of the underlying proprietary architecture of each integrating technology. Integrations are much simpler because of this abstraction from vendor-specific APIs and requirements.

In addition to creating native DXL integrations, developers can also wrap their services to interact or wrap the API of a commercial product to publish data onto DXL. Other services can listen to DXL messages and calls to enrich their functionality with the latest data, or take appropriate action. For a more sophisticated app reflecting orchestration, these sorts of actions can be scripted together to drive a waterfall—or simultaneous set—of actions.

Enterprises deploy a standardised integration and communication layer on their existing network, with a small DXL client on each host and a DXL broker that will manage message exchanges. All DXL traffic is contained within that enterprise’s network, offering data privacy and operational control. A firewall-friendly model maintains a connection between client and server for continuous access to the latest information flowing over the DXL. If something in the publishing or receiving application itself changes, the DXL abstraction layer insulates the rest of the deployment from the change, reducing risk and costs of integration maintenance.

McAfee Threat Intelligence Exchange

McAfee Threat Intelligence Exchange, aggregates and shares file reputation intelligence across the entire security infrastructure. McAfee Threat Intelligence Exchange receives threat information from McAfee GTI, STIX file imports, threat feeds coming via McAfee Enterprise Security Manager, and information coming from endpoint, application control, mobile devices, gateway, datacentres, and sandboxing technologies from both McAfee solutions and solutions from other vendors.

Collecting data from all points in the infrastructure provides information on threats that may be present only in your environment, as many targeted attacks tend to be. In turn, file reputation information is instantly shared across the entire ecosystem to all products and solutions connected to McAfee Threat Intelligence Exchange via the McAfee Data Exchange Layer. For example, if McAfee Threat Intelligence Exchange pushes out information about a malicious executable file, McAfee Data Loss Prevention receives this information over the McAfee Data Exchange Layer and will then start monitoring that executable for any sensitive file access.

Threat data shared over McAfee Data Exchange Layer includes file reputations, data classifications, application integrity, and user context data, which is shared with and among products integrated into the McAfee Data Exchange Layer fabric. Any product or solution can be integrated onto the McAfee Data Exchange Layer and then configured to determine what information to publish to the system and what information to listen for and subscribe to.

McAfee Threat Intelligence Exchange works closely with Intel Security’s advanced sandbox solution, McAfee Advanced Threat Defense, which feeds malware analysis data to McAfee Threat Intelligence Exchange. If a file is found to be malicious, McAfee Threat Intelligence pushes out a file reputation update to all connected systems over the McAfee Data Exchange Layer. This also works the other way around. When McAfee Threat Intelligence Exchange-enabled endpoints encounter files with unknown reputations, they can be submitted to McAfee Advanced Threat Defense to determine if the object is malicious, eliminating blind spots from out-of-band payload delivery.

McAfee Threat Intelligence Exchange enables adaptive threat detection and response by operationalising intelligence across endpoint, gateway, network, and datacentre security solutions in real time. Combining imported global threat information with locally collected intelligence and sharing it instantly, allows security solutions to operate as one, exchanging and acting on shared intelligence.

Regardless of where the first point of contact by an unknown malware file occurs, once it is convicted, the entire connected environment is updated immediately. When a file is convicted by McAfee Advanced Threat Defense, McAfee Threat Intelligence Exchange will publish this conviction via a reputation update, which is disseminated through McAfee Data Exchange Layer to all security controls within the organisation. McAfee Threat Intelligence Exchange-enabled gateways prevent the file from entering the infrastructure. Through coordinated sharing of threat intelligence across all security controls, it becomes easier to interrupt the attack chain and prevent further harm without the need for manual intervention.

This slideshow requires JavaScript.

McAfee Security Innovation Alliance

Most organisations deploy security products from multiple vendors that do not interact with each other. In today’s fast evolving threat landscape, this not only increases operational costs, it may even increase risk. Security challenges now require open, collaborative approaches to detect threats, reduce risk, and ensure compliance. The McAfee Security Innovation Alliance provides customers with integrated security solutions that allow them to resolve more threats faster with fewer resources. This is accomplished through close collaboration with third-party partners in the SIA Program.


  • Accelerates development of interoperable security products
  • Simplifies integration of these products with complex customer environments
  • Provides integrated, connected security ecosystem to maximise value of existing customer investments
  • Improve efficiency, maximise protection, reduce operational costs

McAfee Security Innovation Alliance partners are screened for innovation, strategic value, and market leadership in their respective market segments that complement the McAfee solution portfolio. Central to the relationship with each partner is at least one customer use case. Only after the partner completes McAfee engineering testing, will the integrated product receive the McAfee Compatible designation. This expanded portfolio of tightly integrated solutions is part of an extended security system that helps protect, detect, and correct threats faster and more effectively than any single solution.

Large organisations deploy solutions from multiple vendors because the truth is no single vendor can meet all of their security and compliance needs. But today’s security threats and economic challenges demand that products from multiple vendors interoperate to provide better protection, reduce operational costs, and protect, detect, and correct threat defense lifecycle. The Security Innovation Alliance is a technology partnering program created to help accelerate the development of interoperable security products and to simplify the integration of these products within complex customer environments.

Partner levels

  • Associate Partner: Receive access to engineering resources to make products compatible with McAfee solutions
  • Technology Partner: Receive designation and use of McAfee Compatible and become eligible for joint marketing opportunities
  • Sales Partner: Enables partners to increase presence by leveraging sales force of 3,000+ sales professionals.

Security Innovation Alliance partners enjoy extensive range of benefits tailored to each participation level and integration track. This includes:

Welcome Kit, Access to SIA Technical Lead, Online Technical Product Training, Technical Newsletters, Not-for-Resale Copy of Relevant McAfee Products, McAfee Product Roadmap Reviews, Access to McAfee SDK and Developer Support, Access to Technical Support Knowledge Base, SIA Developer Conference, SIA Partner Directory, McAfee Event Exhibition and Sponsorship, McAfee Compatible Logo, Product Compatibility Announcement in McAfee Newsletters, PowerPoint Deck for McAfee and Partner Sales Teams, Co-Branded Solution Brief, McAfee Sales Engineering Training on Joint Solution, Press Release, Joint Webinar, Partner Advisory Council, Market Development Funds.

2016 Awards Banner

Latest Whitepapers





%d bloggers like this: