Preface
Operating in the interconnected era of the Internet, enterprises are increasingly exposed to viruses. Disabling PCs and damaging corporate information repositories, viruses pose a serious challenge for Information Systems (IS) decision-makers. Battle-tested IS executives are responding by deploying anti-virus (AV) solutions not only on desktops, but also on network gateways and network entry points. Decision-makers say desktops are no longer the frontlines in the AV battle. Network gateways and entry points are the first Information Technology (IT) assets afflicted, and the best point from which to fight back.
IS executives are choosing solutions requiring only modest effort to deploy, are manageable from a single console overseeing the entire enterprise, and are easily and automatically updated with the latest scanning engines and pattern files. Recognizing decision-makers’ needs, Trend Micro (Trend), has responded, delivering centrally managed, server-based AV solutions. In turn, decision-makers have adopted Trend’s products, frequently after failing with an alternative supplier’s solutions.
Executive Summary
Trend has established a leadership position as a supplier of AV solutions safeguarding network entry points, gateways, mail-servers, and PCs. Delivering enterprise-class products, the company is leveraging partnerships to distribute products through other IT suppliers and value-added resellers, as well as AV services through managed services providers.
Market Position
Based in Tokyo, Trend is a relatively unknown organization outside the Orient. But the company is gaining visibility rapidly in North America, even while avoiding the commodity market for desktop AV software. Trend’s world-class solutions are aimed directly at the network servers and gateways, the platforms most often victimized by viruses. In an ideal convergence, the company is emerging as a leader exactly when decision-makers are increasing investments to prevent Internet-borne viruses from penetrating enterprise networks. Trend has earned the respect of IS executives by mixing quality products with aggressive customer support.
Trend is publicly held, trading on the Japanese Over-The-Counter Market. For 1998, the company reported revenues of $90.3M and income of $9.3M. For the past three years, revenues have averaged more than 60% growth annually. As of December 31, 1998, the company had working capital of $101M.
Core Products
Trend supplies a family of solutions for detecting, preventing, and managing viruses and potentially malicious applets. Deployed on the enterprise’s network entry points, gateways, servers, and desktops, the company’s products are installable, configurable, and manageable from a central console .
Providing consistent, efficient protection for the enterprise’s information assets, the entire product line uses the same virus scanning technology, relies on Internet protocols for communications and updating virus pattern files and block lists, and supports Web-based management.
Gateway Protection
Trend’s InterScan product line is deployed on proxy servers, firewalls, or mail servers at the enterprise network perimeter. Available for NT and Unix platforms, the product functions as a safety net at key choke-points in the IT infrastructure. The product detects and removes viruses and malicious applets in real time from the most common types of network traffic:
- Simple Mail Transport Protocol (SMTP) mail and attachments;
- File Transfer Protocol (FTP) sessions; and
- HyperText Transfer Protocol (HTTP) traffic.
InterScan scans inbound and outbound traffic to detect viruses. Isolating the offending content at the network gateway, the product notifies the administrator of each instance of a virus or malicious applet. Infected traffic can be quarantined, cured, or removed. InterScan minimizes the disruption associated with viruses by ensuring that all parties are aware of the nature of the offending traffic.
With FTP and HTTP traffic, InterScan also removes offending content, notifying the administrator and the FTP user or Web browser of the incident.
Enhanced Gateway Protection
Trend offers three plug-in modules for use with InterScan, further protecting Internet-connected enterprises.
E-mail Gateway Protection
Controlling the flow of information across the enterprise’s Internet gateways, Trend’s eManager helps IS staff manage the content and volume of e-mail traffic. Offered as a plug in for InterScan, eManager is available on NT platforms and delivers the following:
- Protection against spam, and use of the enterprise’s e-mail servers as relay points for spam;
- Keyword-based filtering to control distribution of sensitive information and tools for collecting and reporting on e-mail traffic; and
- Load balancing for scheduling delivery of messages with large attachments during low network-usage periods.
Stopping Malicious Code at the Gateway
Trend’s InterScan AppletTrap enables IS staff to safeguard the enterprise from malicious ActiveX and Java applets, and JavaScript. The product is the frontline of defense against malicious active code, enabling IS staff to institute controls at the network gateway level. Available for NT server platforms as a separate solution (and in the future as an InterScan plug-in), AppletTrap is designed as a proxy server, employing multiple levels of defense against malicious code.
Multiple Methods for Stopping Malicious Code
AppletTrap checks incoming ActiveX and Java applets for certificates, verifying origin and integrity. For applets without certificates or with unrecognizable certificates, the product stops applets at the proxy server. The product also checks the cryptographic signature of each Java applet, comparing the signature to AppletTrap’s block lists. Finding a matching signature, the product blocks the applet.
AppletTrap also compares the originating Web site for all ActiveX and Java applets and JavaScript with Trend’s block lists. When a match is found, the product stops the code at the proxy server, stopping further transmission within the enterprise.
As a further, proactive measure for Java applets having valid certificates and originating at Web sites not known to host hostile applets, AppletTrap wraps the applets in a “safety blanket” of monitoring code, ensuring safe, policy-compliant execution on PCs. And, when applets do violate policies established through AppletTrap, the product terminates applet execution, preventing harm to the PC. The safety-blanket design of the product allows IS staff to shift the workload associated with analyzing applets from the proxy server to desktops, while avoiding the need to install software on the desktop.
Protecting Web Traffic and Managing Bandwidth
The company’s WebManager solution provides virus scanning for HTTP traffic, Web site filtering, and bandwidth management. Available now as a separate solution (and in the future as a plug-in for InterScan), the product is deployed on NT-based proxy servers at the enterprise network perimeter.
The product’s bandwidth management capabilities enable IS staff to monitor and control Web usage at the individual user and workgroup level. WebManager measures and controls the cumulative volume of HTTP traffic received by each user, giving IS managers an effective tool for rationing the enterprise’s limited bandwidth, and controlling when the bandwidth is available to users. And, the product helps individuals to track HTTP traffic volume, notifying the user through messages in the Web browser. When individuals consume the allocated bandwidth, WebManager cuts off further Web browsing until the next business day.
WebManager provides another conservation measure to IS staff by blocking access to non-work-related Web sites. Strict use of Web block lists also helps to limit the enterprise’s legal exposure by preventing the enterprise network’s use as a pipeline for illicit material from the Internet.
E-mail and Groupware Server Protection
Beyond the SMTP traffic filtering provided with InterScan, Trend offers the ScanMail family of products targeted for deployment on mail server platforms (Table 1). But, far from offering overlapping capabilities, ScanMail addresses AV issues unique to mail servers. Where InterScan filters traffic crossing network gateways, ScanMail filters information stored on mail and groupware servers as well as messages transiting mail servers. And, mail servers handle all e-mail staying within the organization – not just messages derived from external sources.
When first installed, the product scans existing messages in mailboxes and databases to root out existing infections. Messages with virus-free attachments receive a clean bill of health from ScanMail and thereafter carry the virus-free label, ensuring that messages are not needlessly scanned multiple times.
ScanMail removes, quarantines, or cures virus-laden attachments – delivering messages to addressees and notifying the sender, addressees, and IS administrators of the virus. But, stopping the spread of the virus is only part of the challenge. In removing viruses from attachments, the product enables attachments to be delivered and used without propagating the virus. ScanMail’s approach for unknown viruses is to remove the attachment, automatically forwarding the attachment to Trend for analysis, cleansing, and return to the enterprise.
Protecting Workgroups
For organizations addressing virus protection at the local area network (LAN) level, Trend delivers AV solutions for workgroup servers and desktops in a single package, OfficePack. Available for NetWare and NT servers as well as Windows 95, 98, and NT desktops, the product provides protection for workgroups, allowing departmental LAN administrators to be confident the individual workgroup has effective AV protection, regardless of the AV strategy for the enterprise as a whole. And, desktop protection ensures that viruses originating at the desktop do not spread throughout a workgroup.
Managed from the workgroup server as a multi-node solution, the OfficePack server communicates with clients through encrypted HTTP channels. Eliminating the need for individual users to install, configure, and manage virus prevention on the desktop, the product centralizes virus protection and management, placing control squarely in the hands of the LAN administrator.
Table : ScanMail Safeguards Mail Systems Across Multiple Platforms
| E-Mail Platform | Supported Environments |
| HP OpenMail | HP-UX |
| Lotus cc:Mail | Banyan, DEC Pathworks, LANtastic, NetWare, NT (Intel) |
| Lotus Notes | AIX, OS/2, OS/390, NT (Alpha, Intel), Solaris |
| Microsoft Exchange | NT (Alpha, Intel) |
| Microsoft Mail | NT, Windows 95 |
The company also offers PC-cillin, a desktop AV solution, for enterprise users and consumers needing desktop protection only. PC-cillin is available from Trend and can be purchased from the company’s Web site. The product includes one year’s worth of updates, ensuring that “PC-cillin-protected” desktops remain virus free. Safeguarding the home PCs of enterprise users, the company includes licenses for PC-cillin with the OfficePack solution.
Protecting Small Businesses
Trend provides OfficeScan for Microsoft’s Small Business Server, protecting up to 25 users. The product offers the same capabilities as the corporate OfficePack solution and protects Exchange servers, but it is available only for NT.
Managing Virus and Applet Protection
Central to Trend’s value proposition is the ability to manage virus and applet protection solutions, regardless of where the products are deployed in the enterprise. The company offers two solutions – Trend Virus Control System (TVCS) and HouseCall – to assist IS staff responsible for keeping the enterprise virus free.
TVCS Centralizes Virus Management
Deployed on NT server platforms and enabling IS staff to manage virus and mobile code protection from an enterprise perspective, TVCS provides multiple benefits:
- Delivers a central log and enterprisewide view of virus activity, enabling IS staff to distinguish minor incidents from major epidemics and to track the source of the outbreak;
- Enables automatic, single point update of virus pattern files for all Trend products within the enterprise; and
- Facilitates configuration and management of all Trend products within the enterprise, enabling a single individual to manage virus prevention for the entire enterprise.
TVCS uses agents deployed on each Trend-equipped-server. The product’s agent installation program detects which servers have Trend products installed and then “pushes” the correct agent to the server. The agents facilitate communication between servers and TVCS, reporting on viruses and mobile code crossing the server, and versions of virus pattern files and block lists deployed on each server.
TVCS’s Web-based console is included with all of Trend’s server products, ensuring that all customers can leverage TVCS to maximize the effectiveness and efficiency of Trend’s products on multiple platforms with disparate operating environments across the LAN and wide area network (WAN).
TVCS Is Directory Aware
TVCS accesses information on servers, gateways, and routers in existing LDAP-compliant directories, reducing the scarce resources IS staff must invest in product deployments. Trend includes a proprietary database for consolidating and storing the necessary information for enterprises not using LDAP directory services.
HouseCalls Are Not Extinct
Easily accessible on Trend’s Web site, HouseCall is a no-charge Web-hosted virus detection and cleansing service. Individual users can use the service as a virtual “second opinion” to check for viruses on PCs. But, unlike desktop-focused AV products, HouseCall provides a snapshot of virus activity on the PC, rather than ongoing protection. Assisting IS staff, the service also provides virus scanning for Exchange and Notes servers.
For enterprises deploying the product on the intranet, HouseCall is a pragmatic tool for IS decision-makers dealing with environments in which IS staff find that incumbent desktop AV products are exceedingly cumbersome to update, and are looking for a backstop to complement existing AV solutions.
Partnerships Are Understated but Widespread
Trend has a widespread network of partnerships with some of the most respected IT suppliers. The relationships leverage Trend strengths:
- Adding value for HP, Lotus, and Sun by offering ScanMail solutions for OpenMail, Lotus Notes, and Sun Internet Mail Server;
- Distribution through Compaq, Microsoft, Netscape, Oracle, and Sun – with bundled offerings for Compaq ProLiant, Microsoft Proxy Server, Netscape Proxy Server, Oracle Internet Messenger, and Sun Netra; and
- Integration with other best-of-breed security solution suppliers, including Check Point and ISS.
And, more recently, Trend has established relationships with companies delivering services to enterprise customers. InfoNet, a supplier of outsourced e-mail services, relies on the ScanMail family to keep e-mail repositories virus free, insulating enterprise customers from a common source of macro viruses. Pilot Network Services, a supplier of managed security services, relies on InterScan as the backbone of a virus prevention service.
Trend is also developing an integrated version of InterScan to support the Lucent Managed Firewall and VPN Gateway. With assistance from Lucent, Trend is developing the API, enabling Trend and other suppliers to tightly integrate solutions with the Lucent Managed Firewall.
Leveraging the remote management capabilities of TVCS, Trend is now actively recruiting resellers to deliver virus prevention services to enterprise customers.
For resellers, TVCS offers a vehicle for building an ongoing revenue stream. For users, TVCS offers the ability to separate ongoing management of virus-prevention products from deployment.
User Experiences
Users underscore Trend’s philosophy of preventing virus propagation at network and gateway servers, citing immediate and dramatic reductions in problems with viruses once the company’s products have been deployed in the enterprise. And, with TVCS, users are vesting the responsibility for virus prevention in a single IS administrator, significantly reducing valuable IS staff time previously spent deploying, configuring, and managing AV solutions.
Decision-makers state that Trend “goes to the wall” to help customers resolve technical issues, and then folds the appropriate enhancements into future releases of the products. The result of Trend’s responsiveness is that decision-makers describe Trend as a partner, not just a supplier.
Conclusions and Observations
Despite rapid, profitable growth, Trend is not resting. Leveraging customer feedback and internal innovation, the company has developed world-class solutions to safeguard enterprises from viruses and malicious code. Like an aggressive hunter, the company is ready to pounce on the next opportunity – the massive outsourcing phenomena sweeping through enterprises. Trend is already delivering solutions that enable IS decision-makers to outsource virus management.
Using Trend’s products, enterprises are solving the virus problem. Confident that viruses are no longer a problem, IS executives are consequently focusing on other issues – a very strong statement and endorsement for the company.
Clearly, decision-makers looking for world-class AV solutions to protect the enterprise should evaluate Trend as a potential supplier.