Trend Micro Inc is developing a unified threat management offering for high-throughput enterprise environments, to be launched in the first quarter of 2006, according to CEO Eva Chen.
The Cupertino, California-based ISV is one of the Big 3 in anti-virus software and, claims Chen, has just overtaken McAfee Inc specifically in the enterprise AV market, which is led by Symantec Corp.
This summer it beefed up both its anti-spam and anti-spyware offerings through acquisition: in June it bought Kelkea for its IP reputation services and behavioral analysis and in May it acquired Intermute for anti-spyware, with an API to facilitate its bundling with existing Trend products.
As a result, a UTM offering is clearly in the pipeline, though without the firewall/VPN or IDS/IPS technologies that other multi-function perimeter security devices offer.
The rationale here is dictated by marketing policy rather than technology: Trend has an alliance with Cisco to deliver on its devices the security functionality the networking giant doesn’t want to develop itself.
Cisco has its firewall/VPN and IDS/IPS, so Trend won’t go there, in order not to compete head-on with its go-to-market partner. By contrast, both Symantec and McAfee compete with Cisco in firewall/VPN and IDS/IPS.
At the moment, Cisco is offering Trend’s flagship AV technology, having just announced an extension with a pre-emptive capability to block suspect requests prior to a signature being produced. Adding anti-spam and anti-spyware from Trend would clearly be a logical addition, though Chen said Trend would also look at delivering UTM as a Trend-branded appliance.
Trend is not the first security vendor to seek to address the performance hit that comes from turning on all the functions on the current generation of UTM devices. Taiwanese networking vendor D-Link is readying a U box for launch at the end f the first quarter of 2006 using dedicated silicon to offload some of the processing that full-blown UTM implies.
Chen would not be drawn on whether Trend is looking at such hardware-accelerated inspection, but she did acknowledge that current UTM, which generally entails multiple software functionality bundled onto industry-standard servers, is challenged in terms of performance.
Several infosec vendors like ISS and McAfee have unveiled plans for carrier-class products to handle throughputs of 100Mbps, enabling network operators to offer clean WAN services and internet access to enterprise customers.
In that scenario, however, Chen is sceptical of the appliance approach, arguing that it might be OK if all you’re doing is inspecting packets [i.e. at Level 2], but if you want to do full-stack inspection [i.e. L2-L7], the best way is to integrate with existing network infrastructure, not least because there’s no one place in such networks that you can capture everything. In other words, in such environments, Trend will go in on Cisco kit.