If you’re a corporate IT security manager on the frontlines of keeping your company safe from hacker attacks, you’ve certainly heard of Trend Micro. The Tokyo-based company has made a name for itself in protecting companies’ networks, email servers and Internet gateways from viruses. Trend Micro has the number one market shares in those areas and was the first firm to produce software that scanned and detected viruses at the perimeter of a computer network before they got to the desktop.
A computer virus is a program, or computer code, with the ability to replicate itself. Like biological viruses, computer viruses can spread quickly and are often difficult to eliminate. Trend Micro’s anti-virus and Internet content security software helped it rack up an expected $355 million in revenue in 2002, up from $241 million the year before. Its annual sales growth rate over the previous decade averaged 75%.
“They have a strong product in the security area, and they are the only Japanese security company active globally,” says Hideki Goto, an analyst with Deutsche Securities in Tokyo. The company, with 1,700 employees in 23 countries, has clearly benefited from the increased focus on Internet and network security at many large multinational businesses in the wake of highprofile virus and other computer attacks.
“Very clearly at the moment there’s increased sensitivity in the IT community to new security applications. Everyone is enamored by security as a whole. It’s one IT area that is growing,” says David Rowe, Trend Micro’s executive vice president for global marketing, based at the company’s US headquarters in Cupertino, California.
The 15-year-old company,which derives 80% of its business from companies, counts among its customers about 70% of the Fortune 500. Specific clients include Canon, Charles Schwab, DHL, ExxonMobil, Fidelity Investments, Hilton Hotels, NTT Telecom, SAP, Siemens and Toshiba.
Now Trend Micro is adapting its strategy to meet the growing threat posed by the increased sophistication and variety of methods employed by computer hackers and virus writers.Corporate customers are seeking more speed,more prevention and better management capabilities for responding to and addressing viruses.
A particularly pernicious form of virus is the worm. Worms are programs with the ability to copy themselves from computer to computer. They generally infect other machines through networks, which allow worms to replicate rapidly.
The infamous CodeRed and CodeRed II worms spread fear of an Internet meltdown and caused several billions of dollars in damage globally in 2001 and last year. Costs included IT consulting, system upgrade or replacements and lost productivity. NIMDA was another virus outbreak that wreaked havoc on global computers systems.
“In the new generation of attacks since mid-2001, we’ve seen that viruses enter in a variety of ways and attack a variety of systems.They damage productivity,block access to the Web and perpetrate denial-of-service attacks,” says Rowe. Some of the new viruses and worms that invaded corporate networks around the globe in 2002 were written to disable the very anti-virus software designed to detect and stop them. They also often left behind damaging remnants that cannot be detected by traditional anti-virus measures.
Enterprise Protection Strategy
To combat these growing threats,which it calls mixedthreat attacks, Trend Micro laid out its Enterprise Protection Strategy to analysts and customers in January.
Typically, when a virus attacks a company’s email system or network,here’s what’s done:Trend Micro or other anti-virus vendors study the virus’s codes, produce what’s called a pattern file or signature file and provide it to customers.A pattern file is the exact set of instructions that compose a virus. Rowe likens it to a mug shot on a most-wanted poster. The file allows customers to scan, detect and eliminate viruses from their systems.
The problem is that mixed-threat attacks often change code, overwrite files and literally program in future damage in the time (one-half hour to two hours) that it takes for the pattern file to be developed and deployed.
Trend Micro says that in order to stop these kinds of attacks, companies also need:
● effective content security policies to prevent the virus or worm from even entering the company’s network;
● the ability to evaluate and clean systems (servers and desktops) and eliminate all of the destructive elements that mixed-threat attacks contain, hide and often re-use; and,
● central management capabilities to coordinate policy, pattern files and cleanup actions across all layers of network security and devices.
On the prevention side, Trend Micro has introduced outward protection services, or “abbreviated recipes,” that its customers can download into their anti-virus software. These alert customers to message keys, virus activactivity and virus behavior patterns that they can use to proactively shut down programs and systems before they become infected and before the pattern file is deployed to eradicate the viruses.“That allows companies to quarantine the virus.We’re trying to get more prevention in the systems, shut down the behaviors of a virus before we can actually eradicate it,”Rowe says.
On the cleanup side, Trend Micro is attacking the problem of viruses that leave behind a lot of Trojans, which are malicious code or programs that can re-attack the network. “We simulate the virus and send cleaning instructions and specific instructions to shut down effects of that virus,”Rowe says. The company is re-launching all of its products to incorporate all of these capabilities, he adds.
As hackers get increasingly sophisticated, the myriad of threats to the corporate network will likely continue multiplying. Security concerns will rise as more communication and data exchange is done through streaming media and on emerging, mobile platforms such as wireless phones, peer-to-peer networks, PDAs and automobile navigation systems, say security experts. Such inter-networked, yet dispersed, platforms are a tempting target for the world’s talented virus writers.
As a result, perhaps the greatest challenge for Trend Micro is to provide its business customers with a complete, integrated security solution, say analysts. “Their software is one part of security. Many customers want integrated security systems. Trend Micro will have to make some alliances with other companies,” says Deutsche Securities’ Goto.
The company’s Enterprise Protection Strategy also addresses these concerns, says Rowe. Trend Micro has partnered with Sunnyvale, California-based firewall firm NetScreen to offer automatic port blocking.“If we know an attack is coming through a certain port,we can send a message to the NetScreen firewall to block that port for the next 15 minutes.We’re also offering an increased information sharing capability,” Rowe says.
|■ FOUNDED: 1988 by Steve Chang|
|■ EMPLOYEES: 1,700 in 23 countries|
|■ HEADQUARTERS: Tokyo, Japan|
|■ WEB SITE: www.trendmicro.com|
|■ CHAIRMAN & CEO: Steve Chang|
|■ DESCRIPTION: Trend Micro develops and sells network anti-virus and Internet content security software for corporate computer networks and personal computers. Its products guard against viruses at each access point within the corporate network where data files are exchanged, including company servers, Internet gateways and email servers.|
|■ SALES: Revenue increased by an average of almost 75% a year over the past decade, hitting $241 million in 2001. Sales were expected to come in at about $355 million for 2002.|
■ CUSTOMERS: The company claims 70% of Fortune 500 companies as clients. Customers include Canon, Charles Schwab, DHL, ExxonMobil, Fidelity Investments, Hilton Hotels, NTT