The BigFix-Trend Micro partnership announced this week underscores the importance of centralised systems management in the battle for endpoint protection market share. Analysts say it's a critical differentiator, perhaps even more than actual antithreat capabilities, especially for large enterprises.
McAfee for example, has long held an advantage with its highly regarded e-Policy Orchestrator (ePO) platform for managing its security products. Symantec took a major step to address their shortcomings when they acquired Altiris in 2007.
The first fruit of the partnership is the Trend Micro Web Protection Module, which leverages Trend's in-the-cloud Smart Protection network to provide up-to-date protection against Web threats. The next release, which will happen later in Q1, will be the Core Protection Module, which will incorporate the full suite of security components in Trend's OfficeScan on the BigFix platform.
By partnering with BigFix, Trend Micro significantly boosts its ability to compete with other industry giants in the large enterprise market, in which companies devote heavy resources to managing their endpoint protection infrastructure. The BigFix platform gives Trend customers significant endpoint management capabilities beyond Trend's core security components -- for example, patch and configuration management.
The deal is exclusive to Trend Micro. This allows BigFix to market integrated security without compromising its strength in systems management, including managing other third-party endpoint security vendors' products. For example, BigFix customers can deploy the Trend Micro Web Protection Module without changing existing third-party endpoint protection products.
"A lot of vendors [are] moving towards this centralised management feature," said IDC research analyst Andrew Hanson. "It allows them to address larger enterprises with easier deployment, reduced cost and reduced time to solution."
It's what Symantec has been striving towards as it integrates the Altiris systems management platform, turning what had been a perceived weakness into a strength. In June, it announced Symantec Endpoint Management Suite 1.0, combining Altiris Client Management Suite 6, Symantec Endpoint Protection 11.0 and Backup Exec System Recovery 8 Desktop Edition into a central management platform.
"It's really about consolidation, about combining security and systems management," said Amrit Williams, chief technology officer of BigFix.
The competition is heating up for what has long been a commodity. Every organisation runs some product on its desktops and, generally, servers. There's no green field market here. If Symantec, McAfee, Trend, Sophos, Kaspersky Lab, etc. are going to land a new customer, it's going to be at someone else's expense.
So, there has to be a compelling case for ripping out Product A at renewal time and purchasing and deploying Product B. The changing nature of these products may be creating a more fluid situation.
"There aren't any new customers in the endpoint protection market; it's always a displacement, that's pretty obvious," said Ron Clarkson, Trend's director of enterprise endpoint security. "The idea behind Web Protection Module is a stepping stone for BigFix customers. As they start to look at renewing their contract, we hope they will give the Trend Micro-BigFix relationship serious consideration."
Protecting endpoints against attack has become a complex affair in just a few years, as traditional signature-based detection -- still at the heart of most products -- has proven less and less effective, particularly against Web-based attacks. In response, vendors have packed myriad components -- variations on host-based intrusion prevention (HIPS), heuristics engines, client firewalls and reputation-based detection -- into complex all-in-one suites.
It's often confusing to companies trying to determine which products offer the most effective protection combination. Vendors are hard-pressed to back up claims that their products offer better security; the complexity of the new generation of products make lab testing difficult, and the results of those tests have been generally disappointing.
So, the management piece takes on added significance, especially if you're dealing with tens or even hundreds of thousands of desktops, laptops and servers. In the absence of clear evidence that one suite offers more effective protection than another, it can easily be the decisive factor.
"One of the struggles of differentiator versus cost, especially for large enterprises, is the huge cost and huge pain to completely switch over," said IDC's Hanson. "A simplified, centralised management could be worth the cost of converting all those seats."