IDCUKI Dominic Trott

Dominic Trott                                    
Research Manager, European Security
Read full bio  @DominicTrott

To use an analogy coined by Trend Micro’s CEO Eva Chen, the company is like Wolverine from the X-Men: Trend Micro has been going for a long time and has endured a number of market shifts and challenges. Yet it has been able to absorb these challenges, emerging unscathed to become the global player that it is today. This was a key theme when Trend Micro invited IDC (and other analysts) to Boston last month for its annual Insight analyst conference.

In the past, this ‘super-power’ of adaptability has allowed Trend Micro to harness, rather than be disrupted by, market developments such as virtualization and cloud computing. Indeed, its early entry into cloud security has led to its leadership in that space today. The latest example is the incorporation of machine learning within its endpoint protection (EPP) proposition, in an initiative known as XGen. This was a key theme presented at Insight 2016, Trend Micro’s annual industry analyst event.

Recent quarters have seen established players in the EPP market, such as Trend Micro, face a growing challenge from emergent players such as Cylance and Carbon Black. These vendors have achieved strong revenue growth (from a low base) through the release of EPP solutions powered by artificial intelligence (AI) and the deployment of algorithms in order to protect against unknown threats.

The traditional EPP approach makes use of signature-based technologies to prevent endpoints from being compromised by known threats. The growing popularity of ‘signatureless’ players is based on their ability to identify both known and unknown threats. For example, when IDC met with Cylance’s Ambassador at Large John McClurg at London’s IP Expo in early October 2016, he cited the company’s 99.7% success rate in identifying threats.

The challenge for Cylance, which the company recognises itself, is the level of false-positives that its solutions generate. That is to say how many indicators of compromise that are generated which turn out not to be a threat after all. This may sound like a minor flaw, particularly given Cylance’s high level of threat detection. However, it is not insignificant when we consider that a big part of Cylance’s go-to-market proposition is its ability to make life easier for security professionals by offering a replacement for traditional security products. This case is undermined when in-house resources are diverted investigating threats which turn out to be harmless.

This is where Trend Micro seeks to differentiate itself from the upstarts in the market. In his presentation at Insight 2016, Trend Micro CFO Mahendra Negi pointed out Trend Micro’s long history (27 years), and strong financial position: with $1.5bn cash reserves at June 2016, the company can claim 634 ‘survival days’ if there were no further revenue generated. While on one hand this demonstrates the company’s longevity and stability, something that the emergent players cannot claim, it also hints at something else. Trend Micro has been at this game a long time, and has developed a broad portfolio.

This message is at the heart of the XGen message. New players offering solutions powered by emerging technologies such as AI and machine learning are often referred to as ‘Next-Generation’ vendors. However, Trend Micro is keen to highlight that, as well as these next-gen technologies being built into its roadmap (such as the machine learning powered XGen Endpoint Security release of the 18th of October this year), it can also bring to bear the other technologies that its portfolio has expanded to encompass over the years. In this way, Trend Micro is able to span next-gen and current-gen technologies, hence the term XGen (pronounced ex-gen).

To interpret Trend Micro’s strategy, let’s think of identifying unknown threats as looking for a needle in a haystack. This is not a simple challenge, but it can be made simpler. Trend Micro’s ability to incorporate established technologies within XGen, such as application whitelisting, file reputation scoring and sandboxes, can help to make the haystack smaller. This, in turn, makes it easier for Trend Micro’s next-gen machine learning technology to find the needle in that haystack.

Further, we must also consider that customers’ needs go beyond the endpoint. While next-gen players tend to offer one or two ‘silver bullet’ solutions, Trend Micro’s endpoint protection capabilities are augmented by supplementary offerings in areas such as messaging security, network security and web security. What is more, through the development of APIs, Trend Micro’s products can be integrated within customers’ broader portfolios. With customers finding their increasingly heterogeneous security environments too complex to handle, the ability to drive better integration across products is critical. This is a trend on which Trend Micro has a firm grasp, and is enacting through XGen.

This appreciation of integration and interoperability can be a lever for Trend Micro to differentiate itself from the emerging players, who are pursuing more of a technology-based go-to-market approach. While the emerging vendor may see their new solution as allowing customers to retire swathes of their security estates, the reality is likely to be different. For the customer, this may sound more like yet another point solution to add to their already highly complex environment, or at best a like-for-like replacement. Especially when we consider that their existing environments are likely to have been crafted over time, at no little expense, with the expectation from the CFO that value will be extracted over a number of years. Rip-out-and-replace propositions are likely to be met with a mixed reception.

Therefore, it is IDC’s view that Trend Micro’s vision of driving integration not only across security generations, but also between security technology groups, positions the company to win friends in the enterprise. This is likely to particularly relevant for prospects in its core mid-market focus area, where pressure on resources is likely to be strongest.

If you want to learn more about this topic or any other European Security trend, please contact Dominic Trott.