Preventative action

Trend Micro packages could ease antivirus administration

CUPERTINO, CALIF. – Trend Micro last week unveiled a range of new services and product updates it hopes can help ease the administrative task of preventing and cleaning up after virus outbreaks.

Trend Micro is expanding its Enterprise Protection Strategy (EPS), a combination of products, services and centralized management tools that is designed to help IT managers thwart attacks from computer viruses and worms. The company introduced EPS in May.

Specifically, Trend Micro has retooled its full line of antivirus and content-filtering products to let customers manage desktop and server security policies from a central location. The new Central Management Console can be used to enforce five written policies, such as denying the right to access certain files and executables, or blocking network ports that might be deemed especially vulnerable during fast-moving virus or worm outbreaks.

Corporate customers can create customized policies as well, says Steve Quane, Trend Micro product manager for enterprise products. The goal is to automate policy enforcement, when appropriate, and gain real-time work-flow-based virus reporting and eradication when a virus outbreak occurs.

“The old model of pattern-file matching is not sufficient,” Quane says, alluding to the traditional approach that antivirus vendors take of capturing a new virus specimen and fashioning a signature-based means to block and eradicate it that depends on upgrading every desktop and server using antivirus software.

Now customers can sign up for one of many support plans, depending on the size and security needs of their organization. As part of the expansion, the EPS Outbreak Prevention Services have been broadened to encompass file, Web and messaging servers running on Solaris, Linux and Windows, and users connected via broadband connections from remote offices.

Previously, the Outbreak Prevention Services program worked only for messaging servers on the Windows platform, according to Trend Micro.

The Outbreak Prevention Services distribute information on developing virus outbreaks to Trend Micro customers before the release of a virus pattern file. That information can be used to modify network configurations and prevent or reduce infection.

In addition to strengthening its prevention services, Trend announced that it is beefing up its Damage Cleanup Services, which help companies recover after a virus outbreak. EPS customers now will receive attack-specific cleanup templates through the Damage Cleanup Server, which interacts with and repairs infected machines. The templates guide customers in removing remnants of attacks, including Trojan-horse programs, registry entries and hidden user accounts that could be used to launch a new attack after an initial attack is thwarted and damaged systems repaired.

Both Outbreak Prevention Services and Damage Cleanup Services will be sold to customers as annual per-seat subscriptions that will cost between $1 and $6, depending on the number of seats, Quane says.

In selling its expanded EPS program, Trend Micro must be careful that it doesn’t disparage its antivirus protection abilities while it promotes its Damage Cleanup technology.

“Anybody in the antiviral industry must walk a balance in saying ‘We can not only protect you from viruses, but help you clean up once we fail to protect you,'” says John Pescatore, vice president and research director for Internet security at Gartner.

However, given that some viruses are bound to sneak onto even well-protected networks, Trend will find customers if it can prove that the effect of such outbreaks is mitigated by EPS, according to Pescatore.

Unlike chief competitors Network Associates and Symantec, Trend Micro is content to stick to its main business in antivirus and threat management, leaving it to the company’s partners such as Nokia, Blue Coat Systems and smaller integrators to deliver the hardware infrastructure or professional services, according to Quane.

That focus might keep Trend from falling into the same trap as its competitors, Pescatore says. “Network Associates tried to expand beyond antivirus and failed miserably. Symantec bought Axent [Technologies] to get into the enterprise space and move beyond antivirus, and you haven’t seen much happen with that. Being good at selling consumer antivirus and desktop antivirus and also meeting server and gateway needs is hard to do,” he says.

Policy-based controls on the desktop and server are still a fairly new concept for the traditional antivirus software vendors, although a few vendors, including Okena and Harris, are tackling virus prevention through what’s often known as “behavior blocking,” which blocks unauthorized exploits. Corporations testing the Central Management Console for virus prevention say the underlying concept of policy-based controls is sound.

“It’s an issue of awareness, because if you’re an administrator and you’re not actively looking at your console, you want to have a policy available,” says Tony Curry, messaging administrator at Kenosha, Wis., manufacturer Snap-on Tools. The advantage in automated policy-based response would lie in being able to rapidly block attempts of fast-moving viruses and worms that attempt to exploit application vulnerabilities.

However, one potential challenge associated with Trend Micro’s approach is that it requires use of Trend Micro antivirus products, so if a corporation was using several vendor antivirus products, automated policy response might be limited. Snap-on Tools uses Trend Micro for gateway-based filtering, but uses Network Associates’ McAfee product on the desktop.

Paul Roberts, a correspondent with the IDG News Service, contributed to this report.