Editor's Note: This story was edited to delete inaccurate information said by Trend Micro CEO Eva Chen.
On the heels of an analyst report critical of its data leakage protection strategy, Trend Micro Inc. is revamping its DLP product, adding network-based capabilities by integrating it into its threat management appliances.
Eva Chen, CEO of the Tokyo-based security firm, said the network DLP threat management appliance will analyze up to 80 protocols, including Web, email or instant messaging traffic. The appliance will use the same engine as Trend's client-based DLP. The changes could come as early as next quarter.
"If anyone is sending sensitive information through, we can monitor it, notify, record it and, if they have the client agent installed, we can also block it," Chen said in an interview with SearchSecurity.com.
Trend entered the DLP market through the 2007 acquisition of Provilla Inc., which developed software that prevents data leakage with an approach that combines endpoint-based enforcement with fingerprinting technology called DataDNA. Currently Trend's LeakProof DLP software, now at version 5.0, remains client-based. The company did not fare well in a DLP market analysis conducted recently by the Burton Group. Burton analysts called Trend a laggard in its report and said the "vendor roadmap demonstrates limited insight to the unfolding DLP market." Burton cited a lack of enterprise-caliber integration and management, as well as exclusive focus on the endpoint.
"Based that on approach that we saw, Trend was offering a DLP product as an expensive add on to their existing threat management product," said Eric Maiwald, vice president and research director for Burton Group Security and Risk Management Strategies. "There was no network capability, they weren't truly integrating with other products and their roadmap appeared to be minimal."
Chen said the company saw all along that it needed to expand the scope of its DLP software, but needed to take several steps before adding network-based DLP capabilities. Since the Provilla acquisition, Trend worked on shrinking the technology's fingerprinting database and applying it to Trend's cloud-based Smart Protection Network. Putting the database on the central scan server rather than on each individual client keeps the client software lightweight, she said.
The company also didn't want to run its own consulting services, Chen said. In the United States, The company is reaching out to its channel to provide sales and support services.
"The biggest problem is that many customers don't know what their confidential information is, so you run into a lot of provisional services," Chen said. "You need to help them through the data discovery first and classify all that data into confidential and non-confidential."
Burton's Maiwald said every vendor offering DLP had some level of services support to help with company-specific scenarios.
"While [all vendors] offered a good library of rules and signatures to look for within your information flows, some companies may have specific items, such as proprietary information that they want to search for," Maiwald said
Integrating DLP into the Trend Threat Management appliance was a natural fit, since it could address both unintentional employee errors and hackers intentionally trying to steal sensitive data, Chen said. The Burton Group said Trend's strategy of coupling DLP with threat management, such as Web filtering and antimalware follows that of Symantec Corp. and Websense Inc., which are taking a similar approach.
"The only way to detect [employee errors and external attacks] is through the reputation engine, through lots of correlation and analysis, which is done through our threat management appliances," Chen said.
Other vendors, such as Verdasys Inc. and NextLabs Inc., appear to be integrating DLP with information management, such as enterprise rights management and encryption, according to the Burton Group.
Many customers limit DLP to monitoring and notification, warning employees if they are using data out of policy, Chen added. Although blocking capabilities exist companies fear it could disrupt business units.
Chen said the company will continue to work with its channel partners to help with implementations and Trend has opened its API to help customers add custom templates on the appliance. It currently offers generic compliance templates, addressing HIPAA and PCI DSS for data discovery.