Trend Micro’s tipping point: Acquisiton of HP’s network defense products

Trend Micro, headquartered in Tokyo, Japan with its U.S. corporate offices in Irving, Texas, was founded in 1988 as an anti-virus company at a time when that market was at the end of the runway.

Trend took off as malware threats boomed and the firm quickly became a multi-million dollar provider of anti-virus software for consumers and businesses globally. For the last full year reported (FY 2014), the publicly traded company listed their annual revenues at over $1 billion (USD).

As long as a company is heavily tied to the anti-virus market, they can’t help but being perceived as a consumer focused software company. To play in the anti-virus space means marketing and appealing to consumers – namely PC, laptop, tablet and smartphone users. Branding to that audience is entirely different than messaging which captures the attention and trust of chief information security officers (CISO) at large enterprises including Fortune 500 and Global 2000 corporations.

As big and as successful as Trend has become over the past 25-plus years, it has struggled to break out of the anti-virus box. It has introduced products for security intelligence, cloud security, and other categories, but never had a best seller in those categories.

Trend has tried its hand in some rising niche markets – for example application security – with a product that scans software code for vulnerabilities. According to research firm Gartner, in 2012 Trend Micro acquired the technology assets and engineering staff of Indusface, an India based DAST-as-a-service provider (its DAST testing service is called IndusGuard, and Indusface continues its operations as a licensed reseller of the Trend Micro DAST service). DAST stands for dynamic application security testing.

Gartner’s popular Magic Quadrant for Application Security Testing (which evaluates DAST and related products) previously put Trend’s application security product in the lower left quadrant… as a “niche player” which means they are not very likely to execute in that market (compared to other vendors). Gartner cautioned “Trend Micro is not known for application security, and before the technology acquisition, Indusface had a limited market presence outside India, Asia/Pacific and the Middle East.” Enterprise security vendors including IBM and HP sit in Gartner’s enviable top right quadrant – the companies with the greatest ability to execute and the most complete product vision in the application security testing market. In Gartner’s latest Magic Quadrant covering that market, Trend Micro was dropped.

In October of 2015, Trend Micro announced it would be acquiring HP’s TippingPoint product line for $300 million – which includes HP’s popular next generation intrusion detection system. The acquisition is a literal tipping point for Trend Micro. All of a sudden, Trend is a definable enterprise security company on the radar screen of most CISOs and IT security professionals at corporate IT shops. Trend must have been saving up for this acquisition, and it looks like a very smart move on their part.

Not long before HP recently split in to two corporations – HP Enterprise and HP, Inc. – HP surprised analysts and end-users with its own announcement that Trend would be buying HP’s TippingPoint security unit. Networking vendor 3Com bought TippingPoint for $442 million in January 2005. Then HP bought 3Com in 2010 for more than $2.5 billion.

HP has been a major player and respected name in enterprise security for many years. Its HP Fortify for application security and HP Arcsight for SIEM (security incident and event management) solutions are well known by CISOs and IT security staffers. And those solutions have been branded hand-in-hand with HP’s TippingPoint for network security. HP hands off some serious technology to Trend, but equally as important it is handing off some serious street cred in the enterprise security space… something that Trend has been after for years.

Entering 2016 Trend Micro should be getting more invitations to come in and speak with CISOs and IT security evaluators at large enterprises. It remains to be seen if Trend will RSVP to those invitations with the type of consultative sales executives who are accustomed to longer selling cycles and closing bigger ticket deals.