Commtouch’s New OEM Web Security Business

At the RSA Conference, we sat down with Commtouch, a company best known for its OEM anti-spam engine that is licensed by a long list of well-known email security vendors.

In January, the company launched a Web security service, using a similar architecture and business model as its anti-spam technology. In other words, it’s a hybrid of a managed service — cloud-based, if you insist — that maintains a database of known Web pages, plus an OEM engine that queries the database and intelligently caches the results.

Why do it in the cloud? Commtouch argues that it’s hard to categorize the whole Internet, as the database gets huge and the changes are too big to push the updates in a timely manner.

The service categorizes the known threats so that OEMs can produce different types of products; for example, a product focused on anti-phishing, which will concentrate on the Web pages categorized as fake bank portals, etc.

Commtouch argues that being an OEM is a good place to be, as the industry continues to move to a “soup-to-nuts” UTP model. Commtouch’s vendor customers will often specialize in one or two areas and license the rest conventionally.

More controversially, Commtouch also argues that it’s risky to build a strategic relationship with a small, niche company that offers an OEM solution, because if they’re bought out, they may lose the OEM strategic focus.

Well, they would say that, wouldn’t they?

Richi Jennings

Post a comment

You must be logged in to post a comment. To comment, first join our community.