I sat down recently to chat with Juan Santana, chief executive of the largest security vendor you might not be familiar with. Yet Panda Security, founded in Spain in 1990, is huge in Europe and no slouch either in the United States, where it competes against the likes of Symantec, Trend Micro, Kaspersky, and McAfee. I talked with Santana amid the launch of Panda Cloud Protection Service, which moves threat analysis to the cloud and installs with a very small footprint on the client.
I sat down recently to chat with Juan Santana, chief executive of the largest security vendor you might not be familiar with. Yet Panda Security, founded in Spain in 1990, is huge in Europe and no slouch either in the United States, where it competes against the likes of Symantec, Trend Micro, Kaspersky, and McAfee. I talked with Santana amid the launch of Panda Cloud Protection Service, which moves threat analysis to the cloud and installs with a very small footprint on the client.I'm going to summarize some of the high points from our chat, but first the promo: Click the tiny play button to hear the Panda Security podcast.
Santana was on a press tour to get some coverage for Panda Cloud Protection Service. In moving the malware detection system to the cloud , Panda is cottoning onto the latest trend in security software. (See Wolfe's Den Podcast: Trend Micro Takes Security To The Cloud.) This architecture enables faster responses to threats, since you don't have to force library downloads to users, who may not do their updates in a timely fashion anyway.
It also allows security vendors to maintain vast libraries of threats and virus signatures. Indeed, the fact that PCs have long been creaking under the weight of humungous security library downloads has been a big impetus for moving this stuff to the cloud. A wonderful collateral benefit is now security vendors get to crow about having a very small executable client on the PC.
Or, as Santana explained it: "The benefit to the user is, the [virus library] updates are done much quicker because you don't have to send them to the client. With the volume of malware that the industry has to face now, that is a key differentiator. The second pillar of our vision is that we have a nanoclient so it minimizes the impact on the PC. The last pillar is that these products can be managed as a service."
I shouldn't minimize the SaaS (software and security as a service) aspect of a cloud-based security offering, since this position allows you to manage both the product itself and the sales aspect (subscriptions, different distros).
Next we talked about the big kahuna for everyone in the security field--namely, the explosion of malware in recent years. "In 2005, early 2006, the motivation of the hackers actually changed," said Santana. "Before, they were looking for fame. At some point, they figured out, it's a business. We have done some estimates of how much money they're making. Just to give you a sense, the fake antivirus guys are making around $35 million dollars a month. With that volume of potential business, malware is here to stay."
These guys are like the drug dealers of the Internet, was my response. Unfortunately, there are a lot of them, centered largely in China, Russia and the Ukraine. Santana said a lot of malware is also coming from Brazil. "Innovation in the security industry is not coming from the security companies," he pointed out. "The true innovation is coming from the hackers."
"We have gone through phases in how hackers were coding their malware. In the late 1990s, the viruses were very complex. Then they went into a volume play, and they were very simple viruses; they were trying to overwhelm the security industry. The bad today is that you have both. You have a lot of malware and you have very complex malware."
Looking ahead, Santana noted that security is one of the few areas within IT which has continued to grow amid the recession. "It's expected to grow as a sector between 5% and 8% in 2009, and we are seeing the same or bigger growth rates going to 2010 or beyond," he said.
On the technology front, Santana sees the cloud looming large. "It's becoming more important to secure the cloud itself and to secure the session when you connect to the cloud," he said. "That is the moment where you always have the threat of passwords being stolen."