Listen to my conversation with Juan Santana, CEO of Panda Security, a long-established provider of antivirus and other malware protection products and services to the SMB market.
In this podcast, discover how the volume of malware distributed via the Internet has escalated over the past few years and learn why a cloud-based antivirus service may nevertheless be the best way to protect against malware infections.
Listen to or download the 6:54 minute podcast below:
---Transcript---
PW: Tell us a little bit about Panda's business — because [I believe] you're really specializing in anti-virus and threat protection?
JS: That's correct. We are an anti-malware focused company, OK, we were founded back 20 years ago. We are a Spanish company, who have operations in about 56 countries. We provide security services both to consumers and to SMBs. We define the SMB sector a little bit broad — which is more what I call the US way — so we say an SMB for us is someone between five and a thousand seats. I think the company historically, the way we have competed — the way we have acted or interacted with the market — is being able to have a very differentiated product from a technology standpoint. And I'm sure we'll be talking today more about what is the latest that we are seeing in terms of malware; and how that provoked us [into] changing the technology, how we protect about that. But in essence, it is true, we act as a security company for both consumers and businesses.
Right. And the focus is protecting client devices, so desktop devices mainly, I suppose?
That is correct, although we do have protection as well for the email and we have protections as well for the Internet traffic. Let me expand a little a bit on that. On one hand, we do the traditional protection on the endpoint that you would be competing with a McAfee, or with a Symantec, with a Trend. On the email side, these are services like the ones offered by MessageLabs or Postini, so that you filter all of the email traffic before it reaches the network of the client — and you deliver that email completely free [of malware].
The big advantage to customers is that there's no use of bandwidth at their site. And as you know, today we are receiving about — any company receives today — nearly 95% of traffic from email that they receive, it's actually spam. So that's a big advantage for them.
And lately we've also introduced a service, which is protecting the Internet traffic. And that, we do it both on a traditional way, through an appliance, which will be competing with a Fortinet or with an IronPort; or through a service — which I think is one of the most innovative products that we have — which is part of the cloud offering that we have just released.
Right. So tell me, why are you moving more towards a cloud-based model for the various offerings — and, particularly, I think you've been moving towards that model for the antivirus protection as well, haven't you?
That's exactly right. I think the two trends that we have seen lately in the market, which have become very clear, very apparent, for some years for us: one was related to the increase in malware; and the second one would be the fact that both clients and channel were more willing to buy a service as opposed to a license.
So if I focus on the first trend, I think back in 2005, 2006 more or less, the security or the anti- — the malware producers started producing it because it had become a business. So we saw a tremendous increase in the amount of malware that we were getting in the lab. Just to give you a sense, back at the end of 2005, beginning of 2006, we were receiving between 3,000 and 5,000 malware samples a day: new malware samples, so viruses, worms and so on. Today, we are receiving around 55,000 samples every day: new samples, so undetected — previously undetected — samples. Well, that provoked — the labs of the various vendors were becoming overwhelmed. We, being a smaller company than a Symantec or a McAfee, we competed there much more on a technological basis, because we couldn't establish labs, speaking of, to deal with that; and we had to fight that increase in malware the smart way.
So what we did is, we created a technology called "collective intelligence". That technology, what it does is, it processes automatically the malware that we receive, determining whether it's malware or goodware — and doing that automatically and without having the intervention of a person. That has a huge implication in terms of how you — how fast you react to the new malware. To give you a sense, today nearly 99% of the malware we receive is processed automatically. So this was a big, big trend.
We started offering collective intelligence back in 2007, and what we have done now in 2009 is the next evolution of that, which is actually launching a cloud antivirus. So it's an antivirus that no longer has what we call an update button, because it doesn't require to have updates or a signature file that is continuing to be bigger and bigger. I suppose what it does is, we leave the signature file in the cloud, and the product connects to the cloud to check if a certain executable is actually malware or not. Because it's important — and I think this is important to acknowledge this one — you're not always connected to the Internet, so you do need to have some protection on a local level, which we have. And therefore you are — the benefit for the client of using this technology is to get the maximum protection, while impacting the less, the user. I think that was one of the big trends — sorry?
Yes. Well, I was just going to say that, of course, the biggest threats to any user are going to be when they're connected to the Internet, even if they're just downloading email. But, of course, one of the key things, therefore, is speed of response — and the ability to pick up the threats as they emerge, which you can only do if you are plugged into the cloud in that way.
That's exactly right. For having a very broad database, what you need to have is millions of users, literally, all of them connected and reporting back into the cloud. And therefore the community gets the benefit of all of the knowledge that we have. We like to [say] these days that we don't actually have a lab anymore. What we have is actually a platform that is able to process the knowledge of the community.
So you're absolutely right. On the one hand, the threat comes — nearly 96% of the infections come — when people are connected to the Internet. There are very few who are through a pen drive or so on — although you still need to protect against them. And the other component is, because everybody is now connected all the time, you can share that knowledge of the community and collective intelligence very, very easily.
Leave a comment