At the Panda Security user conference, PASS2019, held in Madrid, attendees were told “Malware is totally under control.” As statements go its about as bold and inflammatory as it gets but is this just bad marketing or is there something to it? Panda Security believes that they can back the statement up.
The statement was made by Josu Franco, Strategy and Technology Advisor at Panda Security. It is based on how the success Panda Security has had since it included its 100% attestation technology in 2018. It claims that technology prevents malware from running in customer environments.
Franco put up a chart going back to 2015 showing weekly malware infections reported by customers. In March 2018 the number of reported infections dropped close to zero. It has remained there ever since. Over the last 15 months the number of weekly malware reports, according to Franco, average one incident every two weeks. It’s an impressively low number that led to Franco’s claim: “Malware is totally under control.”
This is not just about stopping malware. Franco warned that attackers are changing their approach. Attendees were told that there has been an increase in Living off the Land attacks. This sees attackers use zero day attacks to gain a foothold in a network. They then deploy tools to embed themselves across the network using operating system and application utilities. Given the recent problems for Microsoft with zero day attacks against its RDP programme, the warning is timely.
What is needed to solve this?
Franco believes that the solution is in the hands of the cyber security industry. No surprise there, but his view is that we need better products and services not just more products. Vendors need to integrate new features not upsell customers new products that then need to be managed. There is also a need for a better customer experience. This is where the services provided by MSSPs and other come in.
Customers want to see threat hunting and actionable intelligence improved. They want to know that the volume of data that they gather is actually delivering something usable. This is something that Panda Security is addressing through its partner channel. For larger enterprises, the company is building a new partner channel to help them.
Attendees were told that part of the solution is a new brand called CYTOMIC. The first product in that brand is called ORION. The latter is focused on threat hunting services that are aimed at SOCs and MSSPs. It will help them expedite their investigations and ensure that customers get both resolution of attacks and also support to capture the forensics around that attack. One key part of that is delivering Jupyter Notebooks that customers can deploy as part of their cyber security incident response.
What do customers think?
Talking to customers across the day there was a lot of support for Panda Security. Customers and partners all seemed to be impressed with what they had heard from Franco and other Panda Security executives. The one thing they most wanted more information on was CYTOMIC. Unfortunately, despite the announcement, there was little detailed information on it or on ORION.
Partners, in particular, seemed to like what they heard. At most vendor events, talk to vendors and there is always unhappiness to be found. If there were unhappy partners, they were not talking. Some wanted to know what new services CYTOMIC would enable them to deliver. They see services as delivering new revenue streams but interest was tinged by concern over the availability of skills.
Enterprise Times: What does this mean
Vendor conferences are always interesting. Customers and partners are often willing to talk about the problems they have and what they want from the vendor. Meanwhile, vendors like to introduce their latest products and build anticipation ahead of launch.
Franco certainly got the attention of the audience with his claims over malware. They were also very interested in ORION. The next step is to see what ORION and CYTOMIC deliver when they become available.
Panda Security has turned itself from a consumer security company into an enterprise security company. Its latest revenue figures show that it is on course to meet the US$100 million revenue target it set out a couple of years ago. Judging by the customer reaction, this should be easy.