Diego Navarrete, the former director of IBM's Security Systems Division in Europe, was named CEO of the struggling Panda Security in January. The Spanish antivirus firm in 2011 had cut its workforce by about 35% in the wake of a flattening antivirus market hit hard by free consumer antivirus offerings followed by the brutal financial crisis and recession in Spain. In an interview with Dark Reading Executive Editor Kelly Jackson Higgins, Navarette shared his aggressive plans for turning around Panda and its new laser focus on the US market, from where he says Panda will earn 10% of its revenue this year.
There are some promising signs of new life for Panda emerging: Navarrete estimates an increase of 7% in revenue for Panda in 2014, to $100 million for the privately held firm. Panda has 700 employees in 85 countries today, and 80% of its revenue comes from outside its native Spain, he says.
Dark Reading: What went wrong for Panda Security business-wise aside from the economic crisis in Spain?
Diego Navarrete: The new market of free antivirus [arrived], and Panda was fighting the big guys. Symantec and McAfee took most of the OEM agreements with PCs.
In 2007, Panda became a cloud security company, but in my opinion, the market was not as ready as it is today. In fact, the company then suffered … many of its own client-based customers wanted to remain on the customer [premise], so they were not opting for the cloud as much as [companies] are today.
The good news in 2014 is that everyone is talking about big data and cloud. And that's been in the company's strategy for seven years. We saw a turning point in the result in 2012, with the company back to double-digit growth, and last year, the same.
The market is endorsing our move to the cloud. Now it is a competitive advantage... My goal is to get Panda again in the [leading] industry position in innovation and business strength.
Dark Reading: What actions are you taking in turning around Panda?
Navarrete: I recently met with most of our key competitors in the US, and [some] will be our key partners in our new [cloud] service -- companies on the network security side, and the appliance network security space. The advantage we presented to them is that by running now for many years [in the cloud], we can automatically detect and classify malware.
We are also talking to a direct competitor that is highly interested in understanding how to work in the cloud.
Dark Reading: Panda has been noticeably quiet in the security research space, after a few years of being well-known for botnet and other research. Will we see a return to research?
Navarrete: Absolutely. The main strategies and technical [expertise] the company had back then remains in Panda. In the years when the market changed, the [European economic] crisis had an impact. Spain's [economic crisis] had a big impact on the company's results, and there had to be some layoffs early on in the lab.
[Some] people who remained with [Panda] after the bad years had in common they were either in the lab or [didn't leave]. Yes, we are going back to enhancing our presence in [security research] and being a thought leader again.
Dark Reading: You want to expand Panda's US market. How do you envision doing so?
Navarrete: Fifty percent of our US revenue is corporate enterprise, and 50% is consumer. Our sweet spot today remains that most of our client base [there] is SMB. We focus on the endpoint and develop protection, and our go-to-market strategy remains SMB [on the enterprise side].
We have a strong commitment to the channel, and get 80% of our revenue from partners.
Dark Reading: So is AV dead?
Navarrete: We are focused on the endpoint... [Traditional] AV is dead. But the evolution of AV is real-time service and tends to be data continuous monitoring for the cloud. You can in real-time close the opportunity for malware to run. I'm not going to say 100% of the time, but 99.99% is our claim.
In order to make our company grow and to develop the plan I have … we are leaders in malware protection and in cloud-based security technologies. We are coming off a really hard economic crisis in Europe. If we want the world to be with us, we need every employee behind this plan. This is the foundation for the company, and it starts from the inside. I'm being brutally honest.
In the end, it's always the same: Protect the endpoints. That is the center of our strategy that has not changed.
Dark Reading: Looking into your crystal ball, how do you see the security industry of the future?
Navarrete: I think it will be a mixed set of capabilities and solutions that go against APTs and targeted attacks against specific clients and organizations' assets. Real-time monitoring and big data analytics, but you cannot real-time monitor everything and you can't big-data everything.
You need to be an advisor and provide key indicators for alarms.
The industry today remains highly fragmented. The complexity of IT security to some extent is [people] not understanding the importance, or having a lack of knowledge. At one time, the industry was saying antivirus is all you need, a firewall is all you need, and the IPS and network guys were saying securing the perimeter is all you need. In the end, you need an end-to-end plan -- identity and access, who is access that information, what they are accessing in applications and data, and it depends on the importance you provide that data.
I see this fragmented industry consolidating. I see many players and companies that took advantage of the lack of knowledge situation ... not having stakes in the future.