In this SC Magazine online exclusive, Mark Mayne questions Panda Security's CEO, Jorge Dinares.SC Magazine: Firstly I'd like to ask about recent financial events at Panda - I hear you've received a multi-million dollar cash injection from private-equity firms?
Panda Security has just seen a change in ownership essentially, with four large equity companies (Investindustrial, Gala Capital, HarbourVest Partners and Atlantic Bridge Ventures) owning 70 per cent of the business, and the previous owners now holding around 25 per cent. It's an exciting time, as this is the first time we've been in this situation.
We've also re-branded the business as Panda Security, instead of Panda Software.
The criminal side of the malware industry has changed significantly since then, too.
Yes, absolutely. We've been seeing a total paradigm shift in terms of malware. In the past year alone, we've analysed more malware than in the entire previous 16 years together. We're dealing with 4,000 new samples every day, 1,000 of which are Trojans.
We're certainly not getting bored!
The technologies involved in detection have increasingly come under the spotlight.
Yes, indeed. The security industry is having difficulty keeping up with malware. Old technology models (such as signature files) are not the best method of dealing with this new growth. Testing of anti-malware products is outdated too, with many reviews based on checking products against known malware. This isn't much of an indicator as it's the malware you don't know about yet that is the most dangerous.
We were one of the founding members of the Anti-Malware Testing Standards Organization (AMTSO), which launched in February 2008 and should address some of these issues.
How do you see your position in the security market? It's pretty competitive at the moment, even ignoring the big US players.
We're at the top of Europe at the moment, with revenues of $160 million. We're also in more markets at the moment too, with presence in 56 countries.
I see the security market growing at around 10-12 per cent over the next couple of years, but we plan to grow at twice this rate.
Our plan is to IPO in three years or less.
How do you plan to do that?
Our strategy is based on two variables: our geographical reach and a move into the enterprise space.
In terms of geography, we're opening an Australian office, and this will give us a presence in every major market in the world.
Our key strategy plank this year will be the corporate market, which we will be attacking far more than before. We've launched new solutions that we believe will see significant uptake. The US will be a key target, as it has 48 per cent of the global security market. China and Japan are also key growing markets.
Being in so many markets is an unusual strategy - how did this come about?
Our founder, Mikel Urizarbarrena decided eight or nine years ago that this would be a global company, so he generated a franchise-based model, which allowed us to grow very fast. It's given us a competitive advantage to this day.
You worked for BMC Software from 1995 until 2007, a 16-year stint. Why the change?
For several reasons - obviously the challenge of working with all aspects of a business was very appealing from a personal point of view, as previously I'd worked across a few specific areas, such as sales.
The thought of a Spanish company taking on US companies with a market cap of $1 billion was an exciting one. I believe that Europe needs a big player in the security market.
Sounds like there is a definite element of national pride - I see you studied for both your degree and MBA in Madrid.
Absolutely. There's certainly an element of national pride, it's good to be working with a Spanish company in this position. The US is often seen as being the originator of everything, but it shouldn't be this way. This is especially true of IT.
There are some good examples of European products that are very successful - look at SAP. I think Europe generally has a good reputation for quality, and that is very much what security is about. I also think that European governments should think seriously about what solutions are needed and where they come from. Maybe European solutions would be better suited than ones from further afield.
There is certainly increased interest in online regulation in Europe. Do you think this will give you a local advantage over your global competitors?
European regulation isn't going to decrease in intensity, but as we're not positioned as a services company, this shouldn't affect us too much. We're going to stay focused on securing the internet channel for the immediate future.
There's a lot of consolidation occurring in the US security space at the moment. Do you see this spreading to Europe?
The European IT security market is still very fragmented, so yes, there is potential for consolidation. I'd be very surprised if any company made any acquisitions to boost their install base though, as it's more likely that moves to widen portfolios will be the plan.
We're certainly considering our options and will be looking at acquisition targets over the next year or so.
Are there any specific areas that you may consider targeting?
There are a range of obvious areas that would be complimentary, data leak prevention for example. We are currently discussing our options.
The impending global financial meltdown doesn't worry you then?
We don't believe that the security market will be affected in the short term, as this is one area that companies can't afford to invest less in.
The move to online services is producing huge cost savings for some businesses, due to increased efficiency, but security is a critical part of making this work. A company can save a lot by moving certain operations online, but they shouldn't forget the need to do it safely.