Panda Security's new CEO plots reboot 2.0 for resurgent security brand

Firm tilted at right windmill as the wind died

Panda Security is the plucky Spanish antivirus firm that stormed the international market nearly a decade ago as malware threats boomed, beating most of its rivals to the idea of cloud security as an alternative to signature scanning. Well regarded technically and apparently successful, around 2010 the firm suddenly hit a sales wall.

The Spanish economy had tanked in 2009 but from the outside it was never clear whether this was the sole problem - Panda was and is private (mostly owned by private equity) and its troubles remained within its walls. News dribbled out of major job cuts, staff jumping, a shelved IPO and a CEO, Juan Santana, who suddenly wasn't. Even the PR effort eventually dried up, never a positive sign.

The symbolic low point was perhaps the 2012 hack of a clutch of its web domains along with some user data by British pranksters LulzSec after a spat over the lab's involvment (or not) in the anti-Anonymous Group police hunt.

Now the firm's fourth CEO since 2007, Diego Navarrete, appointed in January of this year, wants to reboot a firm whose stagnation remains the first question for any interviewer - what went wrong and will Panda Security 2.0 fare any better?

"The company never had a technological problem," he shoots back, "but in the consumer space it did not address the freemium model. With the big AV firms just above it competing on price and the Euro AV firms such as Avira and AVG offering a basic free product, "Panda got caught in the sandwich," says Navarette.

With once-reliable Spanish sales plummeting as the Euro crisis cruelly mashed its economy, the firm found that its adoption of cloud malware analysis was too advanced for the market. It had bet on an expensive technology that people weren't quite ready to buy in place of desktop-only software.

"I don't think the market was ready."

Although as Spanish as his immediate predecessors in the job Juan Santana and Jos Sancho, Navarette is a slightly different proposition after a long stint at IBM where he worked in the security division and, more recently, was a director of the Blue's Cloud and Server operation for Southwest Europe. It's a CV that had him spending a lot of time in the UK, one of IBM's main markets.

Despite nabbing Navarette, today's Panda retains much the same management team it ever had, comprising the core of people who founded and built the firm from its birth in 1990. The focus remains on its 200-person technology centre in Bilbao, although Navarette mentions that the firm is looking to expand its development to new centres such as the Silicon Valley, the UK, Israel and Canada.

The reliance on Spain has been reduced from 25 percent in 2007 to 18 percent today, says Navarette, with a 50-50 split between its consumer and business software. Put another way, 82 percent of its sales this year will come from outside Spain with the US and other European markets major sales targets.

Navarette says that Panda has just enjoyed its best trading period since 2007, the year its ill-fated expansion plan got airborne.

In June the firm launched Panda Advanced Protection Service (PAPS), a new take on cloud-based security in which all applications are classified as friendly or foe down to process level.

In some aspects, its claimed ability to protect against software exploits is distantly reminiscent of the interesting anti-zero day technology developed by ex-Panda Security engineer Pedro Bustamente whose startup ZeroVulnerabilityLabs was acquired in 2013 by US security firm Malwarebytes.

But as far as Panda Security is concerned things have gone beyond hype, PR flannel and buzzwords about the cloud and whether its technology is better than everyone else's. It simply has to execute and sharpish.

"You go through pain but this company has crossed the desert," says Navarette bluntly.

Join the CSO newsletter!

Error: Please check your email address.

Tags Personal Techsecuritypanda securityManaged Servicescloud computinginternetmalwareantivirus

More about AdvancedAviraIBM AustraliaMalwarebytesPandaPanda Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts