Karen Dearne | November 04, 2008
world according to | Kaspersky Lab
ONCE again, Kaspersky Lab is banking on reputation. The Moscow-based IT security vendor has come a long way from the days when its engineers built an industry-leading antivirus engine and began selling the technology to other developers.
Cyber-criminals are putting a very high load on the net, says Eugene Kaspersky
Kaspersky regularly receives industry awards for its consumer-friendly anti-malware, anti-spyware and anti-crimeware products, which protect against hacking, phishing and spam.
Now founder and chief executive Eugene Kaspersky is directing both global expansion and a move into corporate business security.
The good reputation of his products has taken him this far, now he hopes new reputation-based technologies will help stem the ever rising tide of threats.
IT security experts have been fighting malware for a long time, yet the situation doesn't seem to improve. What are the main threats now?
The main threat is the fact that there are more and more threats. Cyber-criminals are putting a very high load on the internet and a high load on the anti-malware companies.
We are talking about a million samples a month - terabytes of data - and we have to develop protection against all that.
We're actually rather like an internet service provider at the moment - we're collecting data from the internet and we have rooms full of computers to process this data because we have to do it automatically. We still resist, we are still able to develop protection, but some companies are not able to handle all this.
How can you make some headway?
We're bringing a new approach and new technologies to the market. Our latest consumer products feature a blacklist and whitelist approach.
The application control involves watching what's going on in the system with a very high level of attention - watching all the applications.
The new piece is reputation services, which are based on the network, so we have built a database of URLs and their reputation, either good or bad, and we can alert users to that.
If someone goes to a URL that has been compromised and downloads some malware, our product will recognise that it's malware and notify the database.
Next time someone tries to access the URL, it will be reported as bad, as containing malicious threats. This service is almost automatic, it's a kind of real-time protection. It's not a database that you download, it's a reputation service that is updated every second.
Who is behind all these attacks? There's still a lot of crude spam, but it seems people are now being caught by very targeted tricks.
Spam still works, and sometimes social engineering attacks are very sophisticated. I'm sure it's possible to fool, to cheat, everyone, especially if you post private information on MySpace or Facebook.
Cyber-criminals are usually male, from 14-16 to 60 years old, often IT guys who have their own illegal business based on malware or spam.
It's easy, there's not much risk. They are clever guys, they don't operate in their own country, their victims are abroad and that makes it very difficult for police to investigate.
We don't have any hard figures, but we estimate these guys are raking in more than $US100 billion a year.
Our figure is based on some internal data, including data from banks, but we still don't have any idea about losses from online gaming crime. It's a huge market - it may be virtual property, but it costs real money and there's a black market for it.
Nor do we have any idea of how to measure internet fraud on stock exchanges - it would be at least $US100 billion - 10 times or 20 times larger than the anti-malware industry.
In the face of this massive black economy, surely we have to do more than simply try to protect our own machines?
In the short term, the strategy is products, technology and user education, and the anti-malware industry is delivering those.
In the longer term, we'll need an internet Interpol. I'd like to introduce internet passports and more controls on internet usage, because this network is global and we depend on it.
Other critical networks, such as transportation, electricity and water supply, are under the control of authorities - they are regulated. The internet isn't like this, it's a free space.
So, in the long term there'll need to be an internet ID and strict regulations so the authorities can see who is sending messages, who is accessing a particular resource at a particular time.
That will take years to put in place, but it would not be difficult to set up an internet Interpol, a central organisation that co-ordinates the investigation of cyber-crime in different countries.
Police and law enforcement agencies are willing to collaborate, but the processes are not automatic, it takes time, and only a tiny percentage of attacks are investigated.
Kaspersky Lab regards Australia as one of the "victim territories". Why is that?
Yes. The territories with developed economies are the ones that come under the heaviest attack - western Europe, the US, Japan, Korea and Australia. It's all about money. Countries like India and China may have more people on the internet, but they don't have money.
Are there Mr Bigs of cyber-crime?
I don't see it as people at the top or people on the bottom - it's more a chain of people on the same level.
Some develop malware and trade that to others, some create the zombie networks and trade their services; others use malware on zombie networks to infect machines and steal information. Some use the information themselves and some sell it to others.
It's like an industry producing different elements of the same machine, and the industry is developing some fantastic business models, like manipulating the stock exchange, for example.
A criminal broker will have their own agency, and will inject malware into a networked agency, and then will trade two ways - here with their own money, and there with money belonging to the infected agency.
Do you have any offerings in the data loss prevention space?
We were one of the first companies to do research in this field. The next generation of our products will include a comprehensive set of DLP technology.
When did you begin your global strategy, and what part of the business excites you most?
The success of the company - because we are growing very quickly, at about 100 per cent year on year - is amazing and scary at the same time.
We started to look abroad in 1999, when we opened an office in Britain, but we began more seriously in 2002-03, when we opened branches in France and Germany, and allocated more resources to Britain.
Then in 2004, we opened offices in the US and established operations in China, Korea and Japan. Step by step we spread into the main economies.
Now we have enough resources to maintain a global presence, and that's why we are opening an office here in Melbourne, with Alexey Gromyko as channels director for Australia, New Zealand and Oceania.
We'll be looking for local virus experts who can watch what's happening here and become part of our global team. We are also opening offices in the main Latin American economies: Mexico, Brazil, and Argentina, and in the Middle East and some Asian countries.
As a mature business, we have to support our sales partners and be closer to our customers. Other than our technology licensing to the industry, we don't do direct sales.
Our consumer and corporate products are sold through our reseller network. Our strategy is to allocate resources to build our channels, because we want loyal and motivated partners. That's an important issue for our partners, because Symantec recently announced it would do more direct sales. That caused some waves.
There has certainly been consolidation in the industry. Have you stood aside from that, being a Russian company and privately owned?
We don't see any negative impact from being a Russian company. Some market segments could be closed for us, like the military and government in the US, but that's not the case elsewhere. We have interest from some governments and the military in western Europe.
Being Russian doesn't hurt our business because consumers don't care, they just need our products.
Small businesses don't care, they just need our products and services, while enterprises know us - they've been watching us for years.
It's not necessary to be publicly owned. When we started in 1997, there was no such thing as investment in software in Russia. We still don't have investors because we have survived without them. It took more time, and initially we concentrated on building our business in Russia. Now we have about 50 per cent of the domestic consumer market and 50 per cent of the domestic enterprise business.
We started with technology - we developed one of the best antivirus engines in the industry, and we promoted that to other security vendors.
We didn't have enough resources to promote our products and we simply weren't known in the marketplace, but in the industry, everybody knows about everybody, and we didn't need to explain who we were.
We were very successful licensing our engine to other companies like F-Secure, Sybari - which was sold to Microsoft, to Borderware, MessageLabs, many companies.
At the moment, we have more than 100 partners using our technology. Mostly they are developing hardware, but there are also software companies, like Microsoft for example.
It was consumer anti-virus products that sealed your reputation as a leading vendor. How did you achieve that?
Thanks to the Russian education system, we have a lot of brilliant software engineers and so our products were well accepted by consumers.
We are number-one in consumer retail not just in our domestic market but also in Germany, and we're getting close to number-one in France, in Spain, and other western European nations.
We don't have the official stats, but they say we are number-one in retail in China, and that's important.
How do you plan to conquer the enterprise market?
It's easy to be successful in the consumer segment. People are not generally loyal to a brand. They will happily change from product to product. This is not the case with enterprises, because shifting from one product to another takes a lot of resources, and is expensive.
Now we are focusing more on the corporate level because we have the products and services for enterprises too. We understand this is a long story. It takes years for a business to switch from one product to another.