In The Boardroom™ Let's Talk™ Press Room About Us Research Reports Contact Us
In the Boardroom™
Panda Security USA

In The Boardroom™ With...

Mr. Ryan Sherstobitoff
Chief Corporate Evangelist
Panda Security USA
www.PandaSecurity.com


SecuritySolutionsWatch.com: Thank you for joining us today, Ryan. Please give us an overview of your background and your role with Panda Security.

Ryan Sherstobitoff: I am the Chief Corporate Evangelist at Panda Security USA and I am responsible for the US strategic response to the emerging new breed of malware that the antivirus industry must now confront. One of my primary duties is to educate the public at large that there has been an enormous shift in the way that cyber-criminals and hackers are taking to attack and infect computer systems and that the traditional methods of trying to stop them are no longer effective.

SecuritySolutionsWatch.com: What's behind the recent name change from Panda Software to Panda Security?

Ryan Sherstobitoff: It was felt that the name Panda Security better reflected our primary focus as a company-which is to provide the security necessary to protect all computer users throughout the world against every conceivable type of online attack.

SecuritySolutionsWatch.com: How has the recent change in the threat landscape affected end-users? Are we better protected then we were before?

Ryan Sherstobitoff: No, the truth of the matter is that we currently have what we call at Panda a "Silent Epidemic" occurring on the Internet. The unfortunate reality is that the industry leading solutions on the market are unable to keep up with today's ever changing threat landscape and by that I mean the sheer volume of new malware along with the greatly increased sophistication. Even worse, a false sense of security is being conveyed to end-users by sources they depend on through inefficient testing methodologies that rate and certify product effectiveness.

The current testing methodologies utilized by reviewers and independent third parties mainly take into perspective a small portion of the vendor's protection model. Security products are being rated against their capabilities of catching known viruses- using the signature based defenses-in the wild keeping in mind the wild-list contains only self-replicating malware, not including Trojans.

These tests, however, do not take into consideration the vendor's proactive capabilities either through heuristics or behavioral based technologies. Thus, it does not reflect the vendor's actual capabilities to protect their customers. Thus, we get a false sense of security when users purchase a product on the basis of the review it received in a magazine publication for it's detection capabilities.

SecuritySolutionsWatch.com: How is the industry addressing this issue with testing standards?

Ryan Sherstobitoff: The industry is addressing this problem through the formation of a standards group known as the Antimalware Testing Standards Organization-or AMTSO-in which Panda Security is a founding member. A vast number of other vendors are also a part of this group. The objective of the AMTSO is to promote standards and best practices for correctly testing and evaluating the effectiveness of antimalware solutions on the market.

SecuritySolutionsWatch.com: How do you see the formation of the AMTSO changing the very way products are tested and evaluated?

Ryan Sherstobitoff: With the formation of the AMTSO we hope that reviewers and independent third parties adopt the best practices developed for testing and evaluating anti-malware solutions-taking into consideration all parts of
a vendor's protection model and not just focusing on signature based detection as the sole driver for product quality. Thus, this benefits end-users as they will be purchasing products on the basis of actual protection capabilities that have been correctly evaluated both on the signature and proactive side.

SecuritySolutionsWatch.com: Please give us an overview of Panda Security solutions for Home Users and for the Enterprise market.

Ryan Sherstobitoff: Panda Security offers a wide-range of products for both the home user and the enterprise market providing protection at all levels. For the consumer we offer three products – Antivirus + Spyware 2008, Antivirus + Firewall 2008 and Internet Security 2008 all which provide varying levels of protection to meet the needs of the home user. For the Enterprise market we offer Panda Security for Enterprise which is aimed at protecting large corporate environments.

SecuritySolutionsWatch.com: What is your perspective on market drivers at the present time for Panda Security solutions?

Ryan Sherstobitoff: Currently the evolving threat landscape and the current protection model that is being used is not working as well as it should be. For example the traditional anti-malware model works off of the principle of analyzing malicious code manually and providing vaccines in the form of a signature file. However; because there is such an overwhelming rate of new threats (4000 new threats per day), a new approach must be aken to address this. Panda Security solutions, especially the technologies that take advantage of Collective Intelligence will allow Panda Security to address the more modern and sophisticated approach cyber-criminals are taking today.

SecuritySolutionsWatch.com: One will read in Panda Security's recent "white paper" titled "Collective Intelligence" that, "The amount of malicious software (or malware) that is being released in the world is increasing at an alarming rate. To combat this threat, most antivirus and anti-malware solution vendors are relying on the creation of signatures to protect users. But creating signatures can be a time-intensive process. As a result, current solutions are proving to be much less effective against the proliferation of threats in circulation. Even users protected by solutions with the latest signature databases are frequently infected by active malware. Complementary approaches and technologies must be developed and implemented in order to raise the effectiveness of these solutions to adequate levels." How does Panda Security address this issue?

Ryan Sherstobitoff: Panda Security addresses this by introducing a radical new approach to deal with this epidemic, this approach is called Collective Intelligence. The principles behind Collective Intelligence are:

  • The creation of a of a global malware detection network that consist of over 5 million detection nodes strategically placed throughout the world.
  • Reducing the manual effort required to process the thousands of samples received daily, thereby increasing the capacity and visibility the lab has in terms of malware.
  • Deploying technologies within" the cloud" to automate and enhance the malware collection, classification and remediation involved with a standard cycle.
  • The creation of one of the largest malware databases ever created with over 2 million malware signatures and counting.
  • The ability to perform malware audits from virtually any location, on any system of any size without existing security software conflict.

SecuritySolutionsWatch.com: Let's turn to the subject of financial risk with internet transactions and preventing online fraud. How big is the problem and what is Panda Security's solution?

Ryan Sherstobitoff: Just to put it in the proper perspective, cyber-crime is now one of the most profitable illegal activities in the world-potentially as big or bigger than the illegal drug trade. The bad guys go where the money is, so online fraud is a very big target. The weak link in the chain, however, is the consumer-in other words, they are often the source of infection for the financial institutions. Panda Security's Online Transaction service prevents infected users from spreading that infection to the financial institution.

SecuritySolutionsWatch.com: We understand that end-users may receive a free online scan at PandaSecurity.com to clean viruses and threats from their PC in just a few minutes. Is it that simple?

Ryan Sherstobitoff: Yes. The key to great protection is great detection. Panda Security has the largest malware signature file ever compiled with over 2 million signatures and growing. All anyone has to do is go to www.infectedornot.com in order to scan their PC and take advantage of our huge database-it's very fact. It's that simple.

SecuritySolutionsWatch.com: Please tell us about these additional resources at PandaSecurity.com such as: "Latest Threats", "Virus Infection Maps" and "Global ThreatWatch".

Ryan Sherstobitoff: PandaLabs-Panda Security's research division-has over 5 million detection centers strategically placed around the globe. When new malware is created anywhere in the world, we automatically detect and analyze it. We then share this information with anyone who wishes to visit our website and view the data. It's a great way to keep abreast of the current threats that exist on the Internet.

SecuritySolutionsWatch.com: Thanks again for joining us today, Ryan. Are there any other subjects you'd like to discuss?

Ryan Sherstobitoff: In closing I'd just like to say that, unfortunately, despite the general perception, the Internet is probably more dangerous than ever in terms of the potential damage today's new breed of silent malware can do to our pocketbooks. Thousands of new kinds of malware are released onto the Internet each and every day-most of them designed to get past traditional antivirus programs. It is our hope at Panda Security that everyone who used the Internet take the necessary precautions to keep their systems safe and secure.