- Email: [email protected]
Russians steppe out
t r a c k e r
Cath Everett [email protected]
Russians steppe out Kaspersky Labs is undoubtedly a thought leader in the anti-malware market, but its decision to specialize could prove risky in the long term.
usband and wife team Eugene and Natalya Kaspersky set up Moscow-based Kaspersky Labs in 1997 to sell anti-virus software. Although the couple has separated, Natalya, as chief executive, runs the business side of the venture, while Eugene remains the technical brains behind it.
H
Eugene Kaspersky is a graduate of the Russian Institute of Cryptography, Telecommunications and Computer Science and worked at a military scientific research body until 1991. He began studying computer viruses in 1989 after discovering Cascade on his own machine. He set up the AVP antivirus group at the KAMI Information Technologies Centre where he worked until setting up the eponymous Labs six years later. Since the early days, however, the organization has also come out with other security-based content management applications.These include a
personal firewall, Kaspersky AntiHacker, and a spam filter, Kaspersky Anti-Spam.The anti-spam product was enhanced in July 2005 when the company acquired the Spamtest project team and technology from Russian vendor Ashmanov & Partners. As a result, Kaspersky’s total antimalware business is believed to have generated about $27 million in 2004. According to Natalya Kaspersky, sales grew around 74% during fiscal 20042005, although she declined to provide revenue figures for last year.The company has changed the way in which it reports its sales, which means that the two sets of figures are not directly comparable, she says. 500lb gorillas
But analysts are unsure whether the company’s size and current growth rates will be enough to sustain it over the long haul in a mature, over-crowded market with its fair share of 500lb gorillas such as Symantec and McAfee.
Infosecurity Today March/April 2006
Thomas Raschke, a senior analyst at Forrester Research, explains:“You can never say never about acquisitions in this market, and there’s been a lot lately.As markets mature, there tend to be more acquisitions and Kaspersky could easily be a target as could other companies of a similar size.At the end of the day, it’s more a strategy question in my opinion, and it is vulnerable to acquisition.”
Natalya Kaspersky: AV not mature
But Kaspersky says that although the company has evaluated its options,“we feel we can do more alone by producing a perfect solution for our customers, so currently we aren’t considering selling the company.”
While it may go public into the future as a means of raising its profile and money, it currently has no firm plans for such a move. But it is likely to make small technology acquisitions “where appropriate”. But while Raschke believes that Kaspersky Labs may be at the forefront technology-wise, into the medium and long term, he feels it faces a challenge in terms of where it wants to go.
“You can never say never about acquisitions in this market.” “Does it want to be best in class in anti-virus and focus all its efforts there, thereby hoping to be better than the competition and grow down that road? Or does it realize that customers are looking for more holistic product suites to help them address other needs than just AV and spam?” he asks.“Focusing on a market that’s comparatively mature with very little room for growth, in my opinion, is somewhat of a risky operation.” Kaspersky disagrees.“The market is very competitive, but when you say it’s mature, I wouldn’t agree.When a market can solve the main problem and provide a means to help people do something, then it’s mature,” she says.“But anti-virus software hasn’t solved the main problem yet and the people making malicious software are getting smarter and smarter.” She believes that the company that delivers the best functionality
44
t r a c
will be the one that wins in the end. “Many customers switch from other anti-virus software to us because they’re not satisfied with their solutions and don’t feel protected. So there are still opportunities, which is why we struggle so much to ensure quality of protection. We believe that’s the most important thing,” Kaspersky says.
“We’ve already got significant market share in Russia, but the market is limited and relatively small, so our focus is on international expansion,” she explains. This led the company to open an office in Boston last year to support and sell mainly to OEM partners.
r
Forrester’s Thomas Raschke: Kaspersky faces challenge
Kaspersky also points out that the company is becoming increasingly international in its outlook and in market penetration. Dependence on the domestic Russian market is “less and less each year”, although it still accounts for 30% of turnover.
The US market already accounts for 10% of revenues, and mainland Europe contributes 30% via a mix of direct, partner and OEM sales, with Germany and France being the firm’s two largest markets behind Russia.
e
To prove her point she indicates that the firm has more than 200 million customers, including those picked up via OEM sales by vendors such as Clearswift, Sybari and Nokia. OEM sales currently generate about 30% of total turnover and are the fastest growing part of the business.The rest of the business comes from small and medium companies (40%), enterprizes (20%) and small office/home office (SoHo) clients (10%).
k
200m customers
Asia is seen as another potential growth area. Following the creation of a joint venture in Korea last year, it currently generates 5% of total turnover.The rest of the world makes up the balance.
“Many customers switch to us because they don’t feel protected.” X-factor
But the big X-factor is the imminent arrival of Microsoft in the anti-virus market, says Raschke.The software giant intends to start shipping its Windows OneCare Live offering, which includes anti-virus, anti-spyware and firewall software with backup functionality, in June.The product,
Infosecurity Today March/April 2006 45
t r a c k e r
which comes from Microsoft’s purchase of Romanian developer GeCad Software, will cost about $49.95, half that of other suppliers, and aim at consumers and SoHo customers with up to three PCs. Raschke says:“Going forward, it’s likely to be positive for the market, but specialized vendors will need to innovate again and re-position themselves, analyse the market and bring out great new solutions.A lot of vendors in this space need a kick up the backside and Microsoft’s appearance is likely to revitalize the market.” Kaspersky admits:“We are afraid of Microsoft—we’d be stupid if we weren’t.” Still, she anticipates its impact on the sector will be relatively low.“The SoHo segment of our business will probably decline due to Microsoft’s entrance, but we expect the enterprize segment to grow.”That should compensate for any shortfall, she explains.
“We are afraid of Microsoft—we’d be stupid if we weren’t.” Part of the growth in enterprize sales is likely to come from InfoWatch, a wholly-owned subsidiary set up by Kaspersky in 2003 to sell a multi-layered information leakage detection and prevention (ILD&P) system (see sidebar). Exploitable position
ILD&P, according to Timur Farouskshin, programme manager at IDC Russia, is a nascent but rapidly evolving market populated by a growing number of players, but one that InfoWatch is well positioned to exploit.
Infosecurity Today March/April 2006
Kaspersky explains why they set up a separate organization rather than house it in the Kaspersky parent company:“We wanted to differentiate InfoWatch and be very focused.The brand Kaspersky is associated with anti-virus and we wanted to continue this, but InfoWatch is more of a security consultancy. Because they’re such different activities, we thought they shouldn’t be under the same umbrella.”
The “daughter company” employs 35 of Kaspersky’s 500 staff and generated between 5% and 10% of the organization’s total revenues last year. “We started InfoWatch three years ago, but only finished the product and started selling it last year. It’s a corporate enterprize solution, so the selling process can take anything from three to eight months because we need to analyse potential customers’ systems, find vulnerable points and work out how to protect them with our system,” Kaspersky says. While she does not expect the subsidiary to outgrow its parent anytime soon, she anticipates it will become “an important business” in future. “The marketplace is becoming attractive because of compliance issues, which we hadn’t thought about at the time. Organizations are now obliged to trace information going out of the company and InfoWatch can do that,” Kaspersky explains. The offering is so far unique, according to IDC, to take a multi-layered rather than a purely desktop or network approach to information leakage.This gives it a competitive advantage over rivals. For the moment. “But we understand that in future other companies could catch up, which is why we’re trying to deliver quality technology that can analyse all types of information,” Kaspersky says. To stay ahead of the game, the company is also considering integrating InfoWatch with its anti-virus software to protect customers against collusion between insiders and external hackers to create information leaks. “There’s currently no solution to prevent this, but there are also many other routes that we could go down,” Kaspersky says. But the organization does not appear to be stopping there.Although Kaspersky refuses to provide details of her plans, she says:“We want to stay in malware because we feel that’s where our strengths lie. But we do have some other projects in mind and maybe if they’re successful, we might be setting up other new businesses.”
•
Cath Everett writes for Computing, Computer Weekly, ZDNet UK, Outsource and Third Sector.
What is Information Leakage Detection and Prevention? Information Leakage Detection and Prevention (ILD&P) was coined by market research firm IDC to describe systems that protect organizations against the loss of sensitive information by the actions of internal staff, most of which are not malicious, but that unwittingly put their companies at risk. Although the market for such systems is nascent, it is growing rapidly. This is because organizations are becoming more aware that the increased use of email, instant messaging (IM), chat, peer-to-peer (P2P) applications, mobile devices and other channels for distributing corporate data outside of organizational boundaries has made it more difficult to control information flows. Moreover, companies face tougher compliance legislation, which focuses on safeguarding sensitive and private corporate information. But traditional content filtering technologies are not enough to tackle the problem. Two main categories of ILD&P systems have emerged, one focused on network issues, the other on the desktop, or rather, end-point. Network-based offerings monitor outbound network traffic and identify traffic that carries sensitive information via channels such as email and IM in contravention of corporate policies. Most use network sniffers housed in Linux-based hardware appliances, which are installed next to firewalls. Vendors here include start-ups such as Vericept and Vontu, email gateway providers such as ProofPoint, and IM and P2P management players such as IMlogic and FaceTime. Desktop-based products enforce data distribution policies on corporate PCs and laptops using agents installed into the operating system to gain control of user activities. These can include sending an IM message, attaching a file to an email or burning data onto a CD. Suppliers here include pure players Verdasys and Ochestria, enterprize digital rights management system providers such as SealedMedia and Authentica, and endpoint security solution vendors such as Safend and Control Guard. InfoWatch is currently the only company that provides a multi-layered approach. This combines the network and desktop techniques described above. But other players are ramping up their research and development teams or signing up partners to help them get there. In the long term, ILD&P systems are likely to become key components of full-blown regulatory compliance packages. Source: IDC
46
Cath Everett [email protected]
Russians steppe out Kaspersky Labs is undoubtedly a thought leader in the anti-malware market, but its decision to specialize could prove risky in the long term.
usband and wife team Eugene and Natalya Kaspersky set up Moscow-based Kaspersky Labs in 1997 to sell anti-virus software. Although the couple has separated, Natalya, as chief executive, runs the business side of the venture, while Eugene remains the technical brains behind it.
H
Eugene Kaspersky is a graduate of the Russian Institute of Cryptography, Telecommunications and Computer Science and worked at a military scientific research body until 1991. He began studying computer viruses in 1989 after discovering Cascade on his own machine. He set up the AVP antivirus group at the KAMI Information Technologies Centre where he worked until setting up the eponymous Labs six years later. Since the early days, however, the organization has also come out with other security-based content management applications.These include a
personal firewall, Kaspersky AntiHacker, and a spam filter, Kaspersky Anti-Spam.The anti-spam product was enhanced in July 2005 when the company acquired the Spamtest project team and technology from Russian vendor Ashmanov & Partners. As a result, Kaspersky’s total antimalware business is believed to have generated about $27 million in 2004. According to Natalya Kaspersky, sales grew around 74% during fiscal 20042005, although she declined to provide revenue figures for last year.The company has changed the way in which it reports its sales, which means that the two sets of figures are not directly comparable, she says. 500lb gorillas
But analysts are unsure whether the company’s size and current growth rates will be enough to sustain it over the long haul in a mature, over-crowded market with its fair share of 500lb gorillas such as Symantec and McAfee.
Infosecurity Today March/April 2006
Thomas Raschke, a senior analyst at Forrester Research, explains:“You can never say never about acquisitions in this market, and there’s been a lot lately.As markets mature, there tend to be more acquisitions and Kaspersky could easily be a target as could other companies of a similar size.At the end of the day, it’s more a strategy question in my opinion, and it is vulnerable to acquisition.”
Natalya Kaspersky: AV not mature
But Kaspersky says that although the company has evaluated its options,“we feel we can do more alone by producing a perfect solution for our customers, so currently we aren’t considering selling the company.”
While it may go public into the future as a means of raising its profile and money, it currently has no firm plans for such a move. But it is likely to make small technology acquisitions “where appropriate”. But while Raschke believes that Kaspersky Labs may be at the forefront technology-wise, into the medium and long term, he feels it faces a challenge in terms of where it wants to go.
“You can never say never about acquisitions in this market.” “Does it want to be best in class in anti-virus and focus all its efforts there, thereby hoping to be better than the competition and grow down that road? Or does it realize that customers are looking for more holistic product suites to help them address other needs than just AV and spam?” he asks.“Focusing on a market that’s comparatively mature with very little room for growth, in my opinion, is somewhat of a risky operation.” Kaspersky disagrees.“The market is very competitive, but when you say it’s mature, I wouldn’t agree.When a market can solve the main problem and provide a means to help people do something, then it’s mature,” she says.“But anti-virus software hasn’t solved the main problem yet and the people making malicious software are getting smarter and smarter.” She believes that the company that delivers the best functionality
44
t r a c
will be the one that wins in the end. “Many customers switch from other anti-virus software to us because they’re not satisfied with their solutions and don’t feel protected. So there are still opportunities, which is why we struggle so much to ensure quality of protection. We believe that’s the most important thing,” Kaspersky says.
“We’ve already got significant market share in Russia, but the market is limited and relatively small, so our focus is on international expansion,” she explains. This led the company to open an office in Boston last year to support and sell mainly to OEM partners.
r
Forrester’s Thomas Raschke: Kaspersky faces challenge
Kaspersky also points out that the company is becoming increasingly international in its outlook and in market penetration. Dependence on the domestic Russian market is “less and less each year”, although it still accounts for 30% of turnover.
The US market already accounts for 10% of revenues, and mainland Europe contributes 30% via a mix of direct, partner and OEM sales, with Germany and France being the firm’s two largest markets behind Russia.
e
To prove her point she indicates that the firm has more than 200 million customers, including those picked up via OEM sales by vendors such as Clearswift, Sybari and Nokia. OEM sales currently generate about 30% of total turnover and are the fastest growing part of the business.The rest of the business comes from small and medium companies (40%), enterprizes (20%) and small office/home office (SoHo) clients (10%).
k
200m customers
Asia is seen as another potential growth area. Following the creation of a joint venture in Korea last year, it currently generates 5% of total turnover.The rest of the world makes up the balance.
“Many customers switch to us because they don’t feel protected.” X-factor
But the big X-factor is the imminent arrival of Microsoft in the anti-virus market, says Raschke.The software giant intends to start shipping its Windows OneCare Live offering, which includes anti-virus, anti-spyware and firewall software with backup functionality, in June.The product,
Infosecurity Today March/April 2006 45
t r a c k e r
which comes from Microsoft’s purchase of Romanian developer GeCad Software, will cost about $49.95, half that of other suppliers, and aim at consumers and SoHo customers with up to three PCs. Raschke says:“Going forward, it’s likely to be positive for the market, but specialized vendors will need to innovate again and re-position themselves, analyse the market and bring out great new solutions.A lot of vendors in this space need a kick up the backside and Microsoft’s appearance is likely to revitalize the market.” Kaspersky admits:“We are afraid of Microsoft—we’d be stupid if we weren’t.” Still, she anticipates its impact on the sector will be relatively low.“The SoHo segment of our business will probably decline due to Microsoft’s entrance, but we expect the enterprize segment to grow.”That should compensate for any shortfall, she explains.
“We are afraid of Microsoft—we’d be stupid if we weren’t.” Part of the growth in enterprize sales is likely to come from InfoWatch, a wholly-owned subsidiary set up by Kaspersky in 2003 to sell a multi-layered information leakage detection and prevention (ILD&P) system (see sidebar). Exploitable position
ILD&P, according to Timur Farouskshin, programme manager at IDC Russia, is a nascent but rapidly evolving market populated by a growing number of players, but one that InfoWatch is well positioned to exploit.
Infosecurity Today March/April 2006
Kaspersky explains why they set up a separate organization rather than house it in the Kaspersky parent company:“We wanted to differentiate InfoWatch and be very focused.The brand Kaspersky is associated with anti-virus and we wanted to continue this, but InfoWatch is more of a security consultancy. Because they’re such different activities, we thought they shouldn’t be under the same umbrella.”
The “daughter company” employs 35 of Kaspersky’s 500 staff and generated between 5% and 10% of the organization’s total revenues last year. “We started InfoWatch three years ago, but only finished the product and started selling it last year. It’s a corporate enterprize solution, so the selling process can take anything from three to eight months because we need to analyse potential customers’ systems, find vulnerable points and work out how to protect them with our system,” Kaspersky says. While she does not expect the subsidiary to outgrow its parent anytime soon, she anticipates it will become “an important business” in future. “The marketplace is becoming attractive because of compliance issues, which we hadn’t thought about at the time. Organizations are now obliged to trace information going out of the company and InfoWatch can do that,” Kaspersky explains. The offering is so far unique, according to IDC, to take a multi-layered rather than a purely desktop or network approach to information leakage.This gives it a competitive advantage over rivals. For the moment. “But we understand that in future other companies could catch up, which is why we’re trying to deliver quality technology that can analyse all types of information,” Kaspersky says. To stay ahead of the game, the company is also considering integrating InfoWatch with its anti-virus software to protect customers against collusion between insiders and external hackers to create information leaks. “There’s currently no solution to prevent this, but there are also many other routes that we could go down,” Kaspersky says. But the organization does not appear to be stopping there.Although Kaspersky refuses to provide details of her plans, she says:“We want to stay in malware because we feel that’s where our strengths lie. But we do have some other projects in mind and maybe if they’re successful, we might be setting up other new businesses.”
•
Cath Everett writes for Computing, Computer Weekly, ZDNet UK, Outsource and Third Sector.
What is Information Leakage Detection and Prevention? Information Leakage Detection and Prevention (ILD&P) was coined by market research firm IDC to describe systems that protect organizations against the loss of sensitive information by the actions of internal staff, most of which are not malicious, but that unwittingly put their companies at risk. Although the market for such systems is nascent, it is growing rapidly. This is because organizations are becoming more aware that the increased use of email, instant messaging (IM), chat, peer-to-peer (P2P) applications, mobile devices and other channels for distributing corporate data outside of organizational boundaries has made it more difficult to control information flows. Moreover, companies face tougher compliance legislation, which focuses on safeguarding sensitive and private corporate information. But traditional content filtering technologies are not enough to tackle the problem. Two main categories of ILD&P systems have emerged, one focused on network issues, the other on the desktop, or rather, end-point. Network-based offerings monitor outbound network traffic and identify traffic that carries sensitive information via channels such as email and IM in contravention of corporate policies. Most use network sniffers housed in Linux-based hardware appliances, which are installed next to firewalls. Vendors here include start-ups such as Vericept and Vontu, email gateway providers such as ProofPoint, and IM and P2P management players such as IMlogic and FaceTime. Desktop-based products enforce data distribution policies on corporate PCs and laptops using agents installed into the operating system to gain control of user activities. These can include sending an IM message, attaching a file to an email or burning data onto a CD. Suppliers here include pure players Verdasys and Ochestria, enterprize digital rights management system providers such as SealedMedia and Authentica, and endpoint security solution vendors such as Safend and Control Guard. InfoWatch is currently the only company that provides a multi-layered approach. This combines the network and desktop techniques described above. But other players are ramping up their research and development teams or signing up partners to help them get there. In the long term, ILD&P systems are likely to become key components of full-blown regulatory compliance packages. Source: IDC
46