Last week, The Tech Herald traveled to Mexico in order to attend an event hosted by Kaspersky. Yes, I know that's bragging. But considering Indianapolis was just ending a week of Super Bowl madness, and it was freezing here, I was all too happy to attend.
There were several reporters in Mexico with me, many of whom I’ve met before, and others who I’ve just followed while reading the headlines. On top of that, several of Kaspersky’s research staff were on hand to talk about almost anything.
Still, the most interesting things to come out of Mexico as it pertains to Kaspersky is the proof that the company is stocked with some solid people. I’m not talking about people obsessed with Malware research or cyber crime. Kaspersky’s crew has that, but I’m talking about people who honestly take an interest in the connected world, and realize they are just a single piece in a much larger puzzle.
Events like the one in Mexico are tricky for a reporter. Sometimes they are all ego, focused on how great the company is, offering nothing aside from talking points – during the event itself and later during (off-the-record) conversations at the bar. Other times, the event’s are open to discussion and while the company’s product and service is clear – it isn’t the focus. This holds true during the on and off hours.
I’ve been to events hosted by five companies in the last year. Three of them were great, and I walked away with a better understanding of the company and services, as well as an understanding of how the vendors and their staff operate. Two of them were busts, leaving me with a collection of marketing materials, and not much else.
If the Kaspersky staffers had talking points to follow when interacting with the invited press, they either ignored them or they were well hidden. Not once was I asked about a given product, if I would write a review, or randomly pitched for a one-off story that isn’t really related to current events. Instead, the Kaspersky staffers I spoke with talked about the Super Bowl, U.S. politics, and the finer qualities of tequila.
Outside of the conference areas, there were debates on the morality of hacktivism, regulation proposals (SOPA / PIPA), and if the term APT is real or just marketing jargon (I still say it is hype). There were interesting moments within the conference area as well.
For example, during a panel that included Eugene Kaspersky himself, as well as other notable experts such as Alexander Ntoko (ITU), Alexander Seger (Council of Europe), and Michael Moran (Interpol), no one could define the term cyber war.
Here, a collection of recognized experts when it comes to crime, law enforcement, and information security, admitted that it is easier to create terms, but harder to define them. This same group also debated on the feasibility of an Interpol-like agency dedicated to fighting cyber crime.
Mr. Kaspersky called it the International Cyber Security Agency (ICSA), an acronym that might have to change if Verizon Business has any say, as they have ICSA Labs. Still, his point was that something needs to be done to combat cyber crime. It’s just that the others had other opinions.
One panelist, Seger, pointed out that the creation of such an agency would take years. He argued that it would make more sense to take what already exists when it comes to dealing with cyber crime on an international scale, what the governments of the world are doing with said methods, and build on that foundation to create what would be known as the ICSA.
Ntoko chimed in with the point that there has to be cooperation on several levels, as it wouldn’t do to have government leaders dictate the fight against cyber threats. His unstated point being is that when politics are included, things can go south quickly. Agencies aside, while the ICSA idea has merit - even if it happens - there remains the issue of budgets and enforcement, which is an entirely difference set of problems.
Other topics centered on the fact that despite investing millions in R&D and expansion (there is a new building going up in Russia), Kaspersky was still profitable last year. With that said, some focused on the fact that the growth was only 14-percent, compared to 38-percent the year previous.
However, the anti-virus market stalled for the most part in 2011. Symantec grew 7-percent, and Intel (McAfee) reported a loss in their software and services group for the 12 months ending Dec. 31, 2011. Yet, all three firms were still profitable, especially Intel.
The down side to Kaspersky’s financial announcement is that they are skipping out on an IPO. For those that might be shocked at the lack of an IPO, the idea itself has been around since 2009. In 2011, General Atlantic paid some $200 million for a 20-percent stake in Kaspersky, fueling the IPO dreams for hopeful investors. Some said the General Atlantic investment was the proof of a future IPO.
Yet, Kaspersky is going to buy that 20-percent stake back, as well as purchase shares held by others who wanted in on the recapitalization plans. This buyback gives Kaspersky freedom to grow and expand, and as the company said last week, it will allow them to protect their corporate culture in the process.
You would think that finance has nothing to do with information security; it’s rare that you see it covered in general security news. It’s closely related though, because without finances, who will pay the people to innovate protective measures?
Watching the external debate over Kaspersky’s announced earnings at lunch the day they were made, I noticed that the same points were being made on both sides, and neither person was making any progress.
I was reminded of a slide deck that was sent to me the previous evening, which included mention of the Red Queen Effect. In finance, you have to spend money to make money, which will impact profitability in some degree. No matter what you do, an investor or market pundit will always expect more. Likewise, in the security space, no matter how fast you move to counteract the criminals it’s nearly impossible to get ahead.
To quote the Red Queen herself, “It takes all the running you can do, to keep in the same place.”
Kaspersky is a growing company, with big plans for the future. There are some smart people working there, creative types who are constantly aware that sometimes no matter what they do, when it comes to battling threats on the Internet - they may still end up running in place, as if they were chained to a treadmill.
So, even with Kaspersky’s investments in R&D, and the freedom obtained with the recapitalization, it’s unlikely they will defeat the rat race that is cyber crime. But after spending a week talking to several of their brightest, I’m sure that won’t stop them from attempting that monumental feat at all.
Treadmill be damned.
Disclosure: Kaspersky picked up the tab for my trip, on the assurance that I might not write anything at all, and if I did, it might not be positive.
[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]