SPONSORED: ESET CEO Richard Marko answers YOUR questions
CRN has spent recent weeks canvassing resellers on their burning questions for the endpoint security vendor's boss. We put them to Marko last week, and here's how he responded...
All AV solutions are much of a muchness, so how do you differentiate yourselves from other AV vendors?
You can to some extent say the same about why you would buy one brand of car and not another one, because all cars have four wheels and will get you home. But still there are differences. I think we can approach it from several perspectives.
The first one is our reliability. Some vendors are more reliable than others. For example, how likely is it that the product will crash the machine, or that the new version will not work properly in your environment, or that you'll update the operating system and everything will break down?
We have a very strong record in this regard. I think for the more than seven years I have been CEO of this company - and I've been with ESET for 20 years - we haven't had a major incident of this type, so that is probably the first thing.
The second one is of course what usually comes to mind: do you protect better than the other products? That's difficult to measure, but our approach is very multi-layered, so it's not dependent on one type of technology that is delivering the protection, with signatures that need to be updated and all these things. There are a number of very sophisticated layers and I think this is distinguishing us from other vendors.
The third one, which is very important, is speed. ESET products are well known for being fast and not being a burden on the machine. These are the three main qualities that we try to follow and this makes the difference.
How does ESET fit into a wider cybersecurity solution for customers and what other security vendors do you typically partner with on projects on an OEM basis?
This question can be taken from opposite directions. One would be that we are focused on being primarily end-point security, so having solutions that prevent malware attacks at the end-point level and that includes anti-virus - whatever the term means right now. It's obviously a lot more advanced than it used to be.
When we go into more complex deals we sometimes need to provide other parts of security as part of our offering, so that is the technology alliances that we have and the partners we invite into the alliance are those that provide different sides of security or IT, such as backup for example, that we don't do directly.
The other direction is that we have been available in the market for a long time. There are a number of smaller and bigger companies that come to us because they need our knowhow and technology to be included into their solutions.
Some of that is connected to the Internet of Things - integration into routers and these kinds of devices - and it can be quite big things, for example when Google opted to include our technology into its browser to provide protection against PUAs.
Why should partners switch from the AV vendor they have traditionally worked with, and how does ESET deliver the maximum possible ROI for partners?
There are two things. One is that we are a private company so more or less the only source of income for us is the revenue. We cannot do revenue that is not generating profit.
We don't go into these kind of deals; we can only do that in a limited way as otherwise we wouldn't be able to work well. ESET has been a very profitable company for many years. That automatically means that the partners are profitable, but it is typical for ESET to have long-term relationships, so we have a number of partnerships that are 10 to 15 years long.
Some of them are exclusive partners and we try to protect the channel. For example, we offer renewals as part of the revenue, so partners have access to that if they made the initial deal and that doesn't seem to be automatic with other vendors, so we try to have a win-win relationship with our channel.
How does ESET tackle the issues around ransomware, given that it is a very advanced threat that traditional tools often can't deal with?
The question indicates that it's a very advanced threat, but from our technology perspective it isn't really more advanced than other threats, it's just different.
It's a type of attack that is so hard for those who suffer from it and that's why it gets all the publicity, but the protection against this attack is, to a large extent, similar to the other attacks.
I mentioned our multi-layered approach, so for example with the WannaCry attack - which is one of the most famous - it was able to spread so quickly because it was using certain vulnerabilities that were known for years but disclosed only three or four weeks before the attack.
Vulnerabilities themselves are not a problem and until someone uses one, you have no trouble. This is when the vendors decide what they do - in our case we introduced solutions for the vulnerability and a couple of these were after the disclosure of the vulnerability, so by the time the WannaCry attack went on we had protection in place and our customers almost didn't suffer at all.
There might have been some small exceptions that used older products or not updated products, but we were just doing our job properly and responding in time, before the actual damage was done.
What is your response to people who say anti-virus is dead?
I've heard that several times. I've been in this industry for a long time and usually it's not the whole sentence; it's usually something like ‘AV is dead, you need this', so it depends on what you call AV. If you mean technology from the 1990s then I would say yes it is dead, but if you mean all these extra things that were developed over the last 20 years then it is far from dead - it is actually essential.
SPONSORED: ESET CEO Richard Marko answers YOUR questions
CRN has spent recent weeks canvassing resellers on their burning questions for the endpoint security vendor's boss. We put them to Marko last week, and here's how he responded...
What do you make of the emerging end-point security vendors that came to the market around 2016 and were critical of the more established vendors?
There are, from time to time, these sort of waves and in this particular case it is actually connected to the question you asked before.
Those new vendors came and said ‘forget about the old-school vendors, AV is dead, this is the next generation of solutions'. The next-generation vendors are based on using things such as artificial intelligence. What they tried to do, and are still trying to do, is develop some of the layers that we have been working on, often for many years.
Artificial intelligence has been a part of our solution since the nineties. We are now in 2018 and you can see what these new next-gen vendors have been able to achieve; usually not that much from a business perspective because it takes time to create the teams, develop proper technology and get the trust. If the technology doesn't work as announced -which is very often the case - it just doesn't work at all.
How do you stack up against your competition in terms of detection rates and false positives?
We stack up very well. We've touched on this in a previous question but in fact it is very difficult to measure these things, and often the tests that are being done are quite superficial and don't give you a full picture - but still they give an indication.
For example, we are the only company that has received 100 VB100 awards, which looks at virus blocking in British organisations and they have been testing for 20 years. It's a sign of long-term success.
What is the split between your consumer, SMB and enterprise business, and do you envisage this changing over the next couple of years?
We are moving more towards business customers from home users. Right now the business part of our revenue is more than 60 per cent worldwide and out of that the highest growth rate is connected to the enterprise business, which is approaching 10 per cent of our revenue.
That is on one hand natural, and on the other this is what we are really trying to do because the consumer part of the business is tricky. It has all the troubles of freemium products, while the business side - in particular the enterprise - is under a lot of pressure from attacks. The companies, especially the big ones that have been through troubles, are willing to invest in security because they know these kind of things can be very damaging.
What was the rationale behind acquiring the UK business?
There were several reasons why we decided to do so. The first one is very straightforward. The UK is one of the biggest markets for security and so paying proper attention to the market is logical.
The second is that by having a presence here we can focus on long-term strategies and we were able to invest more in the market and recruit more people to make stronger teams here.
The third reason is the direction we are heading towards. This portfolio of products for enterprise customers is not only the traditional end-point protection, it is also EDR and services that are related to it. We need to have direct access in the market and the best thing for the clients is to have local support. It is not only like a traditional technical support but also the expert kind of monitoring, for example, and advice that we want to be able to provide.