Jürgen Fälchle - stock.adobe.c

Kaspersky eyes enterprise business, opens APAC transparency hub

The security firm wants to engage with enterprises and use its newly launched Malaysian Transparency Centre to burnish its credentials

Kaspersky Lab is beefing up its Asia-Pacific presence in the enterprise segment, in a bid to shed its image as a consumer security company.

Acknowledging that Kaspersky is still seen as a consumer security firm in the region, Stephan Neumeier, its managing director for Asia-Pacific and Japan, said the company needs to address enterprise needs quickly if it is to grow its overall business in the region.

“People still talk to me about Kaspersky and Jackie Chan,” quipped Neumeier, referring to a Kaspersky advertisement campaign that featured the martial arts legend and the company’s founder Eugene Kaspersky about a decade ago.

“But the truth is we’ve changed a lot at Kaspersky in the past five years,” he told Computer Weekly in an exclusive interview. “We are not just a traditional [consumer] antivirus company – we’ve developed specific solutions to address the enterprise market.”

For many enterprise technology suppliers, building an effective partner ecosystem is key to cracking the business-to-business (B2B) market. And one of the biggest challenges for Kaspersky, said Neumeier, is to ensure its partners can deliver solutions to enterprises.

That starts with equipping Kaspersky’s partners – mostly large distributors and managed partners focused on serving specific industries such as financial services – have the right skills to sell and roll out enterprise projects, said Neumeier.

“Over the past five years, we have developed sophisticated technology for the B2B sector, including non-endpoint solutions, professional training, anti- advanced persistence threats, as well as setting up and managing security operations centres (SOCs),” he said. “We need to make sure our partners could follow us, that they are educated and can serve enterprise customers properly.”

Read more about cyber security in APAC

In January 2019, Kaspersky launched a new partner programme called Kaspersky United to help partners develop capabilities, with the aim of recertifying and re-educating them on the company’s growing portfolio of security products and services.

Neumeier said most partners have already completed the programme, though Kaspersky has had to recruit new partners in some countries where existing partners are not up to scratch.

To improve Kaspersky’s branding among enterprises, Neumeier said half of the company’s marketing budget has already been allocated to the B2B segment, with the bulk of this amount going to marketing efforts targeted at enterprises.

These include customer events dubbed ‘enterprise in a box,’ where representatives of companies in industries such as financial services are invited to speak on topics including the role of SOCs, threat hunting, internet of things (IoT) security, and endpoint detection and response (EDR), among others.

“Our approach to customers has changed, as we now want to push the idea that we are a significant player in cyber security among enterprises,” said Neumeier.

Speed bumps

According to research firm Gartner, the endpoint protection platform market is expected to grow 6.9% in 2019, from an estimated $5.9bn to more than $6.7bn by 2022. In 2016 and 2017, Kaspersky was named one of the leaders in Gartner’s yearly security scorecard, the Magic Quadrant for endpoint protection platforms, keeping close with household names such as Symantec, Trend Micro and Sophos.

However, in the past two years, Kaspersky dropped from being one of the leaders, which Gartner attributed, among other things, to not having an “enterprise-class cloud offering” and that its “advanced EDR functions are lacking for mature SOCs”.

Still, Gartner highlighted some of Kaspersky’s strengths, including consistently scoring high in external testing, a good reputation among Gartner customers for having strong prevention and detection capabilities, as well as a large research and development outfit that allows it to roll out product updates quickly.

While Gartner assesses companies on its Magic Quadrant based on interviews with its clients and by evaluating publicly available information on each company’s technical abilities, the biggest stumbling block to Kaspersky’s ambitions in the enterprise space may be related to the perception that its products are unsafe due to the alleged ties between Kaspersky and Russian intelligence.

In September 2017, the US government began banning the use of Kaspersky’s products in the government sector. The company has since appealed the ban and filed a suit against the US government, but to no avail.

As a result, the entire debacle has cast a pall over Kaspersky’s reputation as a global security firm. To counter the negative perceptions, Kaspersky launched the global transparency initiative (GTI) in October 2017 to make the company more transparent to government officials, partners and customers.

The initiative includes, among other things, an independent review of the company’s source code, independent assessment of its secure development lifecycle processes, and the formation of three transparency centres in Europe, Asia and the US by 2020.

Coming clean

At a GTI launch event in Cyberjaya, Malaysia, the eponymous company founder said the company continues its pledge to show customers and governments that its products are 100% trustworthy.

As part of its commitment to GTI, Kaspersky said Cyberjaya – a suburb about 70km outside of capital city Kuala Lumpur – was chosen as the third transparency centre following the launch of similar facilities in Zurich and Madrid in 2018.

The Malaysian centre that also serves as Kaspersky’s Asian hub was established in cooperation with local government agency CyberSecurity Malaysia (CSM). During his keynote address, CSM CEO Amirudin Wahab said as the threat landscape evolves, it is crucial for Malaysia to work with companies such as Kaspersky in order to build trust and cooperation.

Asked what this entailed, Wahab noted that cooperation with Kaspersky began last year with a shared programme that involved education, capacity building and the exchange of technical expertise.

“Our plan is to use the Cyberjaya Transparency Centre to foster innovation, develop programmes to build security talent and human capital in Malaysia, as well as to conduct software and security testing,” he said, arguing that Kaspersky’s willingness to open its doors and data processes shows that it has nothing to hide.

Neumeier said part of the centre’s objective is to invite governments, partners and customers in Asia-Pacific to scrutinise Kaspersky’s products down to the source-code level – if they deem it necessary.

“Our customers have welcomed this, and in fact now wonder why other security firms cannot do the same,” he said. “Perhaps they will require others [security players] in their request for proposals too, to prove they have nothing to hide – something that is good for the security industry.”

Read more on Endpoint security