Know My Company
Hi Gianluca. Please tell us about your journey in technology and how you started at Panda Security.
I’ve always been somewhat of a geek since I was very young. I’m also fairly technology addicted, and took an interest in emerging technologies, going back to the early days of the Internet and bulletin board systems (BBS). Later, I became interested in the world of hacking, which led to the cybersecurity space in recent years. My journey started with a very technical profile, and eventually ended up in sales.
Every day, I was in direct contact with partners and customers, pitching a compelling value proposition aimed at mitigating cyber threats.
I started with Panda Security in 2015, after very interesting experiences at Symantec and Sophos. Joining Panda Security was a natural evolution in my career, and a great opportunity to leverage what I learned in the previous 15 years working for some of the most recognized security vendors in the market. It was also very exciting and challenging to build a completely new go-to-market strategy for North America while restructuring the sales, presales and marketing organizations. Today, we have a flexible, start-up environment, even though Panda Security has 30 years of history in the market.
And, as we adapted our strategy to the US market, we experienced fantastic 40% growth, which has continued year over year, proving we’re on the right track for the future.
How is selling cybersecurity software solutions different from selling a traditional software product for an enterprise IT infrastructure?
Cybersecurity has a unique value proposition, but unfortunately that’s not always properly translated into compelling language for the customer. The traditional IT infrastructure sales cycle includes tangible and intangible components.
Most of the time, tangible components are the catalyst for the sale, like hardware replacements, storage capacity or availability upgrades or others, for example. Selling cybersecurity, however, often includes intangible components that are very difficult to measure. For example, it’s very difficult to measure the damage of a potential breach without any indictors of compromise (IOC) or indicators of attack (IOA), or to prove the capabilities of software to address a completely unknown (zero-day) threat, or to quantify the operational value or potential added revenue that can be gained by replacing an existing technology.
Unfortunately, some businesses are still struggling to shift from reactive cybersecurity protection to the proactive, zero-trust model—the approach we use with our technologies.
How much has the cybersecurity ecosystem evolved in the last 5 years? What factors/technologies have brought these changes?
The ecosystem has evolved a significantly in the last five years. The ransomware plague, file-less attacks, crypto-jacking techniques, zero-day vulnerabilities and targeted hacking attacks have been the main drivers for this change. Panda anticipated this transformation back in 2009, when we decided to move our entire portfolio to the cloud. We redesigned our technologies from scratch to address the next wave of “unknown” threats.
We were also one of the first cybersecurity companies to develop and release a next-generation endpoint protection solution, in 2015, and the very first one to enable the shift from the traditional processes of an MSSP to today’s MDR model, which includes forensic tools, telemetry data for SOCs and the classification service to reduce the amount of ransomware infections to zero. This ability to look forward and anticipate what’s coming next in the cybersecurity ecosystem has come to define Panda’s approach to the market.
Tell us more about the team you work with? What kind of skills and abilities does one need to be part of your Sales and Marketing team?
I have the pleasure to lead a fantastic team. We’re addressing customers, partners and prospects with dedicated pre-sales, sales, technical support, and marketing organizations.
We’re looking for people that understand our mission at an intuitive level, as well as our commitment to be different—an approach we take with the technology protecting our customers, as well.
What are the unique challenges you deal with to take your products to new, emerging markets?
Transitioning from a traditional security approach to a zero-trust/trust-no-one model is probably the most unique challenge we’re facing today. I’m not referring to a technology challenge—it’s more related to a prospect conversation, explaining how our model works in comparison to others.
Everyone else in the cybersecurity space is more focused on simplifying the customer incident management experience with slick-looking user interfaces, graphs, correlation events and real-time notifications. Panda Security has beautiful dashboards, too, but we’re more focused on reducing the number of infections and breaches to zero. Since 2016, not a single customer worldwide using Panda Adaptive Defense in lock mode has been hit by ransomware.
Which industries have been leaders in cybersecurity intelligence products? And, which ones are still lagging?
When it comes to endpoint security, the finance, industrial and governmental sectors consistently take the lead in adoption. However, there’s still a widespread belief in the SMB space that malicious actors only take aim at “bigger companies” for their campaigns and cyberattacks, which not only results in SMBs lagging in adoption, but also plays against their overall cybersecurity posture.
Is AI and Cybersecurity a safe and controllable confluence to deal with? How can smaller businesses jump into this whole gig economy of AI+ Cybersecurity?
Yes, it is safe and controllable. Years ago, we did something very different compared to others that were using AI to solve the detection gaps in behavior analysis cybersecurity models. Moving our portfolio into cloud so early provided us a privileged view compared to any other security vendors.
We started collecting literally trillions of events, which was necessary to inform our AI-based processes, which identify and classify everything executed at the machine level. Our AI is currently used to classify files into two main categories: malware and “goodware.” Using our AI ranking model and the classification service, Panda has achieved a cybersecurity solution with no false positives and no false negatives.
We completely removed the “grey” detection area that’s usually called “suspicious,” and instead provide absolute confidence in every application that does or does not execute on a customer’s network. In terms of smaller businesses that want to jump into this area, they must approach this highly competitive market with fresh eyes, applying AI in novel ways to solve problems that may not even exist yet.
We hear a lot about AIOps and its role in transforming IT and Cloud Services. What opportunities and challenges do you work with on a daily basis?
There are two main aspects of an AIOps and its role: machine learning and big data. You could have the best machine learning algorithmic platform, but if you don’t have enough data, the results and benefits will be very limited. Also, the main goal is to receive continuous insights that provide continuous fixes and improvements via automation. This process requires time, knowledge and highly skilled resources. The IT transformation will be a natural evolution for those who have invested in IT operations analytics.
As Panda Security, we collect billions of events and telemetry data every year, providing a comprehensive view of activity that’s distinct compared to any IT operations’ analytics departments. The future challenges of AIOps will be how to manage this massive amount of data and how to leverage it for future innovation.
Big data, Mobility and IoT/Connected devices— these have opened up a whole new level of cyber security layers that need to be addressed immediately. How does Panda Security help safeguard applications for businesses in these industries?
As briefly described before, Panda Security developed a unique cybersecurity model that prevents any unknown (to PandaLabs) binary to be executed or invoked. We can assure a breach-proof environment, no matter the threat or attack vector, by applying our zero-trust/trust-no-one model.
Tag a person from your industry whose answers you would like to read here –
Ron Rivest, one of the inventors of the RSA algorithm.
Thank you, Gian! That was fun and hope to see you back on AiThority soon.
Gianluca Busco Arre joined the team in North America in February 2019 on the heels of success managing sales and operations for Panda Security in Italy and Switzerland, where he consistently increased revenue in those countries by more than 50% during his tenure. He continues to manage the business in those regions, which formed a new sales territory along with the US and Canada when he relocated to Boston in early June. A veteran of the cybersecurity space, Gianluca Busco Arre held several sales management roles in the industry before joining Panda in 2015.
Most recently, he spent 5 years at Symantec, focused on overseeing their security verticals such as User Authentication, Encryption and DLP for the Large Enterprise segment in the EMEA region. This also included the management of channel and alliance partners such as Deloitte, Dimension Data and NTT to name a few. Prior to Symantec, he spent 5 years at Sophos, managing the Italian Mid-Market and Enterprise business.
Panda Security is one of the world’s leading providers of advanced cybersecurity solutions and services.
Our Smart technology, based on big data and AI, monitors every running application on your systems and classifies absolutely everything. Unlike traditional antivirus solutions, which only take action if a process is malicious, our technology detects attacks before they even happen.