Avast CTO: AVG Purchase Lets Us Build Tools For Data-Driven Cybersecurity Era

The chances are that if you’ve used a PC in the past decade or so, you’ve probably come across AVG or Avast’s cybersecurity tools.

While you might use something more advanced in the workplace, or started a free trial of Norton or McAfee with your new PC, the offer of free antivirus has tempted hundreds of millions of home users, schools and businesses.

Last year, the two Czech companies combined when Avast bought AVG for £1 billion to create a national cybersecurity giant. But this was not a deal based on sentiment.

The acquisition saw Avast gain AVG’s technology, but also a huge user base that would allow it to harvest data to create more powerful IoT and AI-assisted cybersecurity tools.

Security as big data

Whereas end users gained free cyber protection, AVG and Avast gained 400 million end points from which it could learn about existing and emerging threats. Around 160 million of these are mobile and 250 million are PC. When you consider there are an estimated 750 million PCs around the world, it means one in three is part of Avast’s new network.

“These days, security is a big data game,” Avast CTO Ondrej Vlcek tells Silicon. ”It’s much more important about collecting and processing big data and turning it into better insights.

“The combined user base … gives us a unique position in the market that allows us to see things no one else can see.”

Vlcek says the old way of selling and buying data sources was outdated for the IoT and that real time data collection was essential, especially when it’s so difficult to protect connected devices. Recent DDoS attacks caused by botnets that take advantage of vulnerabilities, such as Mirai, are evidence of this.

The new features of Avast 2017 use this data-driven approach, including Behaviour Shield and Cyber Capture, which uses cloud based high performance computing to analyse threats.

“[Behaviour Shield] changes the way we deal with malware,” he elaborates. “Typically, the scanners made the decision on whether to allow a specific code to run at the time of execution. It has been taken quickly and the decision is binary: virus or not virus. With Behaviour Shield, even if the end user says it is not a virus, [Avast 2017] keeps an eye on it.”

Cyber Capture was first introduced in June 2016 and targets ‘super encrypted malware’ that might not expose its secrets immediately and therefore be revealed as a threat. The tool captures a suspect file and quarantines it without telling the user immediately. It is sent to a cloud engine where it is analysed in virtual machines and sandboxes.

“We torture the file to the extent it tells us what it is,” says Vlcek. “The analysis can take anything from three minutes to six hours.”

Just 10,000 files or so a day are given this treatment, with ‘unique’ files seen as the most likely candidates.

Read More on Page 2…