Avast CEO Ondrej Vlcek on delivering people-centric security in the era of smart devices

Avast CEO Ondrej Vlcek on delivering people-centric security in the era of smart devices
Ondrej Vlcek
28 Nov, 2019

Earlier this year, Prague headquartered cybersecurity firm Avast Software said in its Global Risk Report for 2019 that more than 25% of Indian businesses are vulnerable to desktop PC threats, compared to 11% among global users. The report also identified the top four types of threats that Indian users are most vulnerable to, namely trojans, file infectors, adware and worms.

India constitutes one of Avast’s largest markets globally with nearly 20 million active PC and mobile users. Over the next year, the company aims to serve this market, along with the larger Asia Pacific region, with more privacy solutions, better device performance , and protection across devices.

Founded in 1988 by ‎‎Pavel Baudiš and‎ Eduard Kučera, Avast has over 435 million users online and has about 1,700 employees across its 25 offices worldwide. The CVC Capital Partners and Summit Partners back firm went public on the London Stock Exchange last year. 

In a recent interview with TechCircle, Avast CEO Ondrej Vlcek spoke about how he and his senior management team are working towards Avast’s vision to deliver people-centric security, investing in developing AI (artificial intelligence) algorithms to combat adversarial AI such as ‘DeepAttacks’, and its plans for the Asia Pacific and Indian markets. 

Edited excerpts:

How have things changed for you and the company since the IPO? 

For us, executives, it means that we’re now communicating with the investor community, which requires a different type of communication. Basically we have to under-promise and over-deliver. But it has been a good experience so far. We also have to report quarterly results, and publish half-year reports, which is a change. But Avast is still the same company, with the same company culture and innovative spirit. So overall, the change hasn’t been too significant.

Take us through the different products and solutions that you offer consumer and enterprise clients. How have your offerings changed over the years?

Most of our users are consumers. But we also have users in the enterprise space, which are mostly small and medium-sized businesses (SMB). Our history started in 1988, when one of our two founders, Pavel Baudis, encountered the Vienna Virus on a floppy disk and developed a programme to remove it.

Our business really took off in the early 2000s, when we introduced the freemium strategy. This resulted in strong consumer user growth. But we’ve also always been offering our solutions to SMBs. 

In the early years, we majorly focused on traditional antivirus solutions for PCs. Later we expanded our portfolio to Android and iOS security, as well as privacy products such as Avast SecureLine VPN, encrypting people’s data while browsing, and Avast Anti-Track, allowing people to disguise their online identity and hide from trackers. We also offer PC optimization products, such as Avast Cleanup, that allows users to clean their computers. To protect digital homes, we recently introduced Avast Omni, in the US, a product that protects smart home devices.

On the business side, we offer customized services that simplify security and help SMBs choose the right solution to protect their business. With Avast Business Endpoint Protection, which is also available with a management console, businesses gain the advantage of Avast’s threat detection network, which identifies and stops malware and online threats in almost real-time. Powered by over 400 million endpoints and supported by machine learning and AI technologies, Avast’s threat detection network is arguably the world’s largest and most advanced. 

Additionally, our Avast Business CloudCare enables IT service providers to remotely support their clients and deploy a robust portfolio of subscription-based cloud security solutions through a cloud-based administration platform. Advanced remote control capabilities, provided without additional cost, enable administrators to support remote login of any devices under management. IT service providers gain a simple way to implement and manage services such as antivirus, content filtering, online backup, and email security services. 

How are you using emerging technologies such as AI and machine learning to build new and better solutions users?

Avast has been using machine learning and AI to detect and block threats for many years. AI offers us the opportunity to detect threats in near real-time, and anticipate emerging threats. We train our machines to learn from databases of known threats, to identify attack patterns of completely unknown threats. 

We have also heavily invested in developing AI algorithms to combat adversarial AI, like DeepAttacks. We define DeepAttacks as malicious content automatically generated by AI algorithms. For example, DeepAttacks can be used to automatically adapt a generic phishing site to a target brand based on learning its visual style from the legitimate homepage. We have developed mechanisms to detect and block such attacks. There are also DeepFakes. In 2018, we observed many examples where researchers used adversarial AI algorithms to fool humans. This is one of the many fields we’re looking into. Aside from our internal research, we also invest in academic research, funding university research projects focused on AI.

Moreover, use machine learning to identify IoT (Internet of Things) devices. Providing security for IoT devices is different than protecting Windows PCs, Macs, and smartphones, as there are tens of thousands of different IoT device types out there. To classify a large amount of devices, ranging from smart speakers to smart light bulbs and even smart wedding rings, we need machine learning technology that can take on this task for us.

Is it even realistic to aspire to protect every device connected to the internet from cybersecurity breaches?

Unfortunately, many smart devices today have vulnerabilities in their code or don’t use password protection. The situation is a bit like with the Windows operating system in the nineties, which was very vulnerable. Our own data shows that in India, more than half of connected homes have at least one vulnerable device. A home is only as secure as its weakest link, so if one device is vulnerable the entire smart home is at risk. Cybercriminals can abuse vulnerable devices to turn them into botnets to mine cryptocurrencies, drive DDoS attacks, infect them with ransomware, spy on users, and infect more devices in the user’s home.

We cannot protect smart devices with an antivirus solution like we protect PCs and smartphones because they are too diverse. According to research we have done in collaboration with Stanford University, there are more than 14,000 vendors of smart devices worldwide, and they produce an even wider variety of devices.

It would be impossible to create endpoint security solutions for all of these devices. Therefore, we have developed a network-based solution for consumers, Avast Omni, which is attached to the router and scans for security issues, and also offers parental control features. We also have a version of this solution for carriers, which we have already implemented with Italian telecommunications provider Wind Tre, who is offering our solution integrated in the routers they offer to families and individuals.

Which risk management framework are you using?

We adhere to the local regulations in the countries we are active in, which, for example, includes the European GDPR.

What kind of presence do you have in India? Who are your typical clients? 

India is one of our largest markets when it comes to the size of the user base. We have more than 19 million active PC and mobile users there. 

The Indian market is a mobile-first market with the majority of users accessing the internet on their mobile devices. We have a strong Android user base in the country and protecting mobile devices will continue to stay a priority for us. As Indian users, specifically in urban regions, deploy smart home technologies in the future, we will also offer technologies to keep their smart devices and digital homes secure.

What is your market strategy for the Asia Pacific region in 2020?

The APAC region is important for Avast, with India being one of the markets with the strongest user base. In 2020, we will continue offering our products, providing more privacy solutions, better device performance (PC and Android), and protection of people’s PCs, Macs, Android and iOS phones.

Globally, are acquisitions a part of your growth strategy? 

We are always looking for opportunities to expand our business in the areas that show great potential for innovation, growth and added value for our customers. As we continue to evaluate our global strategy, future opportunities for Avast may be the result of external acquisitions, continued internal innovations or a combination of both. Regardless, we aren’t limited by technology type or region when exploring potential opportunities.

Looking ahead, what sectors, products and markets be major revenue drivers for the company? 

Avast’s successful business model was built on freemium. The freemium business model is a very profitable one for us. Our 2018 revenue was $811.5 million, with the major source of income being paid product sales. Out of our user base, about 4% use our paid products, which is a high amount, given we have more than 435 million users. We also profit from end-products like VPN, Password Manager, etc. We are continuously adding more apps and services to our portfolio so we can cross-sell and up-sell. We expect increasing revenues in IoT and smart home security areas in the future and we are already invested heavily into this area.