I recently sat down with Gill Langston to talk about Avast's Secure Web Gateway (SWG) technology, and a peek into his philosophy about the changing cybersecurity landscape. He's a sharp guy, has been a product manager for a long time in the security space, and as such veered from topic to topic and very verbosely answered my questions, just like a good product manager should!
The more I talked to Gill, the more I realized:
I remember life without the internet, but my kid does not. It's this ubiquitous bubble that everyone revolves around, all the time.
We have more information online now than one could possibly read in multiple lifetimes, via an interface that can fit in your hand. Good thing the kid above is getting started early. The rise of information access has been rapid, incredible, and unprecedented in the arc of human history.
So how on Earth can we actually keep ourselves safe online if we don't know which onramp we're going to be using to access the bubble?
Gill told me that Avast Business is taking a different approach: protecting the company user from the bad guys in that bubble, no matter where the user is:
“Make sure you can block access to known bad sites, downloads, and locations, on all of your devices. If everyone did that, the internet would be a much safer place"
So, I asked him for an example of what web protection looked like for someone logging into an unknown guest network at a retail location on their Windows laptop.
Gill went on to describe the two threat networks in play at Avast, the new threat network being provided by our partners at Zscaler, and a couple of use cases at the same time:
First, he talked about scale. The endpoint protection network at Avast already has several hundred million sensors attached to it, each one teaching the threat network about old and emerging malware threats. Reaction times are quick. Then Gill added a little more flavor about our partner-driven threat network:
"There are over 100 data centers across 5 continents for our DNS web protection. You get policy and categorization updates nearly instantly. You also connect to the nearest datacenter for information, so there's no performance hit. These are two different threat feeds that are always on, always connected, and always on the bleeding edge."
Second, he gave me an example:
So let's say you're traveling and you just stopped by a coffee shop. You connect to the guest wifi and flip open your laptop. You have SWG enabled via the CloudCare agent provided by Avast Business. Someone else just connected to the guest network, and their device is totally infected with malware. You're protected in two different ways in this situation:
- The endpoint antivirus service delivered through CloudCare will stop the infection from spreading onto your device.
- If it's a new threat, but the payload site is a known distributor of malware, there's a very good chance that your DNS protected device will block that site via the Secure Web Gateway service.
Even when you're on the road.
Even when you're on a sketchy guest network and exposed to rogue devices.
So, why the shift to providing cybersecurity products in the cloud, then? I was just curious about savings and cost, particularly for Small and Medium Businesses. And of course, Gill talked about the perimeter instead!
He explained that the tower defense style of protecting company data worked great when all of the most precious data was inside of the building, but since we've had adequate broadband internet, the security challenge has completely shifted, and many companies have fallen behind.
You can't just keep them out of your castle anymore because your valuable stuff is all over the world, and you're not even sure where it all is.
Digital transformation and the shift to the cloud plays a huge role in this, of course. Any company that has moved most of their app stack to the cloud, and is still using appliances to protect their company resources, is probably more vulnerable than they think they are.
Cloud-based security services that provide basically identical functionality are superior in three ways, according to Gill:
- No compute resources are used inside of your building. You just point your DNS to the Secure Web Gateway service, and the processing power is included. There is no hardware refresh schedule. As you need more power, you buy a handful of licenses at a time. You don't over-scale, and the provider scales with your business
- Updates happen instantly and remotely, and contain very little data. It just doesn't take that much data to change a policy if done right. If you're online (which you are all the time), you're up to date all the time
- The critical, foundational element is that your company data is protected no matter where that data is, who is accessing it, or where they are
We also talked a bit about the future of CloudCare and of the Internet Security market, which I will detail in a follow up post in a week or two. In the meantime, feel free to check out a couple of resources about Avast Business:
Stay safe accessing the bubble, folks. Until next time!