Today’s cyberattacks are more complex and sophisticated than ever, and can only be defended by the use of advanced algorithms that rely on enormous amounts of data to fight cybercrime on a grand scale.
Avast leverages machine learning and artificial intelligence to efficiently eliminate known malware, while our massive set of threat data gives us the scale, speed, and accuracy to quickly discover, classify, and protect against any new threat.
Our dedicated team of data scientists, threat researchers, and machine learning experts includes talent from some of world’s top schools – Stanford, UC Berkeley, MIT, and Charles University. Combining this talent with access to massive amounts of data and bespoke cloud-based infrastructure is what gives us our competitive edge. We invest in five key research areas:
Automatic threat detection and malware eradication
Our ability to defend against varied attacks is based on our state of the art infrastructure and our access to immense amounts of security data – gathered directly from hundreds of millions of devices worldwide, across multiple platforms and geographies. In practice, the agent software we have installed on users’ devices is there not only to protect the user, but also to look for any suspicious behaviours and report back when anything happens. This way, we have built the world’s largest security sensor network.
We eradicate known threats quickly and automatically, while unknown or suspicious objects are subjected to a multi-layer defense engine that relies on multiple, advanced detection methods working in tandem. Once any new threat is identified, our cloud-based network is updated immediately so that the threat can be eliminated proactively the next time it appears. An updated definition can be sent to our entire user base within minutes, which is important for offline processing.
This next-gen security technology and the data from our massive user base give us a clear advantage against hackers – and competitors. These are the technologies that allowed us to automatically protect all our users against WannaCry, BadRabbit and NotPetya ransomware and Emotet crypto-mining attacks, without requiring a single product update.
In 2017, Avast successfully protected its users against the most dangerous attacks, proactively:
Multi-layer protection against malware and cyber attacks
Avast Web Shield: Processes full traffic coming over HTTP and encrypted HTTPS connections, using URL detection algorithms to protect against phishing and malware attacks as well as full content filtering to thwart malware.
Static Scanner: Analyzes code and binary objects prior to execution, using machine learning and various detection methods, including PE structure analysis, linker analysis unpacking/de-obfuscation, and similarity, fuzzy, and algorithmic matching.
Emulators: Two emulators (one for scripts and one for binary files) protect against zero-day malware and vulnerabilities, and increase resilience against malware sample modifications. These provide full emulation of the native computing environment, including a virtual CPU, virtual RAM and virtual OS including its subsystems.
Avast DeepScreen: Utilizing a full virtual machine, on which a cloned version of the user’s OS tests the suspicious files, DeepScreen uses machine learning algorithms to identify similarities with known malware families. The hypervisor-assisted virtual machine connects to the Avast cloud engine to utilize threat intelligence gathered from our entire user base.
Avast CyberCapture: Activates automatically, when necessary, to prevent the rarest and most sophisticated malware from infiltrating a user’s machine. Locks down and submits potentially malicious files, including all the associated metadata, to the clean-room environment of our Threat Labs, while informing the user and keeping him engaged throughout the process. Advanced algorithms and human experts inspect the suspicious files in this most advanced layer of security.
Behaviour Shield: Monitors the system for suspicious activities while programs are already running. Captures unusual behaviour on the device, such as attempts to terminate the Windows Update or Firewall services, inject system-level processes, or use the camera without user-initiated activity, and once evaluated as malicious, is able to automatically stop the activity, undo the operation and quarantine the objects in question.
Family safety that goes beyond the device
As the leading consumer security company, we know that online security goes well beyond just protecting against malware and phishing attacks. Equally important is to keep kids safe, as they can be an easy victim for cybercriminals, cyberbullies as well as their own naivety. We offer a unique combination of carrier-integrated locator technology, insights into online behaviour, and understanding of what parents want from a family safety app derived from over 15 years’ experience in building mobile family safety applications and working with large mobile carriers and ISPs.
Today, we are deploying our expertise in machine learning and artificial intelligence to provide more robust behavioural insights to our carrier customers and their end users to create the next generation of applications to keep families safe wherever they might be.
In-depth knowledge of the IoT landscape – and vulnerabilities
IoT, more than any other technology in existence, poses a great risk to the entire digital ecosystem. Avast is well equipped to succeed in this new and growing space. Our cloud-based security infrastructure will extend to analyzing and processing IoT threat data. Importantly, even without an IoT-specific protection on the market yet, our existing user base has already given us insights into the IoT devices currently being used in 140+ million1 consumer homes. Our home network scanner, launched in 2015 as a part of the Avast Antivirus product, periodically scans home networks to identify vulnerabilities in connected devices and errors in their configuration. It has already provided us with an excellent primary source of information on the deployment and behaviour of many types of IoT devices. This rich data set is yet another area where our AI and machine learning expertise apply.
1Company estimate derived from unique IP addresses for Avast and AVG as of year-end 2017. Excludes Piriform