Q&A: Avast CEO On AVG Acquisition And Why Large Endpoint Security Companies Aren't 'Dinosaurs'

Done Deal

On Friday, Avast Software closed its $1.3 billion acquisition of AVG, a move that married two of the larger endpoint security vendors. With the closing of the deal, CEO Vince Steckler said the company will become a "global powerhouse" when it comes to the endpoint security market. With the addition of AVG, Steckler told CRN that Avast will be better positioned to face off against big-name security vendors, as well as fight against rising pressure from next-generation endpoint security startups. However, the company does have a difficult road ahead of it, including business integrations, a combined product roadmap and bringing together the two companies' partner organizations. Now that the deal is closed, take a look at what Steckler said partners can expect from Avast.

What is the new vision and the new mission going to be under Avast going forward?

It's going to be a combination of the two, realizing that, for the most part, Avast and AVG have the same business model with one difference. In the consumer side, we have pretty much the same business model. We were the two most successful companies in free or freemium security…We run the same model there and we will continue to run that model. It has been very successful. However, instead of being the first and second largest in the world, we will only be the first largest…AVG was very focused on the English market and Avast was very focused on the non-English market. Now, we have a global powerhouse that covers all global markets. We're the number one footprint in every market except Asia, where we can't play in China because we're not Chinese. That will continue as it is.

What is the vision for the corporate and mobile businesses under Avast?

In our corporate business we both fundamentally run a two-tier, three-tier channel organization and that is what we will continue to run in the future. We will merge the partner programs together, merge the license discounts together, etc., but we will not change that model. Just because of the acquisition of AVG, there won't be any changes in the resellers and distributors because of that. Your readers will have access to a larger portfolio of products because we will combine them together.

On the mobile side, we run two models. One is an over-the-top installation or distribution via the App Store and Google Play for mobile devices. That model will continue. But, the neat model that AVG has, which we will now try to take out of the US into other markets, is providing privacy and security products to mobile carriers to then provide as a service…It's kind of a cloud service to the users. I think it's a much, much better way of providing the mobile privacy and security solutions to consumers because when they are on just the phone they are too easy to remove…If we can embed these things in the carrier infrastructure, they [can't be removed.]

How will this acquisition position you better for the evolving endpoint security market?

Security for endpoint has changed dramatically over the past two years. You hear about these next-gen security companies whose marketing message is basically "we're not an old dinosaur and we have neat, exciting new technology." Pretty much all any of these guys have is a neat, new name. None of the traditional guys are dinosaurs…The problem with it is, it is all marketing spin. Other than a few fairly primitive companies, none of the top companies are really heavily reliant on signatures. We're all very machine learning [based]. It's one of the frustrating things in the industry: if you're an old guy, it's very easy for an upstart to try and attack [us]. You can just look at how much Symantec spends on R&D, how much Kaspersky spends, how much we spend and any of us spend far, far more on R&D than any of the new companies do. It's not that they have much smarter people that can figure out ways of doing things that no one else has figured out.

What are you going to do in this acquisition to change that perception?

I think, frankly, the industry needs to let things settle out. It's the old P.T. Barnum approach, where you can fool some of the people some of the time, but not all of the people all the time. If you look at security companies over the last ten years, there's only a very small number, for example Palo Alto Networks, that has transitioned to become a meaningful player. Before Palo Alto, the last one was probably Kaspersky 20 years ago. The technology is hard and it's expensive. If you are going to be one of the big guys, you are constantly innovating on technology. Some new player can grab some publicity and some pilot accounts and some initial accounts, but eventually people figure out what works and what doesn't…We whine about it, like I'm doing right now, but we don't get overly concerned because we're in this for the long term.

Talk about scale from the acquisition – how important is that in the endpoint security market?

From the user view point, it's really important because security threats, both from mobile and from Windows and Mac, continue to increase log rhythmically… What you need is a massive data collection network, and that's what endpoints really give you… Since threats mutate so quickly, the best way to protect against them is to just have a massive sensor network so you can find these things very, very quickly. That's what that huge installed base does. There won't be anyone with an installed base close to what we have… The second thing is: the security endpoint business is maturing. It's a big market – the consumer and corporate endpoint businesses are both about $5.5 billion. Corporate is growing a bit faster than the consumer, but the consumer is still growing. But, the growth of both is slowing and it's maturing. Both are being affected by the adoption rate and replacement rates of PCs, but different markets are being affected differently. Just like stock averaging, where you constantly buy stocks to average out the price, by being so big in pretty much every market in the world, we become much more immune to geographic and language-based slowdowns. That gives us a huge ability to thrive in a more difficult market going forward.

How do you see the acquisition changing your position against big competitors like Symantec, McAfee and Kaspersky?

This turns us into one of the big guys. In the consumer space, we have by far the largest user footprint. But, on the revenue side we're probably pretty much the same as McAfee, which would be tied for No. 2 in the world behind Norton. On the corporate side, we're much, much smaller than them. On the consumer side, this transforms us into the No. 1 by far by installed base. Realize Avast was already No. 1 in installed base and AVG was No. 2. We are by far the No. 1 now, and that's because of the free [version]. This transforms us from relatively small players by revenue to what's probably globally the No. 2 revenue company in consumer.

Is there a lot of overlap as you bring the two companies together?

There is a fair amount of overlap. Obviously you always have the back office functions where there is overlap. You only need one legal team, one finance team, one HR team. That is not to say that it is the size of one company, but it's not the size of two companies. It's somewhere in between. There is a fair amount of product overlap and we are going through that now, and how to integrate the products together. We will run two brands in the consumer space. We haven't decided in the corporate space yet… That's because they are both very powerful brands. Avast is the top searched for consumer security product in the world and AVG is No. 3. Norton, by the way, is No. 2. They both have very powerful brands. We will keep the brands and the unique look and feel of the two products, but the underlying security product will be mostly common between the two products. We will do a similar thing on the mobile side and a similar thing on the corporate side. We do have synergies there, but we are sorting through that now and we have to socialize it with staff as to what it is and what it means. I think it will be later this year before we start announcing doing anything there. Right now, the companies are still legally separate companies.

Can you talk about how the partner programs will come together?

AVG has the much bigger partner network, so we will essentially be incorporating the Avast partner program into the AVG partner program and combining the product sets. Both AVG partners and Avast partners will now have access to the entire product set.

What are you communicating to the partners about the closing of the acquisition?

We have communicated basically what I just told you, which is: Don't worry, there's no reason you will go away and partners are very important. It is a partner-based sales model [for] both companies and we will integrate them and you will end up having access to both product sets. It should be good for the partners. There's nothing being taken away…They will have access to more products and access to more customers, as some customers have a preference as to what security products they buy. It gives them more things in their bag to sell.

What's the timeline for bringing the two companies together?

On the consumer side, it happens very quickly. The consumer products with the combined engine will be launched in early January. It takes us about three months. That's because the products are fairly modular, so we can fairly straightforwardly integrate the security engines. That will also bring new capabilities…On the corporate side it takes longer, mostly because on consumer we do forced updates and can automatically update a product on a consumer computer or phone… On the corporate side, businesses like to upgrade on a much slower process than that. We will have the ability of updating the core engine remotely, but the product itself will eventually need to be upgraded by the user and that will probably take a year or more to do… Some of the partners are just license partners and some are VARs to provide services to do those things, so I think it really depends on the partner [if they will see benefits from that].

What's your vision for what Avast will look like in five years?

Fundamentally, users' computing devices are switching from things like laptops to tablets, phones, phablets…not just in the consumer space, but in the corporate space. The mobile security market is actually a pretty big market right now – it's about $3.5 billion growing at 15 percent. But, it has different security challenges… The biggest issue is everyone, either officially or unofficially, uses a Bring Your Own Device… Companies have so much data exposed on these, so you need MDM solutions and things more sophisticated than MDM. One of the things we have just been finishing the development of in our labs is a very sophisticated product for enterprises to really enforce separation of corporate and consumer data. It does that by virtualizing all the corporate usage of the phone, so you run an Android server in your data center and the Android server virtualizes all the Android apps or the iOS apps…You're completely removing all the data from the phone, so if an employee loses the phone you knock it off in your inventory and it doesn't have access to anything.

On the consumer side… we focus much more on data protection and usage protection, as opposed to anti-malware.

Any final messages to partners?

Partners: don't worry. It's going to be better than what you had in the past.