G DATA is known by many as a supplier of antivirus software, but the company is currently working to change that. Security technology alone is not enough, because ignorance and carelessness of humans are also weaknesses that can be exploited by cybercriminals. The German security company is, therefore, positioning itself more and more as a player focused on technology and people. We discussed this development with Eddy Willems, Security Evangelist at G DATA CyberDefense.

This transition, from a well-known antivirus software manufacturer to a broader security supplier, did not come out of nowhere. G DATA, for example, has been using Advanced Analytics for some time now, which provides companies with a service to find out why they are victims of an attack. This involves a thorough investigation of malware and cyberattacks by setting up a team of G DATA security professionals. This is a method to offer services outside of traditional software.

Now, the company is adding to its existing efforts by supporting more people. The personnel really is a part of the first line of defence, G DATA believes. It often turns out that certain actions of employees are what makes a cyberattack successful. As a company, you prefer to avoid these kinds of failures.

E-learning platform as a first step

According to Willems, awareness training is a great answer to prevent such errors. As a result, G DATA launched the Cyber Defense Academy e-learning platform a few months ago. Willems describes this platform as ‘CISSP for Dummies’, with which he means that these are accessible courses that aim for a high level. By attending the courses, you are not immediately a CISSP-trained security professional who develops and manages a best-in-class security policy, but your level of knowledge is certainly greatly increased and maintained.

This is done on the basis of some 40 training courses on a variety of subjects, such as how to deal with social engineering and phishing as an employee. G DATA offers knowledge tests to identify the needs of companies, so that the most urgent issues are addressed first. Employees then go through interactive courses of 10 to 20 minutes each. They are given visual and textual explanations and a number of quiz questions. This assessment component makes the knowledge level of employees actually measurable. IT professionals can make use of this to make an inventory of their security level, in order to then possibly take action on it.

What is particularly important in this context, is that companies do not see the platform as a one time investment. According to Willems, it makes no sense to lead all employees through the 40 modules and then stop looking after them. Ideally, an employee should take ten to 20 minutes each week to take a test, so that their knowledge remains up-to-date. According to Willems, if there is no repetition, employees threaten to become careless because it has been a while since they thought of e.g. phishing. Forgetting such things is very humane, says Willems.

People and technology as a distinguishing factor

For G DATA, this platform is a step outside of their regular offering, where we eventually have to see how widely it will be adopted among companies. After all, several suppliers have been offering e-learning platforms for some time now, which means that some companies are already equipped with such a platform. Willems is not very worried about this, for various reasons. According to him, some modules go a bit deeper than the competition, the platform is relatively easy to use, but above all, it is important that G DATA can combine the platform with its software. The company has been approaching the industry from this point of view for decades, which means that there is a lot of expertise in-house. When the experience is combined with the software and the e-learning platform, Willems has a strong distinguishing factor compared to parties that only offer awareness training.

In order to emphasise this distinguishing factor as much as possible, the company decided to change its official name earlier this year. Where it used to be known as G DATA Software AG, it is now officially called G DATA CyberDefense AG. For users, this will not be the most appealing change, as they often refer to the company by saying G DATA. However, G DATA itself sees this as a big step. It is an underscore of the fact that a security strategy involves more than just installing antivirus software.

Further development of existing technology

However, the largest business still comes from providing endpoint protection software. G DATA is aware of this, so a lot of attention is still being paid to expanding the capabilities of the antivirus packages. In this area, the focus is currently on the behaviour analytics service BEAST, which was tested in the consumer version this year and is about to be rolled out to the business products as well.

With BEAST, G DATA is, as it were, continuously performing mini analyses on the devices on which it is installed. This analysis takes place as soon as a traffic jam is detected. It looks at the processes that are addressed in executables. BEAST lists these issues in order to link them to a graphical database. This database, developed by G DATA, is installed on the endpoint when upgrading to newer versions. Thanks to this database, the software can actually conclude that something is not right, in order to immediately block the process. The data is then sent to the cloud, where an advanced analysis can be applied. G DATA can immediately reverse the process, even if there is no connection to the cloud, as all steps of the executable are recorded in a sense. If, for example, several files are deleted at the start of a process, BEAST shouldn’t, in theory, have any trouble recalling the files.

In our opinion, this analytics method sounds pretty good, although we do wonder to what extent such an analysis process is noticeable for the performance of the device. After all, it sounds as if some compute power is needed there. Willems indicates that you only notice performance reductions when BEAST runs on older devices. Devices that come with Windows 10 and also some devices with Windows 7 will experience no performance loss, according to Willems. Moreover, the heavy workloads are processed in the cloud. The meaningful conclusions drawn from this analysis will also be fed back into the engines used by G DATA. This will enable the software to react more effectively in the future.

Interesting developments

With BEAST, G DATA has a big advantage for sharpening their technology. Ultimately, this should result in a good mix of technology and people awareness. The antivirus product remains very important, but the security awareness training is also becoming a major focal point for the German software supplier. In our view, this is understandable, since an employee’s error is just as much a cyber threat to a company.

Given the new activities of G DATA in recent months, we are therefore curious about the company’s innovations in 2020. The message ‘people and technology’ will undoubtedly be developed further by then.