With the scourge of malware, identity theft, and other online scams getting worse by the day, there’s no shortage of apps claiming to help. But from the best-known brands such as McAfee, Norton, and Kaspersky to smaller players like Sophos and F-Secure, nearly all the programs designed to protect consumers can trace their roots back to the 1990s or earlier.
Could the solution be something entirely new?
Despite the crowd, Boston entrepreneur Hari Ravichandran sees an opportunity to leapfrog rivals with a more comprehensive and simple-to-use app that could do everything from blocking computer viruses to keeping kids safe online to locking down privacy settings on a social media account.
“The notion is that we’ll drive a sense of holistic digital security,” Ravichandran said in an interview from the company’s new headquarters in the Seaport District. “It has to be very easy to use, it has to be autonomous, and it has to be something that really understands you as a person and your usage patterns.”
Already, Aura’s bundle includes antivirus software, password management, credit monitoring and identity theft protection, and a virtual private network app for more secure web browsing. The cost for an individual ranges from $9 to $24 a month, with a discount for annual payment, depending on how many services are included. A family plan covering up to 10 people ranges from $15 to $30 per month.
But like Aura’s new headquarters, a PR firm’s old office still awaiting a major renovation, the company’s software will get many more features in the future, Ravichandran said. Those could include monitoring and adjusting privacy settings in social media apps as well as preventing hacking attacks via common home-connected devices like smart TVs.
It may be easier to sketch out the requirements of a comprehensive online protection app than to build one that actually keeps all the various bad guys at bay. That’s where Zulfikar Ramzan, chief scientist, comes in. Ravichandran calls him “the smartest person we know” for the job of creating and maintaining the protective system.
Ramzan got his PhD in computer science and electrical engineering at MIT under legendary security researcher Professor Ronald Rivest, a co-inventor of the encryption technique underlying almost all secure transactions on the web. In the 25 years since, Ramzan rose through the ranks of the security industry, developing new features for Norton AntiVirus, improving cloud security at Cisco Systems, and overseeing technology at RSA, the original company built to make software using Rivest’s research.
At Aura, Ramzan will try to keep Aura’s app simple to use by imbuing the software with insights derived from artificial intelligence and machine learning. That’s when a computer program analyzes millions or even billions of real-world examples of something like hacker attacks to glean its own methods for protecting a network. Ramzan developed some of the first machine learning antivirus features when he worked at Norton over a decade ago. Now he’s relying on updated but similar tactics for Aura.
“It can be a full-time job just to keep yourself digitally safe,” Ramzan said. “We can take that full-time time job and try to automate parts of it. AI and machine learning can help you essentially get a digital sherpa which can be your guide to traversing the digital landscape.”
For example, the software will customize itself based on what it knows about users. A family with young kids will get parental controls front and center while credit protection may be the lead feature for a single customer. The AI will also be proactive, notifying users that one of their passwords has been disclosed in circulation among hackers on the dark web. And it might automatically trigger a more secure online session using a virtual private network when a user visits a riskier website.
Ultimately, the app aims to grow even more helpful as Aura convinces other tech companies to let the software make changes to privacy and security settings in other apps and devices, with the user’s permission. In one future scenario, the app could learn that a smart speaker had begun collecting more personal information, alert the user, and, with the user’s permission, switch the user’s settings to close the loophole. It’s hardly a theoretical problem: smart speaker makers have been known to change their default policies around collecting users’ voice recordings.
Still, cybersecurity is a crowded market even beyond specialists. Google, Apple, and Microsoft have been adding features similar to those Aura offers, and cable and telecom providers also are starting to offer apps for securing digital devices.
“It’s a robust market that’s growing, so it’s a good opportunity,” International Data Corporation analyst Michael Suby said. “But really, how effective can any new entrant be in building a relationship with consumers?”
There’s obviously a huge need. Cybercriminals stole $4.2 billion directly from consumers in 2020, according to FBI data, while total losses due to identity theft exceeded $700 billion in 2020, amid exploding unemployment benefit fraud, Boston research firm Aite Group reported. And the crooks are innovating to create new schemes. Digital currency theft jumped more than 500 percent to $3.2 billion last year. Now cybercrooks are even using Zelle, the cash transfer app created by major banks, to steal from consumers.
Cybercrime came to Ravichandran’s attention when he was the victim of identity theft in 2014. At the time, he was running his first startup, Burlington cloud services company Endurance International Group.
Endurance started in the late 1990s as BizLand, building websites for small businesses. Surviving the Internet bubble, Ravichandran focused the company on web hosting services and renamed the company Endurance in 2003. To expand the company’s offerings, he acquired dozens of large and small rivals including Waltham e-mail marketing company Constant Contact for $1.1 billion in 2015.
But amid an investigation into Endurance’s financial reporting, Ravichandran left in 2017. The Securities and Exchange Commission probe focused mainly on behavior by Constant Contact before it was acquired, though as part of a settlement Ravichandran paid a $1.4 million penalty without admitting or denying guilt. Aura said the settlement was over an “error” in accounting by Endurance that was “rectified and amicably settled.”
Endurance was sold to private equity firm Clearlake Capital Group for $3 billion last year.
This time around, Ravichandran will have to build a recognizable consumer brand from scratch, no easy matter, analysts said. “It’s not just a technical challenge that they have,” Suby said. “That’s probably easier to solve than the marketing challenge.”
Still, while Boston does not have a reputation for launching consumer brands in tech, it has a growing lineup including TripAdvisor, DraftKings, and Wayfair. Asked about Aura’s challenge, Steve Kaufer, chief executive and cofounder of TripAdvisor, calls “b.s.” on the theory that Boston can’t build major consumer brands. “I reject the premise,” he said.
One tactic will be to try and pitch Aura’s services as an employee benefit. Under a deal announced in February, New York insurer MetLife will add Aura’s cybersecurity service on its benefit platform for 50,000 employers who have 55 million workers and dependents.
Ravichandran is also getting advice — and financial backing — from one of the most experienced brand builders in the world, former Disney movie boss Jeffrey Katzenberg.
Katzenberg said he considers himself a “digital idiot” but realized that better cybersecurity was both a huge need for everybody and a fragmented market. At first, he planned to create his own startup under the auspices of his investment firm, WndrCo. But after getting a peek at what Aura was building, he decided to join forces and invest.
“Our personal data, safety and security has never been more at risk,” Katzenberg said in an e-mail. “The market is flooded with choices, but ... as a consumer, how am I supposed to know if I need a VPN, or antivirus protection, or transaction monitoring? So what Aura has done is take away this confusion.”
The board of directors also includes Lara Sweet, who helped build Snap into a popular consumer app, and Sujay Jaswa, who was chief financial officer at Dropbox when it went public.
Unknown tech companies, particularly in the crypto market, have been recruiting celebrities and buying Super Bowl commercials recently, a strategy that makes Ravichandran chuckle, but he’s not too dismissive. “I guess Matt Damon’s already taken,” he joked.
Aura will roll out a major advertising campaign in the fourth quarter that will feature security experts, celebrities he isn’t ready to name, and better-known corporate partners. The theme, Ravichandran said, will be to “make the market aware of the fact that there’s a better way to solve their digital security issues.”