Interview with Alexander Vukcevic at NortonLifeLock: “RTTL Gives Tester Organizations Visibility Into Evolving Threats”

Since July 2020, Alexander Vukcevic has been a member of our Board of Directors and since August 2020 has been our Chief Technology Officer. Before becoming a member of the Board and CTO, Alexander became active within AMTSO in 2017. He started initiatives in our RTTL program and has been one of the drivers and leaders in the USC working group. Alexander worked at Avira for over 20 years, where until April 2021 he worked as the Director of Protection Labs and QA. Since NortonLifeLock’s acquisition of Avira in 2021, Alexander has been working as NortonLifeLock’s Director of Threat Protection Labs and QA.

Alex, you joined AMTSO first when Avira was still independent, and stayed with us when Avira was acquired by NortonLifeLock. How, from your perspective, has AMTSO evolved throughout the years?
Back in 2008, when AMTSO was founded, there was no umbrella organization which took care of the matters from testers and vendors in the cybersecurity industry. In particular, there was no common industry guidance about how to conduct product tests in terms of protection and performance efficacy which is fair and provides vendors enough information to improve their products for customer protection at the same time. By deciding to found AMTSO, and to develop a testing standard, it gave the opportunity for security companies and testers to understand the current threat situations and the fast evolving threat protection features, with the opportunity to adapt and test those techniques for antimalware solutions.

Each of you who already took a look at the AMTSO Testing Protocol Standard, can imagine that this was a huge effort for each of the members to agree on a solution which applies to everyone – testing organizations and security vendors. We achieved it and it was a major and important milestone for AMTSO and its members. This shows that mainly all challenges can be solved by collaboration and communication.

Today, AMTSO has over 60 members from across the security and testing industries, and we also are looking into other challenges being faced. Nowadays we have a threat exchange platform called RTTL enabled, we’ve established other working groups about IoT and testing efficacy, and give all members the possibility to share insights and information in our regular member meetings.

You hold the position as a CTO for AMTSO, what are your specific responsibilities in this role?
In my role as Chief Technology Officer, I am taking care of and oversee AMTSO’s technical infrastructure. This includes websites and associated hosting, our services like e.g. the already mentioned RTTL, the security and any tools and technologies which may be required to run a global cross-industry non-profit. I am providing guidance and advice to the COO and other members of the executive team, and hands-on involvement in the working groups, especially in designing and implementing technologies, is important as well.

You also are driving the RTTL program; from your perspective, which value does this add for testers, vendors, and CERTs?
We are always looking out for the needs of our member organizations, and one the outcomes was to build and establish the Real Time Threat List (RTTL) which gives the possibility to exchange important threats and metadata about the most seen malware samples to each member. With this, the tester organizations have the visibility and telemetry of evolving threats and can make use of it for their tests, if they want. Since last year, we also offer non-members like CERTs or independent researchers to provide information on malware attacks and latest malware threats to the RTTL system with the ability to have a central location to share those with all member organizations. This ensures that current samples can be covered in tests, and users are protected.

In which way is AMTSO important for NortonLifeLock; why is NortonLifeLock a member?
For NortonLifeLock, it is important to have an organization which focuses on addressing the global need for improvement in the objectivity and quality of anti-malware testing knowledge. Having AMTSO brings value to cybersecurity companies but also for users to make the right decision which antimalware product best fits their need. It’s crucial to benchmark our product performance and protection efficacy which helps us to improve, therefore it needs helpful and fair test scenarios done by testing organizations. Since joining, NortonLifelock is an active member which is also involved in several other working groups.

Do you see the need for AMTSO to move into fields beyond AV testing, and which fields would be relevant?
Antimalware Testing is a small piece in protection when we are talking about securing IT systems and services, enterprise businesses and endpoints. Each of us are fighting malware attacks to secure IT infrastructure or home environments. AMTSO offers a platform for knowledge sharing and discussing about strategies to develop security technologies which helps us to protect companies and consumers in a fast, evolving world. AMTSO is already taking the next steps and established working groups to discuss further about security testing or how to protect our IoT devices, but this is just a starting point.

What might be the challenges for AMTSO in moving into these new fields?
It is important to reach out to companies that do not currently belong to the endpoint protection segment and to engage them to join AMTSO. Collaboration and having an understand of today’s challenges brings value to all of us and helps to improve our security strategies against malware attacks.

Sounds like there are many new fields in cybersecurity testing for AMTSO to cover in the future. Is there anything else you would like to share with the AMTSO community?
I would like to mention here that many of the representatives who participate in the working groups and meetings on behalf of their organizations and contribute their thoughts and knowledge make up what AMTSO is today. Also, many former members who are no longer part of us have contributed to ensure AMTSO as an organization is an outstanding example of how communication can be effective – thank you all for this great achievement.

Thanks so much for your answers, Alex.