Brazilian antivirus startup PSafe announced a $30 million Series C investment round today. Chinese antivirus company Qihoo 360 led the round with a $25 million investment, and existing investors Redpoint e.ventures and Pinnacle Ventures returned to contribute another $5 million.
PSafe is a free antivirus software for the Brazilian market, with 30 million installs to date, and heavy initial adoption among Brazil’s B and C middle classes. It runs in the background and updates on its own so users never have to worry about whether they’re running the current version. PSafe also offers unlimited free cloud storage to backup users’ hard files.
Founder and CEO Marco de Mello (pictured) calls it the “don’t talk to me” antivirus. “I think people are starting to realize, ‘why pay for something when I get mediocre service, if I can get something better for free,’” de Mello says. “It’s better and free.”
PSafe has 20 million average monthly users and no revenue. But de Mello, a Spotrunner veteran and former director of Microsoft Windows Security, says he’s in the business of building trust, not revenue – for now. De Mello says the company’s focus is to reach 100 million users and is planning for the milestone with an app, content and game store that will live within the PSafe interface.
PSafe has no direct Brazilian competitors, but international antivirus heavyweights AVG, Avast, McAfee and Symantec all operate in Brazil. De Mello cites a cultural advantage, saying it’s the only one with free Portuguese support, 24/7.
De Mello plans on using the growth capital “on tech build-out, obviously,” and on scaling to 100 million users. But he’s planning more holistically than a cost-per-acquisition campaign, designating the lion’s share of his user acquisition budget to awareness marketing.
“We need to educate users about what they’re facing every day in Brazil when they pick up their Android phone or log on to Windows.” PSafe’s database goes back almost three years and includes 7.3 billion different threat signatures. The software detects about 70,000 new threats per day, and announces some of them in Portuguese at @PSafeTecnologia.
The top-level threats are cyber theft and financial attacks against individuals, followed by more coordinated attacks that take over a lot of machines at once to attack a bigger target without users knowing their computers are infected.
“That’s part of the awareness I’m trying to drive,” de Mello says. “If you don’t secure your machine properly, you can end up being an unwilling participant to a crime you’re not aware of.”
“A typical 90’s, early 2000s virus that was doing damage for damage’s sake, it won’t last a long time these days, because the detection and reaction times have gotten better,” de Mello says. “Plus, what’s the reward? You don’t get notoriety by doing damage. You get notoriety by breaking into the NSA or CIA, or the Brazilian government, or defacing a very large site, or hacking into Sony or whatever. All these things I just mentioned happened, by the way.”
The third threat category PSafe sees is espionage. Not the NSA spying on Brazil, but corporate espionage – by Brazilian entities, on Brazilian entities. “We see a lot of theft attempts of corporate data,” de Mello explains, “especially because a lot of the government contracts here are based on an open submission of bids. There is a lot of hacking to know what the competitors are going to bid before the bids are submitted, so I can bid lower and win.”
This is precisely the kind of espionage that Brazil’s new proposed Internet security legislation would be useless to detect. The Internet bill, called Marco Civil, includes a data storage measure that would require foreign Internet companies like Google and Facebook to store locally gathered data inside Brazil.
But the bill is more political than practical. It could cost foreign Internet companies operating in Brazil billions of dollars to build out local data infrastructure, in what The Wall Street Journal cites as by far the most expensive country in Latin America to operate a data center. But it’s unclear how Brazil could require the same from foreign companies with Brazilian users, but without a physical presence in Brazil. Besides, storing data locally doesn’t necessarily mean it’s safer from spying.
De Mello calls the measure “a misguided attempt at solving a much broader problem than where data is warehoused.”
“You’re only as secure as your weakest link, and data centers are far from the weakest link today,” de Mello says. “Security perimeters are important, and so are secure data centers. But information moves constantly. The human factor in this chain is such a critical aspect of keeping data secure, and we have such a long way to go before users have a similar basic understanding of online security as they do of needing to buckle up before driving.”
And until then – there’s PSafe, on 30 million machines and counting.