Sign up for my newsletter to see more interviews with the biggest names in cybersecurity.

This week I spoke to Bob Austin, the founder of KoreLogic, and Rob King, a senior researcher at KoreLogic. KoreLogic is a security consultancy that serves companies that range in size from small to Fortune 100. KoreLogic has also developed a whole host of security tools, some of which we discuss in this interview. Check it out below!

Bob, you were in senior management of the software company CSSI, which was eventually sold and since then you’ve mostly worked in security consulting practices. Why’d you decide to leave the world of operating companies and do you ever see yourself going back?

Bob: No I don’t see myself going back; I have a bias towards small companies. I got my MBA, then joined CSSI, which grew to 150 people before we sold it. When CSSI was acquired I wanted to make a change and go back into a small company environment. This was back when the internet was coming out and there wasn’t much security for it so I joined a security consulting company and then eventually started Korelogic.

Rob you’ve helped to build several startups and you’ve worked at several operating companies, why’d you decide to come over to KoreLogic?

Rob: I’m a member of a group in Austin called Austin Hackers Anonymous, and another member of that group was an employee at Korelogic. He mentioned that Korelogic needed some people with my specific skillset and so I applied. They are some of the smartest people in the space so I’m happy I made the move.

At Korelogic, you guys have created Giles which is an open source compiler that can be deployed in SQL databases and allows users to perform complex event correlation. What do you mean by complex event correlation and why is it necessary?

Rob: We’re moving into a state of security where it’s not sufficient to look at simple data points. To effectively protect your enterprise, you need to find patterns across large and disparate data sets. We noticed that people wanted to be doing this, but there was no easy way. What makes Giles interesting is that every programmer knows how to interact with SQL databases and that’s all you need to be able to perform this complex event correlation with Giles.

Bob you helped to created DIRT, of which Giles was a part. Can you explain what that was?

Bob: We were awarded a contract by Darpa to create a way for companies to detect tampering in source code repositories. Companies have a lot of valuable IP, much of which is in software. This software is underprotected using traditional controls like using active directories to grant access, and network security products like firewalls. As a result, we created an operational system that allowed organizations to detect malicious insiders. Giles was a part of that overall system to correlate events that may signify that there’s a malicious insider.

You guys have also helped to create MASTIFF, which is a free online static analysis tool. How does this differ from other static analysis tools? What spurred you to create it?

Bob: This was also sponsored by DARPA under their “cyber fast track” program. They had recognized that there were lots of smart individuals and small firms who were capable of innovative thinking and the idea was to fund smaller firms to rapidly develop products. MASTIFF is a static analysis framework and none existed before it was put together. The brains behind MASTIFF was Tyler Hudak and he recognized that there was a gap in the space and wanted to come up with a solution for it.

Have you thought about commercializing the products you’ve created?

Bob: Yes we have, however DIRT was a bleeding edge project. The idea was build something that we can deploy and use within the government. Many governments saw the value in it but they weren’t ready to adopt it because they had many other challenges. We believe that it’s an idea a little bit ahead of its time, but in the future there will be many instances of people tampering with IP.

Rob, you helped design TippingPoint’s data loss prevention product which was awarded the top DLP product of 2010. What did you guys do differently than your competitors? What were the key features that made it the product of the year?

Rob: Our product was different because whereas most DLP products in 2010 only provided notifications to a system administrator when important data left and organization, our tool could actually block important data from leaving. You could give us a list of terms that you didn’t want exiting and we would block that from happening.

You guys have developed MASTIFF, Giles, what’s next for you? Are there any exciting projects that you’re working on now?

Bob: Yes, one of the areas of expertise that Korelogic has is in the area of password cracking. For the last 6-7 years we have operated a password cracking contest at DEFCON. The notion behind the contest is to help organizations better understand password best practices. For example, system administrators have the broadest privileges and hackers know that, and so if you can make your sys admins passwords better, that’s can make a big difference.

There’s lots of funding to startups developing biometric recognition methods and two-factor authentication and other, more secure ways to establish identity. How much longer does the password have?

Bob: They have a limited shelf life. That said, we’ve heard about the deficiencies of passwords for years but we’re not even using two-factor authentication yet. The barrier is cost and user friendliness.
Rob: Passwords have a long tail. People keep saying they’re dying but they’ll be around for a while longer.

The News:

PhishMe Acquires Malcovery Security

• PhishMe provides security computer-based training and the acquisition of threat intelligence provider Malcovery brings their employee count to 200.

Wombat Security to Acquire ThreatSim

• Wombat and PhishMe are emerging as the clear leaders in the fast-growing security computer-based training space. Gartner however, ranks Wombat as the top CBT provider in their Magic Quadrant.