In an exclusive interview with SafetyDetectives, Brian Gallagher, CEO, and Founder of CodeLock, reveals the driving force behind the company’s inception in 2021. Gallagher discusses CodeLock’s unique approach to secure software development, focusing on protecting code at the developer level and addressing the challenge of unknown threats. The interview explores CodeLock’s role in rapidly identifying and resolving vulnerabilities, leveraging AI and ML for threat detection. As businesses adapt to a dynamic cybersecurity landscape, Gallagher anticipates trends such as automation and consolidation.
Can you talk about your journey and what motivated you to start CodeLock?
Hi, I’m Brian Gallagher, CEO and co-founder of CodeLock. We established CodeLock in 2021 with a vision to revolutionize secure software development globally. Our core focus is on enhancing the software development process, incorporating security measures, ensuring accountability, and aiding compliance in secure software development.
The idea for CodeLock emerged from an intriguing backdrop. My co-founder, Dr. JT Kostman, and I were previously engaged in a project with the US government, dealing with the supply chain of physical goods entering the United States. In our past lives, I worked for the United States Secret Service Technical Security Division and after the Army, JT worked directly for the Intelligence Community. After government JT went on to work as the Chief Data Scientist for Samsung and the Chief Data Officer for Time Inc.
So, from a team perspective you can see we had a pretty good background in AI and ML and we were developing solutions involving artificial intelligence and blockchain technologies.
In December 2020, around the time we had a big meeting planned with the US government, the SolarWinds cyberattack occurred. It was a massive security breach affecting 18,000 organizations, including many sectors of the US government. Despite the severity of this event, our meeting went ahead as planned. During this time, Dr. Kostman proposed an innovative approach that could have potentially thwarted the SolarWinds attack. His idea laid the foundation for CodeLock’s intellectual property.
Can you provide an overview of CodeLock’s approach to software security and how it sets itself apart in the cybersecurity market?
If you think about the cybermarket and specifically the software security aspect of it, the market’s crowded with solutions looking specifically for known threats. The code gets scanned, and if it sees a vulnerability or something that matches a library, they’re flagging it. That’s how most systems work. However, the problem has to do more or less with how do you protect all this software from the unknown threats? Not necessarily the stuff that the legacy systems are hitting, but the things that we don’t know exist in the first place.
CodeLock came in to specifically look at this. Nobody knew about the malware the Russians used for Solar Winds at the time that it went on to the system. It was new, it was unknown, and it wasn’t in a library. At CodeLock, we focus on protecting the software at the code level, starting with every developer. The first step we take is to ensure that the developers are authorized and authenticated to be pushing the code or having access to the environment in the first place.
We start with a multi-factor approach, which includes a biometric facial scan. That starts our forensic chain of custody between the developer and the code, as soon as the code actually gets pushed. In doing so, we’re able to help our clients focus on the security aspect of things but also look at developer accountability, non-repudiation, and compliance with rules and regulations and standards and laws that we’re seeing across the U.S. and internationally.
In what ways does CodeLock assist businesses in identifying and fixing vulnerabilities in their software code?
What CodeLock has done is it’s going to flag that unknown vulnerability and allow you to fix it faster. Staying on theme of this known versus unknown, there’s 20 million new types of malware detected every single year. But when you look at the increase of things from Russia and China, or, I always say like kids with ChatGPT in the basement type of thing, that new code is being created so fast that things can’t really keep up.
The question is, how do you repair something that you don’t know exists in the first place? We took a different approach. You still need to do application security testing, you still need to look for known vulnerabilities and you still need to have a CVE. All that must still occur, it’s very important.
However, we’ve taken a capsule and put it over top of that code with our unique features. So that as soon as an unauthorized change occurs, we’re going to detect it and have all that information to get back. We’re able to detect it up to 207 days faster than you would see on average, based on the IBM statistics for how long it takes to know it was there in the first place.
What role does artificial intelligence and machine learning play in threat detection and response capabilities?
So we kind of look at it from 2 perspectives; the threat detection piece and the software developer productivity as a whole.
If you’re thinking about software development or even software threat detection, the general thesis, seems to be (unsurprisingly), there’s no magic bullet or single metric for measuring software development productivity and the underlining security behind it.
I bring that up because the good news for CodeLock is that Dr. Kotsman is literally one of the world leading experts in Applied Artificial Intelligence and Cognitive Computing. AI and ML are really good at solving these types of problems. If you consider the numerous variables to make a prediction, whether that’s the price of a house or how a product is going to sell or, how productive somebody will be, those data points and facts and figures come into play when it comes to AI.
On a threat side, being able to even detect an insider threat. To solve this, what we did with CodeLock is, is we ultimately built out an ecosystem. We’re going to ingest, process, and transfer massive amounts of unique or otherwise unavailable data. Every commit that’s made by the developer, along with the extracted and attached metadata gets collected, collated, and considered when we look at our algorithms and our decision points.
We use an ensemble approach with a collection of ML and AI algorithms. I’ll let Dr and his team get into the specifics and math and all that. But in Plain English: We use some very cool and sophisticated mathematics to classify and categorize various variables in order to identify patterns, disclose anomalies, forecast trends, and reveal connections between individuals, events, locations, and other entities and instances that are consistent with concerning behaviors, and which can be used to facilitate performance and security improvements.
How does CodeLock handle insider threats, and what features are in place to safeguard against potential internal risks?
As I mentioned in the previous question, AI/ML is a great resource for finding insider threats within an organization. CodeLock’s forensic chain of custody also plays a major role in establishing non-repudiation and pointing the figure back at the source of the problem.
Now this does not have to be a covert spy within the organization. An insider threat could just be an employee who injects some sort of malicious code as a precaution or back up if he or she ever wanted to retaliate against the company. Say for not getting a raise or untimely being fired.
What trends do you anticipate in the field of software monitoring and tracking, and how might these impact the overall security posture of businesses?
The 2 big trends that I see are automation and consolidation.
When you’re thinking about tools, specifically anything dealing with software development, they have to run in the background. Additionally, you have to allow the software developers to do their job and then the security engineers have to be able to accomplish their mission and critical tasks, the goal of any business is to make money, but there’s often this conflict between getting the product and the code out faster versus slowing it down and keeping it safer. So being able to come up with ways to do that and show that value becomes important, and automation becomes a key part of that.
Consolidation is big as well. Go to any of the major cyber events, whether it’s RSA or Black Hat, and you’ll see thousands of vendors, and customers are getting overwhelmed with people coming up with new things. So I think the days of having a tool that does one single thing are kind of past. You’re going to see more consolidation and having more platforms that can do more for the client within a single piece of software program.