informa
/
Vulnerabilities/Threats
News

Invisible Things Comes to Light

Joanna Rutkowska gives the lowdown on what her new company will do

5:30 PM -- Just a few days after researcher Joanna Rutkowska went public with the name of her new startup Invisible Things Lab and even before its Website went live, another Website was suspiciously already up and running with the same name (but with a .net suffix).

Rutkowska has been secretive about just what Invisible Things Lab is really up to, preferring to talk more about her upcoming training sessions at Black Hat USA. So she was surprised to see a company or fake firm possibly trying to ride her coattails already. But imitation is the highest form of flattery. (See Rutkowska Launches Own Startup.)

Rutkowska says her site is now live, and she's now sharing details of just what this new company (made up of her and fellow researcher Alex Tereshkin, aka "90210") is all about. She says the firm will focus on operating system security, as in system compromises, stealth malware, antivirus and host intrusion prevention assessment, and OS-hardening, for instance. It won't be doing application security.

Invisible Things Lab will work with security vendors such as AV and OS vendors that want their products assessed before they go to market, Rutkowksa says, as well as with enterprises that want unbiased security evaluations of products they are shopping for. The company also will work with government, law enforcement, and forensics investigators that want to learn more about stealth malware, or need help with their "interesting" investigations, she says. "We're not really interested in fighting the "usual" incidents -- spam, worms, traditional botnets -- we would like to focus on more subtle and more sophisticated incidents."

She hopes to work with vendors who want to bounce their ideas off her and Tereshkin, or those who want advice on potential risks. "We could either do the product-oriented assessment or more design-oriented consulting, where the latter has an advantage of allowing our clients not to share all their trade secrets with us, which I know is very important for many vendors," she says.

This doesn't mean Rutkowska is going all business, though. Research is still her main interest. "I hope that every project will require some new research," she says. "Otherwise, it would be boring work. We're definitely not interested in routine tasks," such as traditional penetration testing, she says.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5