Enterprises have tools to help them manage every part of the IT chain so why not the complex aftermath of security and data breaches?
According to US startup Co3 Systems, which is launching in the UK and Europe this week, organisations typically use spreadsheets to organise their response to such incidents, a labour-intensive and uncertain approach that fails in an age when even smaller enterprises experience a steady stream of breaches.
Backed by respected security luminary Bruce Schneier, who joined as CTO in January, the firm’s alternative is a dedicated platform (available as a server or SaaS) that generates detailed response plans for security and privacy breach incidents of every kind.
As Schneier himself summed it up when he joined Co3: “Ad hoc incident response isn't enough anymore. There are lots of things you need to do when you're attacked, both to secure your network from the attackers and to secure your company from litigation.”
It sounds like a great idea but the fact that Co3 is the only firm that has so far attempted this might have something to do with the sheer complexity of turning incident response into something that can meet an organisation’s needs no matter where it is located (local compliance and notification is notoriously varied) while also coordinating team of people looking at a mass of events.
Co3 hopes that the fact it now has a European-based customer to go with the 30 or so it has signed up in the US will give the technology credibility. Having the intellectual Schneier onboard also helps.
In practice, an organisation would use the platform to classify an incident (malware, intrusion, multi-faceted attack, data breach or the loss of equipment such as a laptop), after which the system would generate a detailed incident plan of action. This covers not only the complex process of assessment broken down into collaborative parts but, where necessary, gives information on disclosure including which phones numbers to call.
“Even modest organisations routinely have incidents. Even a lost laptop has regulatory requirements that have to be tracked and disclosed,” said Co3 Systems co-founder and CMO, Ted Julian. “You are hoping things don’t fall between cracks.”
In Julian’s view, without tools organisations are left to wing it on their own, which can turn incident response into a time-consuming and unreliable chore. When the same type of incident occurs over and over, it becomes almost impossible to learn from previous responses.
One disclosed customer, US Funds, had been able to “respond to incidents in one tenth of the time,” said Julian. Using a tool to manage the process allowed ever member of the IT or management team to get a real-time view on any incident as it was being dealt with.
Co3 sells the platform on a subscription basis with two components (Security and Privacy) in either 10 or 20 seats. Most customers have opted for a SaaS model but an internal server is also available for those with additional security requirements. The platform can be integrated with HP’s ArcSight SIEM with support for others promised for the future.