Cyber security may be built on three pillars – prevention, detection and response – but response is the weak link, and that has to change, said Co3 Systems CEO John Bruce. He figures the first two each account for $30 billion in expenditures annually, but response is only a fraction of that, and his company would like to at least begin to rectify this situation with an expansion to its SaaS-based incident response platform.
While the security industry continues to churn out detection and prevention solutions, very little has been done to improve response—to help organizations manage the inevitability of a security incident, he stated. Bruce expects response to eventually be as large as the other pillars, this segment is only expected to grow to $2-3 billion in the next couple of years, he said.
Referencing last year’s RSA conference keynote from FBI Director Robert Mueller, Bruce said there are two kinds of security customers, those who have been hacked and those who don’t yet know they have been. According to a recent report, more than six out of ten organizations hit by data breaches take longer than three months to notice what has happened with a few not uncovering attacks for years; 14% of attacks aren’t detected for up to two years, and 5% take even longer than that.
Slow response to any security incident can be extremely costly, and it’s only getting worse, according to the company and Ponemon Institute data. Over the past two years, Ponemon estimates the average cost for resolving cyber attacks has risen 42% from $415,748 to $591,780. This ‘ticking time bomb’ is driving explosive growth in enterprise incident response market predicted to total $14.79 billion by 2017.
Over time Bruce expects the bigger security vendors will want to enter the response market, but believes they will struggle in a multi-vendor environment. He said Co3’s vendor-neutral response will give it an advantage, and the real competition will come from non-security vendors.
The security industry has changed a lot, said the company. Initially, vendors promoted preventative solutions, but that didn’t work out too well. The next step was detection, but now the realization is growing that these solutions don’t always hold up, it will fail, and when it does, you have to respond.
In January Co3 reported that bookings and customers increased 400% in Q4 2012, aided no doubt by the more than 33% increase in 2012 data breaches, to over 1,400, according to datalossdb.org. At that time Bruce said the company’s innovation and its reception by the market can be attributed to keeping in lockstep with a highly dynamic regulatory environment, enhancing our knowledgebase to encompass a broader range of incident types and delivering a straightforward, end-to-end experience for organizations to manage the complexity associated with incidents.
Co3’s new security module is first solution to provide automated, single-pane incident management in a secure, isolated environment for general security incidents including malware infections, Distributed Denial of Service attacks and Advanced Persistent Threats. Building on the company’s Privacy offering, the new module extends the capability to security events such as malware infections, Phishing-related compromise, DDoS attacks, device or intellectual property theft and system intrusions, said Bruce. The Security Incident Management encompasses all phases of incident response, from planning and “fire drill” testing, through codifying best practices into a repeatable response system and subsequent analysis and reporting tools.