Co3 Security Updates May Help Break The Kill Chain

A who’s who of the information security industry will gather in Las Vegas at the end of July for Black Hat USA 2013, including Co3 Systems, which plans to make life easier for security professionals. The Cambridge, MA-based security incident response specialist will be formally unveiling a significant expansion of its Security Module with the ability to capture incident artifacts and automatically identify, correlate and diagnose them.

The enhancements have the potential do what the intelligence industry calls “break the kill chain”, said Ted Julian, CMO. According to an RSA whitepaper Stalking The Kill Chain, the concept of the attacker kill chain was introduced in 2009, breaking down the attacker methodology into a series of sequential stages: Reconnaissance; Weaponization; Delivery; Exploitation; Command and Control; and Exfiltration.

More information, more users and more devices is the ‘unholy troika of information security, and with all three growing exponentially, and defenders primarily in a reactive mode, finding out what’s going on as quickly as possible is of paramount importance. Unfortunately, the current reality is that more than six out of ten organizations hit by data breaches take longer than three months to notice what has happened, 14% of attacks aren’t detected for up to two years, and 5% take even longer than that.

The future looks even more dismal from a CSO perspective, according to Gartner, which has predicted that by 2019, 90% of organizations will have personal data on IT systems that they don’t own or control. “As the amount of personal information increases multifold, individuals and their personal data will increasingly become a security target. And, yet in most scenarios the organization is still ultimately accountable for the personal data on its IT systems,” said Carsten Casper, research vice president at Gartner.

Nearly half (49%) of organizations plan to increase their information security this year, according to a survey by Enterprise Strategy Group. According to Gartner, the worldwide security technology and services market is forecast to reach $67.2 billion in 2013, up 8.7% from 2012, and to more than $86 billion in 2016.

The security industry has gone through several stages, from the initial on prevention, to the realization that you can’t prevent everything, so you need to be able to detect everything, said Julian. However, as recent high-profile breeches indicate, “everybody is breached”, and if it can happen to the likes of Google and NSA, “what are mere mortals expected to do?”

So the next stage is response. If breaches happen to everybody, security professionals won’t be fired if a breach happens, but they will if they screw up the response, he said. One beta user of the Co3 enhancements, a financial services organization with billions of dollars under management, cut their incident response time by 90%, said Julian.

Co3 also just announced the addition of coverage for privacy regulations in the European Union to its Privacy Module, enabling organizations to more easily navigate the differences in the definition, regulation and communication of data breaches involving Personally Identifiable Information (PII) between the U.S. and the EU. Co3 also updated its knowledgebase to cover the latest in the constantly changing U.S. state privacy breach regulations.

According to a prepared statement from Larry Ponemon, chairman and founder of the Ponemon Institute, privacy has the potential to be a new ‘Cold War’ between the U.S. and the EU. “There are massive differences in economic and philosophical approaches to PII that put any organization that does business internationally at risk of substantial fines and loss of revenue, should they not comply with the letter of the laws.”

Launched earlier this year, Co3s’ Security Module new functionality includes:

-Incident Artifact Capture allows the specific attributes of an incident to be automatically integrated into the response management process for exact context;

-Threat Intelligence Integration automatically searches for and correlates artifact details and context with known active campaigns to identify potential actors, means, or attack methods (initial feeds include iSIGHT Partners, AlienVault, and SANS);

-Predictive Control aligns response process with specific business needs including an improved incident timeline with milestone tracking to measure organizational performance and an improved task burn-down chart to highlight problems before they occur; and,

-Customizable task instances allows organizations to tailor response plans to their unique requirements, transforming the basis for incident response from static binders to an always up-to-date, repeatable and expert system.


Author: Steve Wexler

Share This Post On

Leave a Reply