Automated Incident Response

Introducing Co3’s Security Incident

Response Module

Page 2

Agenda

• Introductions

• System Overview

• Demo

• Overall release highlights

• S-IR module

• Q&A

Page 3

Automating IR – Based On ER Standards

Prepare

Improve Organizational

Readiness

• Invite team members

• Fine-tune response policies

and procedures

• Run simulations

(firedrills / table tops)

Report

Document Results

& Improve Performance

• Generate reports for management,

auditors, and authorities

• Document results

• Conduct post-mortem

• Update policies and procedures

• Track evidence

• Evaluate historical performance

Assess

Identify and Evaluate

Incidents

• Engage appropriate team members

• Evaluate precursors and indicators

• Track incidents, maintain logbook

• Automatically prioritize activities

based on criticality

• Log evidence

• Generate assessment summaries

Manage

Contain, Eradicate,

and Recover

• Generate real-time IR plan

• Coordinate team response

• Choose appropriate containment

strategy

• Isolate and remediate cause

• Instruct evidence gathering and

handling

Page 4

Co3 Advisory Board

Dr. Larry Ponemon

Founder & Chairman, Ponemon Institute

Gerhard Eschelbeck

CTO & SVP Sophos, CTO Webroot, CTO Qualys

Stuart McClure

CEO Cylance, CTO McAfee, COO Foundstone

Andrew Serwin

One of world’s leading Privacy and

Security Attorneys

Chris McLellan

CISO Hubspot, CSO Fidelity, CISO State Street

Joseph DeSalvo

CISO Iron Mountain, FBI Special Officer

Eugene Kuznetsov

Founder DataPower, Abine

Samir Kapuria

VP Business Strategy and Security Intelligence

Symantec

Bruce Schneier

Internationally renowned security expert,

CTO BT/Counterpane

Andrew Jaquith

CTO SilverSky (ePerimeter Security), Forrester

Research

Patricia Titus

CISO Symantec, Unisys

Page 5

Co3 System Modules

“One of the hottest products at RSA…”

NETWORK WORLD – FEBRUARY 2013

“…an invaluable weapon when responding to

security incidents.”

GOVERNMENT COMPUTER NEWS – APRIL 2013

“Co3 makes the process of planning for a

nightmare scenario as painless as possible,

making it an Editors' Choice.”

PC Magazine – May 2013

• Regulations knowledgebase

• Instant IR plans

• Assessments / PIAs

• Simulations / firedrills

“Co3…defines what software packages for

privacy look like.”

GARTNER

Co3 “is comprehensive, user friendly, and

very well designed.”

PONEMON INSTITUTE

• Best practices knowledgebase

• Dashboards, reports, and

analytics

• Collaboration features

Page 6

System Overview

SSAE-16 SOC2 certified

hosting facility

Event-Entry Wizard

Knowledgebase

Live IR Plans

Reporting

Page 7

Best-of-Breed IR Plan Construction

Regulatory Requirements HIPAA / HITECH, PCI-DSS, State / Region Breach Disclosure Laws, SEC / FINRA, GLB, etc.

Industry Standard Frameworks NIST, CERT, SANS, etc. – apply to all incident types

Organizational Standards / Best Practices / Requirements Custom tasks, like contractual requirements, that are unique to the organization and apply to all incidents

Organizational Best-Practices & Requirements / Incident Type

Custom tasks that are unique to this type of incident

Industry Best-Practices / Incident Type Recommended by industry groups such as STIGs,

FFIEC, COSO

Vendor Best Practices / Intelligence Feeds 3rd party product-specific tasks / 3rd party intelligence feeds

Community Recommendations / Intelligence Anonymized correlation with similar incidents / response plans

Co3 Systems Inc. – Proprietary and Confidential 7

POLL #1

DEMO – PT 1

POLL #2

DEMO – PT 2

QUESTIONS

One Alewife Center, Suite 450

Cambridge, MA 02140

PHONE 617.206.3900

WWW.CO3SYS.COM

“One of the hottest products at RSA…”

NETWORK WORLD – FEBRUARY 2013

“…an invaluable weapon when

responding to security incidents.”

GOVERNMENT COMPUTER NEWS – APRIL 2013

“Co3 makes the process of planning for a

nightmare scenario as painless as

possible, making it an Editors' Choice.”

PC Magazine – May 2013