Introducing Co3's Security Incident Response Module
-
Upload
co3-systems -
Category
Technology
-
view
578 -
download
1
description
Transcript of Introducing Co3's Security Incident Response Module
Automated Incident Response
Introducing Co3’s Security Incident
Response Module
Page 2
Agenda
• Introductions
• System Overview
• Demo
• Overall release highlights
• S-IR module
• Q&A
Page 3
Automating IR – Based On ER Standards
Prepare
Improve Organizational
Readiness
• Invite team members
• Fine-tune response policies
and procedures
• Run simulations
(firedrills / table tops)
Report
Document Results
& Improve Performance
• Generate reports for management,
auditors, and authorities
• Document results
• Conduct post-mortem
• Update policies and procedures
• Track evidence
• Evaluate historical performance
Assess
Identify and Evaluate
Incidents
• Engage appropriate team members
• Evaluate precursors and indicators
• Track incidents, maintain logbook
• Automatically prioritize activities
based on criticality
• Log evidence
• Generate assessment summaries
Manage
Contain, Eradicate,
and Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment
strategy
• Isolate and remediate cause
• Instruct evidence gathering and
handling
Page 4
Co3 Advisory Board
Dr. Larry Ponemon
Founder & Chairman, Ponemon Institute
Gerhard Eschelbeck
CTO & SVP Sophos, CTO Webroot, CTO Qualys
Stuart McClure
CEO Cylance, CTO McAfee, COO Foundstone
Andrew Serwin
One of world’s leading Privacy and
Security Attorneys
Chris McLellan
CISO Hubspot, CSO Fidelity, CISO State Street
Joseph DeSalvo
CISO Iron Mountain, FBI Special Officer
Eugene Kuznetsov
Founder DataPower, Abine
Samir Kapuria
VP Business Strategy and Security Intelligence
Symantec
Bruce Schneier
Internationally renowned security expert,
CTO BT/Counterpane
Andrew Jaquith
CTO SilverSky (ePerimeter Security), Forrester
Research
Patricia Titus
CISO Symantec, Unisys
Page 5
Co3 System Modules
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013
“…an invaluable weapon when responding to
security incidents.”
GOVERNMENT COMPUTER NEWS – APRIL 2013
“Co3 makes the process of planning for a
nightmare scenario as painless as possible,
making it an Editors' Choice.”
PC Magazine – May 2013
• Regulations knowledgebase
• Instant IR plans
• Assessments / PIAs
• Simulations / firedrills
“Co3…defines what software packages for
privacy look like.”
GARTNER
Co3 “is comprehensive, user friendly, and
very well designed.”
PONEMON INSTITUTE
• Best practices knowledgebase
• Dashboards, reports, and
analytics
• Collaboration features
Page 6
System Overview
SSAE-16 SOC2 certified
hosting facility
Event-Entry Wizard
Knowledgebase
Live IR Plans
Reporting
Page 7
Best-of-Breed IR Plan Construction
Regulatory Requirements HIPAA / HITECH, PCI-DSS, State / Region Breach Disclosure Laws, SEC / FINRA, GLB, etc.
Industry Standard Frameworks NIST, CERT, SANS, etc. – apply to all incident types
Organizational Standards / Best Practices / Requirements Custom tasks, like contractual requirements, that are unique to the organization and apply to all incidents
Organizational Best-Practices & Requirements / Incident Type
Custom tasks that are unique to this type of incident
Industry Best-Practices / Incident Type Recommended by industry groups such as STIGs,
FFIEC, COSO
Vendor Best Practices / Intelligence Feeds 3rd party product-specific tasks / 3rd party intelligence feeds
Community Recommendations / Intelligence Anonymized correlation with similar incidents / response plans
Co3 Systems Inc. – Proprietary and Confidential 7
POLL #1
DEMO – PT 1
POLL #2
DEMO – PT 2
QUESTIONS
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013
“…an invaluable weapon when
responding to security incidents.”
GOVERNMENT COMPUTER NEWS – APRIL 2013
“Co3 makes the process of planning for a
nightmare scenario as painless as
possible, making it an Editors' Choice.”
PC Magazine – May 2013