Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/25/2013
02:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Co3 Systems Delivers Security Incident Response In Major Platform Expansion

Provides automated, single-pane incident management in a secure, isolated environment for general security incidents

CAMBRIDGE, Mass. – February 26, 2013 – Co3 Systems, a pioneer in Incident Response software, today announced a major expansion to its industry-first, SaaS-based incident response platform. Complementing and extending the expertise and proven success of the company's flagship Privacy module, the new Security module is the first solution available from any vendor that provides automated, single-pane incident management in a secure, isolated environment for general security incidents including malware infections,Distributed Denial of Service attacks (DDoS) and Advanced Persistent Threats (APTs). As a result, internal incident response teams and incident response service providers can achieve unprecedented levels of effectiveness, accuracy, consistency and compliance, while substantially reducing expense and risk.

The inevitability of compromise today is impossible to ignore, and by many estimates, irresponsible. The Ponemon Institute estimates that slow response to any security incident can be extremely costly –and is getting more expensive every year as attacks become more aggressive and sophisticated. Over the past two years, Ponemon estimates the average time to resolve a cyberattack has grown to 24 days from 18, with an average cost for participating organizations rising to $591,780 from $415,748 –a 42% increase. This "ticking time bomb" is driving explosive growth in an Enterprise Incident Response market predicted to total $14.79 billion by 2017.

Forrester Analyst Rick Holland, in a January report titled, "Five Steps To Build An Effective Threat Intelligence Capability," stressed the need for a focus on incident response and leveraging technology to accelerate intelligence assimilation and process improvement. Holland said, "In today's threat landscape, mature incident response is critical, yet it is very immature at most companies... Mature incident response (IR) consists of technology but also, most importantly, people, process, and oversight."

Even with the most mature internal response teams or external incident response firms, resource coordination and process management are significantly underdeveloped. Domain expertise resides in the minds of team members, and is neither complemented by nor manifested in technology. Tracking processes are generally manual, cumbersome, highly distributed and insecure, leveraging "traditional IT" such as email and spreadsheets--which in some cases become themselves a vulnerability for firms. Process and organizational improvement are very difficult to accomplish, inconsistent and dependent on individual input.

Co3's Privacy module was the market's first daily use and preparedness tool for privacy incidents and is considered today as the industry standard. It provides an easy, automated way to ensure consistency and accountability--across teams, organizations and external stakeholders-- in managing incidents that concern Personally Identifiable Information (PII). Building on this strong and proven foundation, Co3's Security module extends the capability to security events such as malware infections, phishing-related compromise, Distributed Denial of Service (DDoS) attacks, device or Intellectual Property theft and system intrusions.

Co3 Security Incident Management encompasses all phases of incident response, from planning and "fire drill" testing, through codifying best practices into a repeatable response system and subsequent analysis and reporting tools. Benefits of the module include:

· Organizational Readiness--allows organizations to account for and enroll all response team stakeholders, validate and encode response policies and procedures and categorize and profile critical networks and systems

· Event Identification and Assessment--enables immediate alerting of/engagement with all team members, evaluation of incident precursors and indicators, automatic prioritization and assignment of activities, tracking of events/ maintaining logbooks, logging of evidence and generation of assessment summaries

· Incident Containment, Eradication and Recovery-- provides real-time IR plan generation, complete team response coordination, containment strategy selection, cause isolation and evidence gathering and handling instruction

· Post-Incident Capture--establishes a central resource for incident results documentation, lessons learned assessment, policy/procedure updates, reporting to authorities, evidentiary retention and historical performance tracking

"The common refrain in the security industry is that there are two kinds of customers, those who have been hacked and those who don't yet know they have been," said John Bruce, CEO at Co3 Systems. "The reality is that every organization at some level is living in a state of compromise, or at least significant exposure. It's well accepted that the question is no longer when companies will suffer an incident, but rather what are they going to do on the day they discover it. While preventative and detective technologies are absolutely critical in reducing exposure, what Co3 has done with our Privacy and Security modules is give companies the ability to not only recover faster, but also develop the organizational competency to attend to them better over time."

Pricing and Availability

The Co3 Security module is available immediately and licensed annually by the number of seats.

Follow Co3 Systems:

Co3 Systems Blog: https://www.co3sys.com/blog

Videos: https://www.co3sys.com/product-videos

Events & Webinar Series: https://www.co3sys.com/news/events

Twitter: @co3sys

About Co3 Systems

Headquartered in Cambridge, MA, Co3 Systems is an innovator in Incident Response Management solutions. The company's SaaS-based offering enables organizations of all sizes to efficiently prepare for and rapidly manage the Response Process for Security Incidents and Privacy breach events. Companies using Co3 demonstrably minimize the costs resulting from incidents. With funding from Fairhaven Capital, the company's executive team and advisors comprise experts from world-leading security, privacy, software and service organizations. On the web at www.co3sys.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14174
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5....
CVE-2019-20901
PUBLISHED: 2020-07-13
The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.
CVE-2019-20898
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions are before version 8.8.0.
CVE-2019-20899
PUBLISHED: 2020-07-13
The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affected versions are before version 8.5.4, and from version 8.6.0 before 8.6.1.
CVE-2019-20900
PUBLISHED: 2020-07-13
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The affected versions are before version 8.7.0.