Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:37 PM
Dark Reading
Dark Reading
Products and Releases

Co3 Systems Delivers Security Incident Response In Major Platform Expansion

Provides automated, single-pane incident management in a secure, isolated environment for general security incidents

CAMBRIDGE, Mass. – February 26, 2013 – Co3 Systems, a pioneer in Incident Response software, today announced a major expansion to its industry-first, SaaS-based incident response platform. Complementing and extending the expertise and proven success of the company's flagship Privacy module, the new Security module is the first solution available from any vendor that provides automated, single-pane incident management in a secure, isolated environment for general security incidents including malware infections,Distributed Denial of Service attacks (DDoS) and Advanced Persistent Threats (APTs). As a result, internal incident response teams and incident response service providers can achieve unprecedented levels of effectiveness, accuracy, consistency and compliance, while substantially reducing expense and risk.

The inevitability of compromise today is impossible to ignore, and by many estimates, irresponsible. The Ponemon Institute estimates that slow response to any security incident can be extremely costly –and is getting more expensive every year as attacks become more aggressive and sophisticated. Over the past two years, Ponemon estimates the average time to resolve a cyberattack has grown to 24 days from 18, with an average cost for participating organizations rising to $591,780 from $415,748 –a 42% increase. This "ticking time bomb" is driving explosive growth in an Enterprise Incident Response market predicted to total $14.79 billion by 2017.

Forrester Analyst Rick Holland, in a January report titled, "Five Steps To Build An Effective Threat Intelligence Capability," stressed the need for a focus on incident response and leveraging technology to accelerate intelligence assimilation and process improvement. Holland said, "In today's threat landscape, mature incident response is critical, yet it is very immature at most companies... Mature incident response (IR) consists of technology but also, most importantly, people, process, and oversight."

Even with the most mature internal response teams or external incident response firms, resource coordination and process management are significantly underdeveloped. Domain expertise resides in the minds of team members, and is neither complemented by nor manifested in technology. Tracking processes are generally manual, cumbersome, highly distributed and insecure, leveraging "traditional IT" such as email and spreadsheets--which in some cases become themselves a vulnerability for firms. Process and organizational improvement are very difficult to accomplish, inconsistent and dependent on individual input.

Co3's Privacy module was the market's first daily use and preparedness tool for privacy incidents and is considered today as the industry standard. It provides an easy, automated way to ensure consistency and accountability--across teams, organizations and external stakeholders-- in managing incidents that concern Personally Identifiable Information (PII). Building on this strong and proven foundation, Co3's Security module extends the capability to security events such as malware infections, phishing-related compromise, Distributed Denial of Service (DDoS) attacks, device or Intellectual Property theft and system intrusions.

Co3 Security Incident Management encompasses all phases of incident response, from planning and "fire drill" testing, through codifying best practices into a repeatable response system and subsequent analysis and reporting tools. Benefits of the module include:

· Organizational Readiness--allows organizations to account for and enroll all response team stakeholders, validate and encode response policies and procedures and categorize and profile critical networks and systems

· Event Identification and Assessment--enables immediate alerting of/engagement with all team members, evaluation of incident precursors and indicators, automatic prioritization and assignment of activities, tracking of events/ maintaining logbooks, logging of evidence and generation of assessment summaries

· Incident Containment, Eradication and Recovery-- provides real-time IR plan generation, complete team response coordination, containment strategy selection, cause isolation and evidence gathering and handling instruction

· Post-Incident Capture--establishes a central resource for incident results documentation, lessons learned assessment, policy/procedure updates, reporting to authorities, evidentiary retention and historical performance tracking

"The common refrain in the security industry is that there are two kinds of customers, those who have been hacked and those who don't yet know they have been," said John Bruce, CEO at Co3 Systems. "The reality is that every organization at some level is living in a state of compromise, or at least significant exposure. It's well accepted that the question is no longer when companies will suffer an incident, but rather what are they going to do on the day they discover it. While preventative and detective technologies are absolutely critical in reducing exposure, what Co3 has done with our Privacy and Security modules is give companies the ability to not only recover faster, but also develop the organizational competency to attend to them better over time."

Pricing and Availability

The Co3 Security module is available immediately and licensed annually by the number of seats.

Follow Co3 Systems:

Co3 Systems Blog: https://www.co3sys.com/blog

Videos: https://www.co3sys.com/product-videos

Events & Webinar Series: https://www.co3sys.com/news/events

Twitter: @co3sys

About Co3 Systems

Headquartered in Cambridge, MA, Co3 Systems is an innovator in Incident Response Management solutions. The company's SaaS-based offering enables organizations of all sizes to efficiently prepare for and rapidly manage the Response Process for Security Incidents and Privacy breach events. Companies using Co3 demonstrably minimize the costs resulting from incidents. With funding from Fairhaven Capital, the company's executive team and advisors comprise experts from world-leading security, privacy, software and service organizations. On the web at www.co3sys.com


Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the ship...
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.
PUBLISHED: 2020-08-04
An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attack...