Entries Tagged "Co3 Systems"

Page 1 of 1

Co3 Systems Changes Its Name to Resilient Systems

Today my company, Co3 Systems, is changing its name to Resilient Systems. The new name better reflects who we are and what we do. Plus, the old name was kind of dumb.

I have long liked the term “resilience.” If you look around, you’ll see it a lot. It’s used in human psychology, in organizational theory, in disaster recovery, in ecological systems, in materials science, and in systems engineering. Here’s a definition from 1991, in a book by Aaron Wildavsky called Searching for Safety: “Resilience is the capacity to cope with unanticipated dangers after they have become manifest, learning to bounce back.”

The concept of resilience has been used in IT systems for a long time.

I have been talking about resilience in IT security — and security in general — for at least 15 years. I gave a talk at an ICANN meeting in 2001 titled “Resilient Security and the Internet.” At the 2001 Black Hat, I said: “Strong countermeasures combine protection, detection, and response. The way to build resilient security is with vigilant, adaptive, relentless defense by experts (people, not products). There are no magic preventive countermeasures against crime in the real world, yet we are all reasonably safe, nevertheless. We need to bring that same thinking to the Internet.”

In Beyond Fear (2003), I spend pages on resilience: “Good security systems are resilient. They can withstand failures; a single failure doesn’t cause a cascade of other failures. They can withstand attacks, including attackers who cheat. They can withstand new advances in technology. They can fail and recover from failure.” We can defend against some attacks, but we have to detect and respond to the rest of them. That process is how we achieve resilience. It was true fifteen years ago and, if anything, it is even more true today.

So that’s the new name, Resilient Systems. We provide an Incident Response Platform, empowering organizations to thrive in the face of cyberattacks and business crises. Our collaborative platform arms incident response teams with workflows, intelligence, and deep-data analytics to react faster, coordinate better, and respond smarter.

And that’s the deal. Our Incident Response Platform produces and manages instant incident response plans. Together with our Security and Privacy modules, it provides IR teams with best-practice action plans and flexible workflows. It’s also agile, allowing teams to modify their response to suit organizational needs, and continues to adapt in real time as incidents evolve.

Resilience is a lot bigger than IT. It’s a lot bigger than technology. In my latest book, Data and Goliath, I write: “I am advocating for several flavors of resilience for both our systems of surveillance and our systems that control surveillance: resilience to hardware and software failure, resilience to technological innovation, resilience to political change, and resilience to coercion. An architecture of security provides resilience to changing political whims that might legitimize political surveillance. Multiple overlapping authorities provide resilience to coercive pressures. Properly written laws provide resilience to changing technological capabilities. Liberty provides resilience to authoritarianism. Of course, full resilience against any of these things, let alone all of them, is impossible. But we must do as well as we can, even to the point of assuming imperfections in our resilience.”

I wrote those words before we even considered a name change.

Same company, new name (and new website). Check us out.

Posted on February 17, 2015 at 6:53 AMView Comments

Co3 Systems Is Hiring

At the beginning of the year, I announced that I’d joined Co3 Systems as its CTO. Co3 Systems makes coordination software — what I hear called workflow management — for incident response. Here’s a 3:30-minute video overview of how it works. It’s old; we’ve put a whole bunch of new features in the system since we made that.

We’ve had a phenomenal first two quarters, and we’re growing. We’re hiring for a bunch of positions, including a production ops engineer, an incident response specialist, and a software engineer.

Posted on June 20, 2014 at 2:19 PMView Comments

Details of the Target Credit Card Breach

Long and interesting article about the Target credit card breach from last year. What’s especially interesting to me is that the attack had been preventable, but the problem was that Target messed up its incident response.

In testimony before Congress, Target has said that it was only after the U.S. Department of Justice notified the retailer about the breach in mid-December that company investigators went back to figure out what happened. What it hasn’t publicly revealed: Poring over computer logs, Target found FireEye’s alerts from Nov. 30 and more from Dec. 2, when hackers installed yet another version of the malware. Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network. Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.

This is exactly the sort of thing that my new company, Co3 Systems, solves. All of those next-generation endpoint detection systems, threat intelligence feeds, and so on only matter if you do something in response to them. If Target had had incident response procedures in place, and a system in place to ensure they followed those procedures, it would have been much more likely to have responded to the alerts it received from FireEye.

This is why I believe that incident response is the most underserved area of IT security right now.

Posted on March 17, 2014 at 9:10 AMView Comments

Co3 Systems at the RSA Conference

Co3 Systems is going to be at the RSA Conference. We don’t have our own booth on the show floor, but there are four ways you can find us. Monday, we’re at the Innovation Sandbox: 1:00–5:00 in Moscone North. At the conference, we’re in the RSA Security booth. Go to the SecOps section of the booth and ask about us. We’ll be happy to show you our incident response coordination system. We’re hosting an Incident Response Forum on Tuesday night with partners HP, CSC, and iSight Partners for select companies and individuals. We also have a demo suite in the St. Regis Hotel. E-mail me if you want to get on the schedule for either of those two.

Posted on February 21, 2014 at 2:06 PMView Comments

I’ve Joined Co3 Systems

For decades, I’ve said that good security is a combination of protection, detection, and response. In 1999, when I formed Counterpane Internet Security, I focused the company on what was then the nascent area of detection. Since then, there have been many products and services that focus on detection, and it’s a huge part of the information security industry. Now, it’s time for response. While there are many companies that offer services to aid in incident response — mitigation, forensics, recovery, compliance — there are no comprehensive products in this area.

Well, almost none. Co3 Systems provides a coordination system for incident response. I think of it as a social networking site for incident response, though the company doesn’t use this term. The idea is that the system generates your incident response plan on installation, and when something happens, automatically executes it. It collects information about the incident, assigns and tracks tasks, and logs everything you do. It links you with information you might need, companies you might want to talk to, and regulations you might be required to comply with. And it logs everything, so you can demonstrate that you followed your response plan and thus the law — or see how and where you fell short.

Years ago, attacks were both less frequent and less serious, and compliance requirements were more modest. But today, companies get breached all the time, and regulatory requirements are complicated — and getting more so all the time. Ad hoc incident response isn’t enough anymore. There are lots of things you need to do when you’re attacked, both to secure your network from the attackers and to secure your company from litigation.

The problem with any emergency response plan is that you only need it in an emergency. Emergencies are both complicated and stressful, and it’s easy for things to fall through the cracks. It’s critical to have something — a system, a checklist, even a person — that tracks everything and makes sure that everything that has to get done is.

Co3 Systems is great in an emergency, but of course you really want to have installed and configured it before the emergency.

It will also serve you better if you use it regularly. Co3 Systems is designed to be valuable for all incident response, both the mundane and the critical. The system can record and assess everything that appears abnormal. The incident response plans it generates make it easy, and the intelligence feeds make it useful. If Co3 Systems is already in place, when something turns out to be a real incident, it’s easy to escalate it to the next level, and you’ll be using tools you’re already familiar with.

Co3 Systems works either from a private cloud or on your network. I think the cloud makes more sense; you don’t want to coordinate incident response from the network that is under attack. And it’s constantly getting better as more partner companies integrate their information feeds and best practices. The company has launched some of these partnerships already, and there are some major names soon to be announced.

Today I am joining Co3 Systems as its Chief Technology Officer. I’ve been on the company’s advisory board for about a year, and was an informal adviser to CEO John Bruce before that. John and I worked together at Counterpane in the early 2000s, and we both think this is a natural extension to what we tried to build there. I also know CMO Ted Julian from his days at @Stake. Together, we’re going to build the incident response product.

I’m really excited about this — and the fact that the company headquarters are just three T stops inbound to Harvard and the Berkman Center makes it even more perfect.

Posted on January 6, 2014 at 6:18 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.