Co3 Systems: Simplifying incident management
In April 2012, we looked at a neat concept for managing security breaches where the focus of the breach was on privacy. Co3 Systems is a cloud-based service that takes everything one needs to know about their organization, meshes it with an extensive knowledge base containing everything one needs to know about the breach management process, procedure and law, and walks responders through the response to the breach. It uses a lifecycle approach, and once the admin sets up an organization, staying current is simple. Most of the heavy lifting - laws, best practices, state breach reporting acts, etc. - is done by Co3 Systems.
When we say that this is a lifecycle approach, we really are pointing out the greatest single strength of this service. Breaches have a beginning and an end, to be sure, but an organization's preparation for and response to a breach is anything but short-term. The lifecycle of a breach, from the victim's perspective, begins with preparation and then requires assessment of the situation to determine if, under the various state laws, a breach has occurred. Subsequently, this leads to management of the breach and ends with reporting as necessary. If one ever is breached - where personally identifiable information is compromised - a simple description represents anything but a simple process.
Today, the notion of a security breach is almost as complicated as the technologies involved. Everything starts with preparation, and that means identifying procedures and people, which requires refreshing on a regular basis. That means running simulations. Every incident response manager has faced the planning, organizing and reviewing headaches that goes with developing, running and analyzing simulations, but with Co3 Systems much of the organizational and planning work is done. When it comes time to critique the exercise, the metrics are available and the process is simplified.
One of the big questions in the lifecycle of an incident is determining if there actually is a breach at all. Here is where all of the preparation comes together to assist the response team in making that determination. If there is a breach, the process that is pre-determined in the preparation phase kicks in and the incident investigation can proceed smoothly and efficiently with appropriate documentation and logging along the way.
Until recently, the Co3 Systems service focused on breaches with privacy implications. Those are really tough, and the system is worth a huge amount in dealing with those. Privacy breaches have technical, management and upstream liability issues associated with them, and a seemingly small breach can cost the organization a disproportionate amount to contain, analyze, manage and report properly. A strong aspect of the service is its ability to run simulations - as when the team conducts exercises to prepare for the real thing. But, another benefit of this tool's simulations is the ability to uncover weaknesses that can be corrected prior to an incident, thus preventing the impact of the incident in the first place.
Adding the Security Module covers other types of incidents that may or may not have privacy implications. With that addition to this otherwise fine suite of services, Co3 Systems has done better than a home-run...it has knocked one out of the park.
At a glance
Product: Co3 Security Module and Co3 Privacy Module
Company: Co3 Systems
Price: Annual subscriptions start at $20K/year.
What it does: Cloud service that automates incident response.
What we liked: Complete coverage of the incident response lifecycle - from planning through management to reporting - all in a single, cloud-based service.
What we didn't like: Nothing. With the addition of the Security Module, this tool covers the bases.