The gap between breach discovery and containment continues to widen. According to the 2013 Verizon Data Breach Investigations Report, In 66% of cases (up from 56% last year), breaches can remain undiscovered for years, and in 22% of cases, it takes months to fully contain an incident. From understanding the point and methods of attack, to identifying asset impact, to coordinating notification and reporting, not only is time of the essence, but proper context is absolutely vital.
Launched earlier this year, Co3 Systems' Security Module was the first solution to provide automated, single-pane incident management in a secure, isolated environment for general security incidents across the complete organization, including malware infections, DDoS and APTs. Expanding on the effectiveness, accuracy and consistency of the base platform, the new functionality includes:
Incident artifact capture: Allows the specific attributes of an incident to be automatically integrated into the response management process for exact context. Co3 supports artifact types including, URLs, IP addresses, Malware hashes, DNS names, Log files, Emails and Malware samples.
Threat intelligence integration: Automatically searches for and correlates artifact details and context with known active campaigns to identify potential actors, means, or attack methods. Initial feeds supported by Co3 include: iSIGHT Partners, AlienVault, Abuse.ch and SANS.
Predictive control: More effectively aligns response process with specific business needs including an improved incident timeline with milestone tracking to measure organizational performance and an improved task burn-down chart to highlight problems before they occur.
Customizable task instances: Allows organizations to easily tailor response plans to their unique requirements, transforming the basis for incident response from static binders to an always up-to-date, repeatable and expert system.
"Speed and accuracy are critical in incident response," said John Bruce, CEO at Co3 Systems. "So often organizations are acting with incomplete information or incorrect assumptions. This severely impedes response activities or, in the worst case, can derail them outright. With these new capabilities, we provide responders with the tools to target their investigations and quickly understand the exact context of an attack for faster and more capable response."