New security tools from Tenable, HP, Co3 attempt the impossible

Automated incident response promises total network security by combining threat detection, prevention and response.

1 2 Page 2
Page 2 of 2

Co3 Security Module

The Co3 Security Module began life on the incident response side of the house, and it remains well ahead of everyone else in that area, even as it begins to branch out into detection and monitoring. In fact, there is no reason that the Security Module couldn't be implemented as part of an overall security plan to shore up responses to intrusions, even if other methods of detection and continuous monitoring are also employed.

The idea behind Security Module is that most organizations don't know what the proper, and sometimes legally mandated, response is to an intrusion or data theft. Companies may move in and patch a hole, but they may be dropping the ball if they also need to inform certain authorities about the incident. Beyond just the legal requirements, there are several best practices guidelines that should probably be adhered to as well.

The Security Module goes well beyond just patching up the network in the event of an incident. It checks all the valid regulations that apply and spells out exactly which ones need to be dealt with based on the type of data that has potentially been compromised, the location of the breach, how large a data theft is possible and whether the loss is the result of an actual attack or an accident.

A proper response in the state of Tennessee may be completely different from what needs to be done in California, Canada or Europe. The Security Module is kept up to date with all state and federal regulations in the United States and those from Asia, Europe and South America. It even keeps best practice responses on file for major trade organizations, so nothing is left to chance. All of that data is kept up to date by a team of researchers so that the day that a new data security law goes into effect in Ohio, the program will reflect that new information if an intrusion involves that state.

Although we did not test it, Co3 also makes a Privacy Module program that follows this same pattern, but works with the loss or theft of personally identifiable information. Given how much data mingles in databases these days, it's probably a good idea to have both.

Out of the box, the Security Module comes configured with the names and contact information for the various people and organizations that should be contacted to report various incidents. The contact information of people inside a company that should be involved in a security response need to be added in, and can be done so ahead of time or on the fly as an incident happens.

At the simplest level, a security professional simply enters in all the known information about a loss of data and the program generates the proper response plan, or asks more questions until a perfect plan can be formulated. In a lot of ways it works like an expert system and is very easy to use by simply checking the needed boxes.

The Security Module also can open up security monitoring to everyone on a network. Users can report suspicious activity, like their computers booting up slowly, or if they received a suspicious e-mail that might be part of a phishing campaign trying to snoop passwords. Security personnel often have more options when detailing an incident, such as logging the IP addresses of attackers. That is where threat monitoring and intelligence is starting to come into play. Reports are automatically checked against known threats, so that the Security Module will alert administrators if the network is under a known attack and help to plan the response accordingly.

We tested the program along every step of the chain, from a normal user through to a security response team. We detailed several incidents from a phishing e-mail campaign to a user who clicked on a suspicious link to a user who lost a laptop containing unencrypted personal and medical information, plus quite a few other scenarios.

In all cases we were told exactly who to contact, and how long we had to tell the proper authorities what was going on with our network. In each case we were also given the most current information for government officials and organizations. For example, in one case we were warned that the United States Department of Homeland Security needed to be notified within 60 minutes of discovering the loss of a particular type of information.

Of the programs in this review, the Co3 Security Module is the least automated. Most incidents require that someone report a problem. The program encourages this by the implementation of a sandbox mode where users can practice reporting incidents without having them actually get logged into the system. It's possible that a well-trained group of users could provide nearly instantaneous reporting of security problems, though this would require some training and lots of voluntary participation.

Although the Co3 Security Module probably isn't ready to become the only security platform a company should implement, having it in place can streamline a lot of the sometimes chaotic activity that occurs after an attack, and can also help to ensure the least amount of legal vulnerability, especially when dealing with personal or healthcare related information. Given that it’s after an attack when most of the companies involved in recent high-profile data breaches have stumbled badly, having a built-in plan ready for almost any eventuality isn't a bad thing at all.

John Breeden II has been covering and speaking about technology for more than 20 years. He was the lab director of product testing for Government Computer News magazine for the past decade. Today he's the president of the Tech Writer's Bureau, a group of influential journalists that pen interesting technology stories and analysis pieces for a variety of publications and companies. He can be reached at

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2014 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2