Co3's Annual Review & Predictions Webinar

WEBINAR

We’ll Get Started Shortly

Co3's Annual Review & Predictions Webinar

WEBINAR

Slide 3

Agenda

• Introductions

• Who Are We

• Review & Predictions

• Q&A

Slide 4

Introductions

• Ted Julian, CMO, Co3 Systems

• Bruce Schneier, CTO, Co3 Systems

• Jon Oltsik, Principal Analyst, ESG

• Gant Redmon, General Counsel, Co3 Systems

Slide 5

• He is a successful serial entrepreneur, and has launched multiple start-ups in the security and compliance industry

• Was once named “Geek of the Week” by The Boston Globe, and has also appeared on CNN and ABC News as well as in the Wall Street Journal and USA Today

• Fun Fact: He is an avid long-distance runner

Ted Julian, CMO, Co3 Systems

Slide 6

• An internationally renowned security technologist and cryptographer, aka the “Security Guru”

• He has authored 12 books (another being released in February 2015), he maintains a blog “Schneier on Security,” and sends a monthly newsletter “Crypto-Gram”

• Fun Fact: He makes his own absinthe

Bruce Schneier, CTO, Co3 Systems

Slide 7

Jon Oltsik, Principal Analyst, ESG

• He is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO’s perspective and strategies

• Writer for Network World on his series “Networking Nuggets and Security Snippets”

• Fun Fact: He plays guitar in a rock-and-roll cover band

Slide 8

Gant Redmon, General Counsel, Co3 Systems

• He has practiced law for 19 years; 15 of those years as in-house counsel for security software companies

• He was appointed membership on President Clinton’s Export Council Subcommittee on Encryption (PECSENC)

• Fun Fact: He plays soccer at 6 AM four times per week

Slide 9

About Co3 – Incident Response Management

MITIGATEDocument Results &

Improve Performance• Generate reports for management, auditors, and authorities • Conduct post-mortem• Update SOPs• Track evidence• Evaluate historical performance• Educate the organization

ASSESSIdentify and Evaluate Incidents• Assign appropriate team members• Evaluate precursors and indicators• Correlate threat intelligence• Track incidents, maintain logbook• Prioritize activities based on criticality• Generate assessment summaries

PREPAREImprove Organizational Readiness• Appoint team members• Fine-tune response SOPs • Escalate from existing systems• Run simulations (firedrills / table tops)

MANAGEContain, Eradicate, and Recover• Generate real-time IR plan• Coordinate team response• Choose appropriate containment strategy• Isolate and remediate cause• Instruct evidence gathering and handling• Log evidence

Slide 10

Co3 Incident Response Management System (IRMS)

INCIDENT RESPONSE PLAN INSTANT CREATION & STREAMLINED COLLABORATION

HR IT

LEGAL/COMPLIANCE

MARKETING

PLAN SYNTHESIS

COMMUNITYBEST

PRACTICES

INDUSTRY STANDARD

FRAMEWORKS

ORGANIZATIONALSOPS

GLOBAL PRIVACY BREACH REGULATIONS

CONTRACTUALREQUIREMENTS

ACCELERATED MITIGATION CUSTOM ACTION FRAMEWORK

AUTOMATED ESCALATION WEB FORM TROUBLE TICKETING ENTRY WIZARD SIEM

PLAN ENRICHMENT

MALWARE SAMPLE

IP ADDRESS

DNS NAME

PROCESS NAME

EMAIL

DASHBOARDS AND REPORTING

INCIDENT TIMELINE /

STATUS

CSO DASHBOARD

AUDITOR DASHBOARD

TEAM UTILIZATION

INCIDENTS BY TYPE

OVER TIME

■ Cyber Threats

Slide 12

• 2014: Started with Target, ended with Sony

• Targeted vs. opportunistic attacks

• New motivations: Financial, IP, revenge

• Blended threats and impacts

• Increase in post-breach lawsuits

• Security practices on trial after a breach

• Individual privacy breaches

• Vulnerabilities in open source – ShellShock, Heartbleed

• Nation-state malware

Cyber Threats - Trends

Slide 13

• Is Sony’s CEO next to be fired?

• Boardroom will focus more on security

• Expect the unexpected

• Measurement changes – and more accountability

Cyber Threats - Predictions

■ IT Trends & Cybersecurity

Slide 15

• Ongoing loss of control, broader threat landscape

• Larger focus on cloud security – e.g. Apple iPhoto hack

• Need for greater control over identity and data

• Whistleblower Rock Stars

• Open source vulnerabilities

IT Trends & Cybersecurity - Trends

Slide 16

• Spying fears change vendor landscape

• Stricter security terms in contracts

• Economic impact on U.S. vendors internationally

• New book from Bruce!

IT Trends & Cybersecurity - Predictions

What talked-about trend of 2014 gave you the biggest headaches?

POLL

■ Professional Development

Slide 19

• Vacancy rate is at 22 percent. Employee shortage is in the millions

• Hyper-inflation of security salaries, more outsourcing for smaller businesses

• Industry isn’t building next generation of security leaders

• Collaboration with PR, HR, legal is more important than ever

• Basic analysis skills – like malware – are in demand, as are mobile and cloud skills

Professional Development - Trends

Slide 20

• Skills shortage gets worse next year

• More demand = less accountability

Professional Development - Predictions

■ The Business of Security

Slide 22

• Security professionals struggle to relate issues to boardroom

• Healthcare’s security risk: Conversations happening at the boardroom level

• Cybercriminals seek more details on individuals

The Business of Security - Trends

Slide 23

• Marketing and legal professionals may take over CISO roles

• More people problems than tech problems

The Business of Security - Predictions

What’s at the top of your organization’s security holiday wish list?

POLL

■ Privacy

Slide 26

Privacy - Review

• Safe Harbor Alive and Well – The 13 Principles from the European Commission are not too specific or onerous.

• Usernames and passwords– May the country follow California…again

–  S.B. 46, which amends Sections 1798.29 and 1798.82 of the Civil Code to require businesses and state agencies to notify consumers if their login credentials are compromised by a data breach

• Kentucky

• FCC gets into privacy enforcement– Plans $10M in fines against TerraCom and YourTel

Slide 27

Privacy - Predictions

• Target scale breach in the EU– Fodder for EU regs.

– Bigger than University of Limerick

• Backlash on click-through boilerplate. – Not sufficient to opt-in.

– Contract considered illusory.

– Companies have to try again with a different approach: clear and concise language.

Slide 28

Privacy - Predictions

• People realize that losing their credit card numbers is not identity theft.

– This leads to less concern over credit monitoring.

• No follow the leader - TX and CA

• No unified EU breach notice in 2015.

• More US uniform notification bills filed early in 2015…and they will all die by October

■ Questions?

Slide 30

Upcoming Co3 Events

• Data Breach Crisis Communications: 2014 – The Year of the Data Breach, in Review

– January 8, 2015, 1 pm EST

• You’ve Been Breached: How to Mitigate the Incident – January 21, 2015, 12 pm EST

Slide 31

“Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”

– PC Magazine, Editor’s Choice

“Platform is comprehensive, user friendly, and very well designed.”

– Ponemon Institute

“One of the most important startups in security…”

– Business Insider

“One of the hottest products at RSA…”– Network World

“...an invaluable weapon when responding to security incidents.”

– Government Computer News

“Co3 has done better than a home-run...it has knocked one out of the park.”

– SC Magazine

Most Innovative Product

Slide 32