Resilient Systems, profile picture
Uploaded byResilient Systems
PPTX, PDF414 views

By Popular Demand: Co3's Latest and Greatest Features

The webinar discusses Co3 Systems' incident response management software, highlighting its latest features including threat intelligence integration, easy customization, and streamlined collaboration across departments. Attendees can learn about real-time incident response planning, automated escalation processes, and the use of various dashboards for reporting and analysis. The session also emphasizes best practices for handling security incidents and improving organizational readiness.

Embed presentation

Downloaded 15 times
WEBINAR
WEBINAR
Slide 3 Agenda • Introductions • Who Are We • Latest & Greatest Features – Threat Intelligence – SIEM Integrations – Easy Customization – Preview: Custom Action Framework • Questions
Slide 4 Introductions • Ted Julian, Chief Marketing Officer, Co3 Systems • Tim Armstrong, Incident Response Specialist, Co3 Systems
About Co3 – Incident Response Management Slide 5 MITIGATE Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization ASSESS Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Correlate threat intelligence • Track incidents, maintain logbook • Prioritize activities based on criticality • Generate assessment summaries PREPARE Improve Organizational Readiness • Appoint team members • Fine-tune response SOPs • Escalate from existing systems • Run simulations (firedrills / table tops) MANAGE Contain, Eradicate, and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling • Log evidence
AUTOMATED ESCALATION WEB FORM TROUBLE TICKETING ENTRY WIZARD SIEM EMAIL Slide 6 Co3 IRMS INCIDENT RESPONSE PLAN INSTANT CREATION & STREAMLINED COLLABORATION HR IT LEGAL/ COMPLIANCE MARKETING PLAN SYNTHESIS CONTRACTUAL REQUIREMENTS COMMUNITY BEST PRACTICES INDUSTRY STANDARD FRAMEWORKS ORGANIZATIONAL SOPS GLOBAL PRIVACY BREACH REGULATIONS PLAN ENRICHMENT PROCESS MALWARE SAMPLE IP DNS NAME NAME ADDRESS DASHBOARDS AND REPORTING AUDITOR DASHBOARD UTILIZATION INCIDENT TIMELINE / STATUS CSO DASHBOARD TEAM INCIDENTS BY TYPE OVER TIME ACCELERATED MITIGATION CUSTOM ACTION FRAMEWORK
■
Integrated Threat Intelligence New Threat Intelligence Feeds: • Virus Total • WHOIS • GEOIP Slide 8
Integrated Threat Intelligence Virus Total • Provides results from 55 Anti-virus engines • Uses VT API key for results • Can even upload files Slide 9
Integrated Threat Intelligence GEO IP • Locates the latitude and longitude of an IP • Plots on Google map Slide 10
Integrated Threat Intelligence WHOIS Lookups • Detailed insights on all kinds of servers Slide 11
POLL
■
Slide 14 SIEM Integration • Manual and Automatic Incident Escalation • Threat Artifact submission • Bidirectional communication • Supports HP ArcSight, IBM Security QRadar, and many others
■
Slide 16 Easy Customization • Simple interface • Drag and drop, button-based interaction • Numerous areas of the UI • No programming / coding required
Slide 17 Custom Fields • Any number of fields • Supports drop-downs, text, multi-selects, and more • Can be used for alerting, sorting, reporting
Slide 18 Custom Workflows • Create a library of response plans quickly • SOP for any number of response teams • Operationalize static plans • Report on their success, SLA’s, etc
Slide 19 Conditional sections • Collect only the relevant details for each incident type • Ask the right questions • Make fields required on open, close, or optional • Create templates
POLL
SNEAK PREVIEW
Connecting people, process, and technology for times of crisis AUTOMATED ESCALATION WEB FORM TROUBLE TICKETING ENTRY WIZARD SIEM INCIDENT RESPONSE PLAN INSTANT CREATION Custom Action Framework Gather information and execute response plan tasks. Slide 22 & STREAMLINED COLLABORATION HR IT LEGAL/ COMPLIANCE MARKETING PLAN SYNTHESIS CONTRACTUAL REQUIREMENTS COMMUNITY BEST PRACTICES INDUSTRY STANDARD FRAMEWORKS ORGANIZATIONAL SOPS GLOBAL PRIVACY BREACH REGULATIONS PLAN ENRICHMENT PROCESS MALWARE SAMPLE IP DNS NAME NAME ADDRESS EMAIL DASHBOARDS AND REPORTING AUDITOR DASHBOARD INCIDENT TIMELINE / STATUS CSO DASHBOARD TEAM UTILIZATION INCIDENTS BY TYPE OVER TIME ACCELERATED MITIGATION CUSTOM ACTION FRAMEWORK
Slide 23 CAF Use Cases Pull all employee details (name, dept, role, etc.) • Trigger: Adding username artifact • Action: Query directory for details, store results in artifact description Kick off automatic Splunk / SIEM searches • Trigger: new host/IP IOCs • Action: Splunk/SIEM API search request Automatic malware sandboxing • Trigger: Adding a new malware artifact/PE file artifact. • Action: Sends malware to internal sandbox. Returns URL to results. Have we ever seen this hash before on our systems? • Trigger: Adding a new hash artifact • Action: Queries our internal application whitelisting logs, returns list of machines who have also executed this file or seen this hash.
■
Slide 25 Upcoming Co3 Events • How The Grinch Stole Black Friday: Co3's 2014 Annual Review & Predictions, December 18, 2014, 1 pm EST
One Alewife Center, Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE “One of the hottest products at RSA…” NETWORK WORLD – FEBRUARY 2013 “Co3…defines what software packages for privacy look like.” GARTNER “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE
“Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” – PC Magazine, Editor’s Choice Most Innovative Product Slide 27 “One of the most important startups in security…” – Business Insider “Platform is comprehensive, user friendly, and very well designed.” – Ponemon Institute “One of the hottest products at RSA…” – Network World “...an invaluable weapon when responding to security incidents.” – Government Computer News “Co3 has done better than a home-run... it has knocked one out of the park.” – SC Magazine

More Related Content

PPTX
Incident response
byAnshul Gupta
 
PPTX
Co3's Annual Review & Predictions Webinar
byResilient Systems
 
PDF
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
byResilient Systems
 
PPTX
You've Been Breached: How To Mitigate The Incident
byResilient Systems
 
PDF
Incident Response: Don't Mess It Up, Here's How To Get It Right
byResilient Systems
 
PPTX
How To Build An Incident Response Function
byResilient Systems
 
PDF
5 Steps to Improve Your Incident Response Plan
byResilient Systems
 
PPTX
Incident Response in the age of Nation State Cyber Attacks
byResilient Systems
 
Incident response
byAnshul Gupta
 
Co3's Annual Review & Predictions Webinar
byResilient Systems
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
byResilient Systems
 
You've Been Breached: How To Mitigate The Incident
byResilient Systems
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
byResilient Systems
 
How To Build An Incident Response Function
byResilient Systems
 
5 Steps to Improve Your Incident Response Plan
byResilient Systems
 
Incident Response in the age of Nation State Cyber Attacks
byResilient Systems
 

What's hot

PPTX
The Six Stages of Incident Response - Auscert 2016
byAshley Deuble
 
PDF
Is Cyber Resilience Really That Difficult?
byJohn Gilligan
 
PPTX
Incident Response: Security's Special Teams
byResilient Systems
 
PPTX
Vulnerability management today and tomorrow
byJonathan Sinclair
 
PDF
Setting up CSIRT
byAPNIC
 
PPTX
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
PDF
Vulnerability Management – Opportunities and Challenges!
byOutpost24
 
PPT
Blue Ocean IT Security
byJonathan Sinclair
 
PDF
The Cloud is in the details webinar - Rothke
byBen Rothke
 
PDF
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
bycentralohioissa
 
PPTX
Making Sense of Threat Reports
byDLT Solutions
 
PDF
CSIRT_16_Jun
byCandan BOLUKBAS
 
PPTX
Webinar: Critical Steps For NIST Compliance
byWithum
 
PPTX
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
byNorth Texas Chapter of the ISSA
 
PDF
Outpost24 Webinar - Common wireless security threats and how to avoid them
byOutpost24
 
PPTX
Building an application security program
byOutpost24
 
PPTX
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
byNorth Texas Chapter of the ISSA
 
PDF
Cyber Rangers S1 E2
byJudyEvans8
 
PPTX
It and-cyber-module-2
byMarneil Sanchez
 
PPTX
Outpost24 webinar: Risk-based approach to security assessments
byOutpost24
 
The Six Stages of Incident Response - Auscert 2016
byAshley Deuble
 
Is Cyber Resilience Really That Difficult?
byJohn Gilligan
 
Incident Response: Security's Special Teams
byResilient Systems
 
Vulnerability management today and tomorrow
byJonathan Sinclair
 
Setting up CSIRT
byAPNIC
 
Top Cybersecurity Challenges Facing Your Business
byNicholas Davis
 
Vulnerability Management – Opportunities and Challenges!
byOutpost24
 
Blue Ocean IT Security
byJonathan Sinclair
 
The Cloud is in the details webinar - Rothke
byBen Rothke
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
bycentralohioissa
 
Making Sense of Threat Reports
byDLT Solutions
 
CSIRT_16_Jun
byCandan BOLUKBAS
 
Webinar: Critical Steps For NIST Compliance
byWithum
 
NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal
byNorth Texas Chapter of the ISSA
 
Outpost24 Webinar - Common wireless security threats and how to avoid them
byOutpost24
 
Building an application security program
byOutpost24
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
byNorth Texas Chapter of the ISSA
 
Cyber Rangers S1 E2
byJudyEvans8
 
It and-cyber-module-2
byMarneil Sanchez
 
Outpost24 webinar: Risk-based approach to security assessments
byOutpost24
 

Viewers also liked

PDF
Enterprise software needs a PaaS
byhmalphettes
 
PPTX
Quotes ~ Inspiration
bySO! What? SOcial.
 
PPTX
Case Study: Pharmaceutical Track And Trace System in Turkey
byİlaç Takip Sistemi (İTS)
 
PPTX
You're Breached: Information Risk Analysis for Today's Threat Landscape
byResilient Systems
 
PPTX
Tutorial
byJuandavid Rua Reyes
 
DOCX
Industry overview
bySahil Bansal
 
PPTX
Majestic auto limited
bySanjeev Ranjan
 
PDF
The last part of the analysis will examine the relationship between MPG and o...
bywamorena lempadi
 
PDF
Addsource introduction
byDavid Dovman
 
PPTX
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
byResilient Systems
 
PDF
Brochure Womens Leadership Programme
byhelenhouman
 
PPTX
Guida Introduttiva a Facebook
byEmanuele Pulli
 
PPTX
Presentaties buzzynet mkt12
bymarketingdag2012
 
PPTX
Html links
byDenni Domingo
 
PDF
Intalio create and cloudfoudry - short
byhmalphettes
 
PDF
Brochure - womens leadership programme
byhelenhouman
 
PDF
Riders app
byIgor Debatur
 
Enterprise software needs a PaaS
byhmalphettes
 
Quotes ~ Inspiration
bySO! What? SOcial.
 
Case Study: Pharmaceutical Track And Trace System in Turkey
byİlaç Takip Sistemi (İTS)
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
byResilient Systems
 
Tutorial
byJuandavid Rua Reyes
 
Industry overview
bySahil Bansal
 
Majestic auto limited
bySanjeev Ranjan
 
The last part of the analysis will examine the relationship between MPG and o...
bywamorena lempadi
 
Addsource introduction
byDavid Dovman
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
byResilient Systems
 
Brochure Womens Leadership Programme
byhelenhouman
 
Guida Introduttiva a Facebook
byEmanuele Pulli
 
Presentaties buzzynet mkt12
bymarketingdag2012
 
Html links
byDenni Domingo
 
Intalio create and cloudfoudry - short
byhmalphettes
 
Brochure - womens leadership programme
byhelenhouman
 
Riders app
byIgor Debatur
 

Similar to By Popular Demand: Co3's Latest and Greatest Features

PPTX
How to Build a Successful Incident Response Program
byResilient Systems
 
PDF
EU Cyber Attacks And The Incident Response Imperative
byResilient Systems
 
PDF
Today's Breach Reality, The IR Imperative, And What You Can Do About It
byResilient Systems
 
PDF
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
byCODE BLUE
 
PPTX
Putting the Human Back in the Loop for Analysis
byAndy Piazza
 
PDF
How To Stop Target-Like Breaches In Their Tracks
byResilient Systems
 
PDF
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
PPTX
Ch2-Incident Response Process.pptxIncident Response Process
bySuhail Qadir Mir
 
PDF
Are We Breached How to Effectively Assess and Manage Incidents
byResilient Systems
 
PPTX
Customer Favorite Features: Popular Co3 Product Updates & A Special Promotion
byResilient Systems
 
PPTX
chapter on Incident Response Management.
bySuhail Qadir Mir
 
PDF
Incident Response: How To Prepare
byResilient Systems
 
PDF
CNIT 152: 3 Pre-Incident Preparation
bySam Bowne
 
PPTX
Information Security: Advanced SIEM Techniques
byReliaQuest
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
PPTX
InfraGard Webinar March 2016 033016 A
byWard Pyles
 
PDF
Aujas incident management webinar deck 08162016
byKarl Kispert
 
PDF
Cloud Forensics and Incident Response Training.pdf
byChristopher Doman
 
PDF
SecurityOperations
byAntonio (Tony) Robinson
 
PDF
INCIDENT RESPONSE CONCEPTS
bySylvain Martinez
 
How to Build a Successful Incident Response Program
byResilient Systems
 
EU Cyber Attacks And The Incident Response Imperative
byResilient Systems
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
byResilient Systems
 
[cb22] Keynote: Underwhelmed: Making Sense of the Overwhelming Challenge of C...
byCODE BLUE
 
Putting the Human Back in the Loop for Analysis
byAndy Piazza
 
How To Stop Target-Like Breaches In Their Tracks
byResilient Systems
 
Ch5-Incident Response Management.pdfncident Response Management.
bySuhail Qadir Mir
 
Ch2-Incident Response Process.pptxIncident Response Process
bySuhail Qadir Mir
 
Are We Breached How to Effectively Assess and Manage Incidents
byResilient Systems
 
Customer Favorite Features: Popular Co3 Product Updates & A Special Promotion
byResilient Systems
 
chapter on Incident Response Management.
bySuhail Qadir Mir
 
Incident Response: How To Prepare
byResilient Systems
 
CNIT 152: 3 Pre-Incident Preparation
bySam Bowne
 
Information Security: Advanced SIEM Techniques
byReliaQuest
 
Today's Cyber Challenges: Methodology to Secure Your Business
byJoAnna Cheshire
 
InfraGard Webinar March 2016 033016 A
byWard Pyles
 
Aujas incident management webinar deck 08162016
byKarl Kispert
 
Cloud Forensics and Incident Response Training.pdf
byChristopher Doman
 
SecurityOperations
byAntonio (Tony) Robinson
 
INCIDENT RESPONSE CONCEPTS
bySylvain Martinez
 

More from Resilient Systems

PDF
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
byResilient Systems
 
PDF
Encryption: Who, What, When, Where, and Why It's Not a Panacea
byResilient Systems
 
PPTX
The Target Breach - Follow The Money EU
byResilient Systems
 
PDF
How To Turbo-Charge Incident Response With Threat Intelligence
byResilient Systems
 
PPTX
New CISO - The First 90 Days
byResilient Systems
 
PDF
The Target Breach – Follow The Money
byResilient Systems
 
PDF
A Breach Carol: 2013 Review, 2014 Predictions
byResilient Systems
 
PDF
Treat a Breach Like a Customer, Not a Compliance Issue
byResilient Systems
 
PDF
Anatomy Of A Breach: The Good, The Bad & The Ugly
byResilient Systems
 
PPTX
How To Turbo-Charge Incident Response With Threat Intelligence
byResilient Systems
 
PPTX
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
byResilient Systems
 
PPTX
The Patriot Act and Cloud Security - Busting the European FUD
byResilient Systems
 
PDF
SEC Cybersecurity Disclosure Guidelines
byResilient Systems
 
PDF
Looking Forward - Regulators and Data Incidents
byResilient Systems
 
PDF
Breached! App Attacks, Application Protection and Incident Response
byResilient Systems
 
PDF
Introducing Co3's Security Incident Response Module
byResilient Systems
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
byResilient Systems
 
Encryption: Who, What, When, Where, and Why It's Not a Panacea
byResilient Systems
 
The Target Breach - Follow The Money EU
byResilient Systems
 
How To Turbo-Charge Incident Response With Threat Intelligence
byResilient Systems
 
New CISO - The First 90 Days
byResilient Systems
 
The Target Breach – Follow The Money
byResilient Systems
 
A Breach Carol: 2013 Review, 2014 Predictions
byResilient Systems
 
Treat a Breach Like a Customer, Not a Compliance Issue
byResilient Systems
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
byResilient Systems
 
How To Turbo-Charge Incident Response With Threat Intelligence
byResilient Systems
 
Deeper Security, Broader Privacy - how firms use the latest Co3 features to a...
byResilient Systems
 
The Patriot Act and Cloud Security - Busting the European FUD
byResilient Systems
 
SEC Cybersecurity Disclosure Guidelines
byResilient Systems
 
Looking Forward - Regulators and Data Incidents
byResilient Systems
 
Breached! App Attacks, Application Protection and Incident Response
byResilient Systems
 
Introducing Co3's Security Incident Response Module
byResilient Systems
 

Recently uploaded

PDF
VD 570 - Robust Inline Flow Meter From CS-Instruments
byCS Instruments
 
PDF
𝐋𝐚𝐮𝐧𝐜𝐡 𝐘𝐨𝐮𝐫 𝐎𝐰𝐧 𝐀𝐥𝐥 𝐢𝐧 𝐎𝐧𝐞 𝐃𝐞𝐥𝐢𝐯𝐞𝐫𝐲 𝐀𝐩𝐩 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦 𝐋𝐢𝐤𝐞 𝐆𝐥𝐨𝐯𝐨
byV3CUBE TECHNOLABS
 
PDF
Affordable Way to Buy Verified Airbnb Accounts in Bulk (2).pdf
byzuhd454
 
PDF
Serhii Herasymov: Expert sales in outsource companies: your technical special...
byLviv Startup Club
 
DOCX
Buy verified Sell YouTube Channels in 2026.docx
bymarketing
 
PDF
Iryna Rudenko: Follow the Money: How Investment Trends Define IT Niches (UA)
byLviv Startup Club
 
DOCX
SEO's & Digital Marketing Case Study 2026
bypalwasha57
 
PPTX
Levels of Management: Top, Middle and Lower Management Explained
bychrispshajugig
 
PDF
Why Should You Consider Buying Verified LinkedIn Accounts_.pdf
byusatophub96
 
PDF
Comments on Ultra Map Section II Multifaceted Second Edition.pdf
byBrij Consulting, LLC
 
PDF
Guide to Safely Buying Gmail Accounts for Safely-Aged.pdf
bysmartusapva.com
 
PDF
Ultra Map Section II Multifaceted Second Edition.pdf
byBrij Consulting, LLC
 
PDF
Stablecoins beyond narrow banking - Lombard Notes
byGiorgio Giuliani
 
PDF
What Is the Fastest Way to Buy Facebook Accounts.pdf
byFacebook Accounts
 
PDF
Fraud Warning MOALA WALLET Exchange Exposed
byTraderKnows.com
 
DOCX
Buy Verified Cash App Accounts In The Us
bysebastianparsonst8
 
PDF
Andria Sergio - Known For Her Accuracy And Professionalism
byAndria Sergio
 
PDF
Lessons on Branding from the Team Behind the World's Biggest Brands
byNeil Horowitz
 
PDF
Prasenjit Bhaumik Plano - Proficient In JavaScript, Python, And Database Mana...
byPrasenjit Bhaumik Plano
 
PDF
LCP-consultation-response-to-TPR-CDC-code-of-practice.pdf
byHenry Tapper
 
VD 570 - Robust Inline Flow Meter From CS-Instruments
byCS Instruments
 
𝐋𝐚𝐮𝐧𝐜𝐡 𝐘𝐨𝐮𝐫 𝐎𝐰𝐧 𝐀𝐥𝐥 𝐢𝐧 𝐎𝐧𝐞 𝐃𝐞𝐥𝐢𝐯𝐞𝐫𝐲 𝐀𝐩𝐩 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦 𝐋𝐢𝐤𝐞 𝐆𝐥𝐨𝐯𝐨
byV3CUBE TECHNOLABS
 
Affordable Way to Buy Verified Airbnb Accounts in Bulk (2).pdf
byzuhd454
 
Serhii Herasymov: Expert sales in outsource companies: your technical special...
byLviv Startup Club
 
Buy verified Sell YouTube Channels in 2026.docx
bymarketing
 
Iryna Rudenko: Follow the Money: How Investment Trends Define IT Niches (UA)
byLviv Startup Club
 
SEO's & Digital Marketing Case Study 2026
bypalwasha57
 
Levels of Management: Top, Middle and Lower Management Explained
bychrispshajugig
 
Why Should You Consider Buying Verified LinkedIn Accounts_.pdf
byusatophub96
 
Comments on Ultra Map Section II Multifaceted Second Edition.pdf
byBrij Consulting, LLC
 
Guide to Safely Buying Gmail Accounts for Safely-Aged.pdf
bysmartusapva.com
 
Ultra Map Section II Multifaceted Second Edition.pdf
byBrij Consulting, LLC
 
Stablecoins beyond narrow banking - Lombard Notes
byGiorgio Giuliani
 
What Is the Fastest Way to Buy Facebook Accounts.pdf
byFacebook Accounts
 
Fraud Warning MOALA WALLET Exchange Exposed
byTraderKnows.com
 
Buy Verified Cash App Accounts In The Us
bysebastianparsonst8
 
Andria Sergio - Known For Her Accuracy And Professionalism
byAndria Sergio
 
Lessons on Branding from the Team Behind the World's Biggest Brands
byNeil Horowitz
 
Prasenjit Bhaumik Plano - Proficient In JavaScript, Python, And Database Mana...
byPrasenjit Bhaumik Plano
 
LCP-consultation-response-to-TPR-CDC-code-of-practice.pdf
byHenry Tapper
 

By Popular Demand: Co3's Latest and Greatest Features

  • 1.
  • 2.
  • 3.
    Slide 3 Agenda • Introductions • Who Are We • Latest & Greatest Features – Threat Intelligence – SIEM Integrations – Easy Customization – Preview: Custom Action Framework • Questions
  • 4.
    Slide 4 Introductions • Ted Julian, Chief Marketing Officer, Co3 Systems • Tim Armstrong, Incident Response Specialist, Co3 Systems
  • 5.
    About Co3 –Incident Response Management Slide 5 MITIGATE Document Results & Improve Performance • Generate reports for management, auditors, and authorities • Conduct post-mortem • Update SOPs • Track evidence • Evaluate historical performance • Educate the organization ASSESS Identify and Evaluate Incidents • Assign appropriate team members • Evaluate precursors and indicators • Correlate threat intelligence • Track incidents, maintain logbook • Prioritize activities based on criticality • Generate assessment summaries PREPARE Improve Organizational Readiness • Appoint team members • Fine-tune response SOPs • Escalate from existing systems • Run simulations (firedrills / table tops) MANAGE Contain, Eradicate, and Recover • Generate real-time IR plan • Coordinate team response • Choose appropriate containment strategy • Isolate and remediate cause • Instruct evidence gathering and handling • Log evidence
  • 6.
    AUTOMATED ESCALATION WEBFORM TROUBLE TICKETING ENTRY WIZARD SIEM EMAIL Slide 6 Co3 IRMS INCIDENT RESPONSE PLAN INSTANT CREATION & STREAMLINED COLLABORATION HR IT LEGAL/ COMPLIANCE MARKETING PLAN SYNTHESIS CONTRACTUAL REQUIREMENTS COMMUNITY BEST PRACTICES INDUSTRY STANDARD FRAMEWORKS ORGANIZATIONAL SOPS GLOBAL PRIVACY BREACH REGULATIONS PLAN ENRICHMENT PROCESS MALWARE SAMPLE IP DNS NAME NAME ADDRESS DASHBOARDS AND REPORTING AUDITOR DASHBOARD UTILIZATION INCIDENT TIMELINE / STATUS CSO DASHBOARD TEAM INCIDENTS BY TYPE OVER TIME ACCELERATED MITIGATION CUSTOM ACTION FRAMEWORK
  • 7.
  • 8.
    Integrated Threat Intelligence New Threat Intelligence Feeds: • Virus Total • WHOIS • GEOIP Slide 8
  • 9.
    Integrated Threat Intelligence Virus Total • Provides results from 55 Anti-virus engines • Uses VT API key for results • Can even upload files Slide 9
  • 10.
    Integrated Threat Intelligence GEO IP • Locates the latitude and longitude of an IP • Plots on Google map Slide 10
  • 11.
    Integrated Threat Intelligence WHOIS Lookups • Detailed insights on all kinds of servers Slide 11
  • 12.
  • 13.
  • 14.
    Slide 14 SIEMIntegration • Manual and Automatic Incident Escalation • Threat Artifact submission • Bidirectional communication • Supports HP ArcSight, IBM Security QRadar, and many others
  • 15.
  • 16.
    Slide 16 EasyCustomization • Simple interface • Drag and drop, button-based interaction • Numerous areas of the UI • No programming / coding required
  • 17.
    Slide 17 CustomFields • Any number of fields • Supports drop-downs, text, multi-selects, and more • Can be used for alerting, sorting, reporting
  • 18.
    Slide 18 CustomWorkflows • Create a library of response plans quickly • SOP for any number of response teams • Operationalize static plans • Report on their success, SLA’s, etc
  • 19.
    Slide 19 Conditionalsections • Collect only the relevant details for each incident type • Ask the right questions • Make fields required on open, close, or optional • Create templates
  • 20.
  • 21.
  • 22.
    Connecting people, process,and technology for times of crisis AUTOMATED ESCALATION WEB FORM TROUBLE TICKETING ENTRY WIZARD SIEM INCIDENT RESPONSE PLAN INSTANT CREATION Custom Action Framework Gather information and execute response plan tasks. Slide 22 & STREAMLINED COLLABORATION HR IT LEGAL/ COMPLIANCE MARKETING PLAN SYNTHESIS CONTRACTUAL REQUIREMENTS COMMUNITY BEST PRACTICES INDUSTRY STANDARD FRAMEWORKS ORGANIZATIONAL SOPS GLOBAL PRIVACY BREACH REGULATIONS PLAN ENRICHMENT PROCESS MALWARE SAMPLE IP DNS NAME NAME ADDRESS EMAIL DASHBOARDS AND REPORTING AUDITOR DASHBOARD INCIDENT TIMELINE / STATUS CSO DASHBOARD TEAM UTILIZATION INCIDENTS BY TYPE OVER TIME ACCELERATED MITIGATION CUSTOM ACTION FRAMEWORK
  • 23.
    Slide 23 CAFUse Cases Pull all employee details (name, dept, role, etc.) • Trigger: Adding username artifact • Action: Query directory for details, store results in artifact description Kick off automatic Splunk / SIEM searches • Trigger: new host/IP IOCs • Action: Splunk/SIEM API search request Automatic malware sandboxing • Trigger: Adding a new malware artifact/PE file artifact. • Action: Sends malware to internal sandbox. Returns URL to results. Have we ever seen this hash before on our systems? • Trigger: Adding a new hash artifact • Action: Queries our internal application whitelisting logs, returns list of machines who have also executed this file or seen this hash.
  • 24.
  • 25.
    Slide 25 UpcomingCo3 Events • How The Grinch Stole Black Friday: Co3's 2014 Annual Review & Predictions, December 18, 2014, 1 pm EST
  • 26.
    One Alewife Center,Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE “One of the hottest products at RSA…” NETWORK WORLD – FEBRUARY 2013 “Co3…defines what software packages for privacy look like.” GARTNER “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE
  • 27.
    “Co3 makes theprocess of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” – PC Magazine, Editor’s Choice Most Innovative Product Slide 27 “One of the most important startups in security…” – Business Insider “Platform is comprehensive, user friendly, and very well designed.” – Ponemon Institute “One of the hottest products at RSA…” – Network World “...an invaluable weapon when responding to security incidents.” – Government Computer News “Co3 has done better than a home-run... it has knocked one out of the park.” – SC Magazine

Editor's Notes

  • #6 Adapted from the standard Emergency Response Process of : Prepare Respond Recover Mitigate
  • #7 “Let’s take a look at how each of the components work.....”
  • #13 Very Somewhat Don’t know Not so much
  • #21 Crucial to our success Important, but not a top requirement Not critical today, but it will be later Not important
  • #23 “Let’s take a look at how each of the components work.....”