Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New security tools from Tenable, HP, Co3 attempt the impossible

By John Breeden II | Aug. 12, 2014
Automated incident response is one of the fastest growing fields in computer security. Alternatively called threat monitoring, vulnerability management or threat management, it encompasses the seemingly impossible task of defending a network from active threats as they happen, in addition to detecting every possible vulnerability that could be exploited by an attacker.

Although we did not test it, Co3 also makes a Privacy Module program that follows this same pattern, but works with the loss or theft of personally identifiable information. Given how much data mingles in databases these days, it's probably a good idea to have both.

Out of the box, the Security Module comes configured with the names and contact information for the various people and organizations that should be contacted to report various incidents. The contact information of people inside a company that should be involved in a security response need to be added in, and can be done so ahead of time or on the fly as an incident happens.

At the simplest level, a security professional simply enters in all the known information about a loss of data and the program generates the proper response plan, or asks more questions until a perfect plan can be formulated. In a lot of ways it works like an expert system and is very easy to use by simply checking the needed boxes.

The Security Module also can open up security monitoring to everyone on a network. Users can report suspicious activity, like their computers booting up slowly, or if they received a suspicious e-mail that might be part of a phishing campaign trying to snoop passwords. Security personnel often have more options when detailing an incident, such as logging the IP addresses of attackers. That is where threat monitoring and intelligence is starting to come into play. Reports are automatically checked against known threats, so that the Security Module will alert administrators if the network is under a known attack and help to plan the response accordingly.

We tested the program along every step of the chain, from a normal user through to a security response team. We detailed several incidents from a phishing e-mail campaign to a user who clicked on a suspicious link to a user who lost a laptop containing unencrypted personal and medical information, plus quite a few other scenarios.

In all cases we were told exactly who to contact, and how long we had to tell the proper authorities what was going on with our network. In each case we were also given the most current information for government officials and organizations. For example, in one case we were warned that the United States Department of Homeland Security needed to be notified within 60 minutes of discovering the loss of a particular type of information.

Of the programs in this review, the Co3 Security Module is the least automated. Most incidents require that someone report a problem. The program encourages this by the implementation of a sandbox mode where users can practice reporting incidents without having them actually get logged into the system. It's possible that a well-trained group of users could provide nearly instantaneous reporting of security problems, though this would require some training and lots of voluntary participation.

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.