|By Liz McMillan||
|November 15, 2012 12:00 PM EST||
With the common theme in today's security management conversations being "your security will fail" and "expect to be breached," there's no question that there has been increased interest in the area of incident response. The industry is realizing that the addition of regulations, people, or even product features, is not going to cut it - a next generation incident response offering is needed.
To get a view of what the next-generation incident response solution might look like, Web Security Journal sat down with entrepreneur and life-long incident response veteran, Joseph Loomis, a cooperative member with the FBI and DEA's divisions on Cybercrime and founder and CEO of Phoenix-based CyberSponse.
WSJ: Tell us a little bit about yourself - why does incident response interest you enough to start a company that appears to be all IR all the time?
Joseph Loomis: The desire to help people and businesses in need is in my bones. In fact, my experience with incident response goes all the way back to my childhood days when my father and his friends saw a gap in community protection and emergency "incident" response, and in turn created an entirely new fire department for our town. What I saw was that most people aren't aware that nearly every medical emergency - even if not fire related - is responded to by the fire department. My father and his friends came up with their own incident response program - they saw the need and made it a reality. They took the bull by the horns, figured it out, and worked on it until they got it right. Watching them, I repeatedly got to see how people responded during traumatic/chaotic events.
Like my father, I too served six years in the military, an experience that allowed me to help individuals, organizations, and countries alike. Shortly after completing my service with the armed forces and attending the University of Florida for Electrical Engineering, I was working for an electronics manufacturer in California. While working as the director of engineering, I saw the need for businesses to protect their assets in the online world. In response to this need, I founded NetEnforcers, a company chartered with protecting online brands and intellectual property. After successfully growing the company and securing customers like Apple, Microsoft, Cisco, Samsung, LG and Pfizer, I sold NetEnforcers, both debt-free and very profitable. Soon after, I began to look for the next area where I could help the world become a better place.
As a formally licensed Private Investigator and a cooperative member with the FBI & DEA's divisions on Cybercrime, I have been fortunate to connect with other entrepreneurs and security industry experts that share the same goals as I do. In 2011, I looked to Spyro Malaspinas, a proven, trusted, and innovative information security leader and a long time friend, to partner with me as a co-founder for CyberSponse - a Phoenix-based company chartered with helping organizations successfully respond to the inevitable security breach. Together Spyro and I developed the business case that would make CyberSponse a reality.
WSJ: What do you see as the biggest challenge faced by organizations with respect to security incident response?
Loomis: As you can imagine, my exposure to fire response, medical response, and military response presented me with far worse situations than a firewall breach. It's safe to say that these experiences taught me how to remain calm under pressure, to recognize how important planning is, and to appreciate how critical communication is during a crisis. Relating this back to cybersecurity, I find the biggest challenge in IR is having the right information available to the right people on the IR team at the right time, and being able to communicate and collaborate throughout the entire response process.
For example, most IR programs involve the use of panicky conference calls and drawn-out email communications, both of which seem to get in the way when something really serious is happening. If you haven't been through it, it may be hard for you to understand. But think about it for a minute - speed of communication is critical during an incident. Even if the right people are included in an email thread, if the critical person is not looking at their email program when it really matters, something can get missed. Similarly, oftentimes the IR leads don't have a clear view of who's doing what and when, regardless of the communication methods used.
WSJ: If you were to pick one big thing that has to change for IR, what would that be?
Loomis: Collaborative communication. The problem is that most IR personnel only know the email/conference call method to incident response. The improvement of standard IR methods needs to be the focus of organizations. In my mind, this is exactly where IR necessitates transformation. New methods of communication need to be leveraged; we need to move things from an ad-hoc model where organizations are forced to jump the tracks, to a cohesive experience that enables teams to communicate and collaborate. We could look to "The Computer Incident Response Planning Handbook" by Neal K McCarthy as a starting point for how to begin this transformation as it is a great source for what works during IR..
WSJ: What prompted you to tackle these challenges with your founding of CyberSponse?
Loomis: I know from first-hand experience that leadership, coordination, communication, planning, and collaboration are key elements to controlling a chaotic situation. Reaching out to old friends that were familiar with security, Spyro included, we decided to form CyberSponse. After digesting the business model and vetting it and the technology plans with some great contacts in the security world, I elected to personally invest over what will be 2M when we hit the market. Our founding management team has been developed through a close network of experienced and trusted friends and partners. And, rather than building an engineering team from the ground up, we looked to a development genius who already had an experienced and functional team, Paul Janisko. He quickly joined the march, and right from the start, we found ourselves with a solid plan, a solid team, and a solid solution to a problem that is not going away.
We are well positioned to succeed and intend to make CyberSponse a reality very soon, a reality that will change the face of IR forever, a reality that will seen by the world at the upcoming launch at RSA 2013 in San Francisco.
WSJ: How will CyberSponse shape the future of incident response?
Loomis: While our solution is far from simple to develop, simply put, CyberSponse is going to bring the efficiency, economics, transparency, and analytics that IR has needed for a long time. No more relying solely on ticketing systems, no more conference calls lasting 6 hours, no more meetings to have meetings. The CyberSponse solution has been tailored to handle the future of IR, designed specifically to streamline the use of a variety of technologies such as SMS, instant messaging, secure document collaboration, and mobile (to name a few). One example I can share pre-launch is that the CyberSponse system will offer built-in tools and training which will help teams become more prepared for a breach when it occurs. Also, by partnering with cutting edge providers like FireHost, Carbon Black, and Blackhills InfoSec, CyberSponse is going to put the power of IR back in the hands of the IR team in a way they've never experienced before, giving them the ability to respond with confidence from wherever they are.
WSJ: What does the future hold for CyberSponse?
Loomis: Legacy technologies like email and ticketing systems are holding the IR teams back, forcing them to operate outside even the best laid out IR plans. In fact, best practices such as NIST SP800-61 and ISO-27035 call for organizations to stay out of email when an incident occurs - not use it as the main tool for communication. With several patents pending, this is the future for CyberSponse - we will bring the IR teams up to date with a next generation IR solution so they can actually follow industry standards, guidelines, regulations, and more - while becoming more effective and efficient in their IR programs while doing so. CyberSponse will provide the perfect solution for companies small and large, leveraging a cyber-response community we help build where companies help each other fight cyber-crime and respond to cyber-attacks.
One final thought that I would add with respect to standards and regulations is the IR audit trail. CyberSponse, effectively operating as a secure bunker for all IR activities, will keep track of everything IR related and keep it secure within the bunker. Organizations will be able to see and report on what Resource A did and what Resource B forgot to do - even if one of those resources is an external service provider bound to an IR SLA. This will be an auditors dream - and will help the organization improve upon future IR activities.
The age of Digital Disruption is evolving into the next era – Digital Cohesion, an age in which applications securely self-assemble and deliver predictive services that continuously adapt to user behavior. Information from devices, sensors and applications around us will drive services seamlessly across mobile and fixed devices/infrastructure. This evolution is happening now in software defined services and secure networking. Four key drivers – Performance, Economics, Interoperability and Trust ...
Apr. 29, 2017 12:30 AM EDT Reads: 920
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Apr. 29, 2017 12:00 AM EDT Reads: 1,034
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Apr. 28, 2017 10:45 PM EDT Reads: 1,439
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Apr. 28, 2017 10:30 PM EDT Reads: 2,495
In his keynote at @ThingsExpo, Chris Matthieu, Director of IoT Engineering at Citrix and co-founder and CTO of Octoblu, focused on building an IoT platform and company. He provided a behind-the-scenes look at Octoblu’s platform, business, and pivots along the way (including the Citrix acquisition of Octoblu).
Apr. 28, 2017 10:30 PM EDT Reads: 1,604
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
Apr. 28, 2017 10:15 PM EDT Reads: 2,519
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
Apr. 28, 2017 10:00 PM EDT Reads: 1,261
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Apr. 28, 2017 09:45 PM EDT Reads: 2,177
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
Apr. 28, 2017 09:15 PM EDT Reads: 2,629
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
Apr. 28, 2017 08:15 PM EDT Reads: 2,403
@ThingsExpo has been named the Most Influential ‘Smart Cities - IIoT' Account and @BigDataExpo has been named fourteenth by Right Relevance (RR), which provides curated information and intelligence on approximately 50,000 topics. In addition, Right Relevance provides an Insights offering that combines the above Topics and Influencers information with real time conversations to provide actionable intelligence with visualizations to enable decision making. The Insights service is applicable to eve...
Apr. 28, 2017 07:45 PM EDT Reads: 2,944
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
Apr. 28, 2017 07:30 PM EDT Reads: 1,526
SYS-CON Events announced today that Grape Up will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct. 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company specializing in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the U.S. and Europe, Grape Up works with a variety of customers from emergi...
Apr. 28, 2017 07:15 PM EDT Reads: 2,323
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Apr. 28, 2017 07:00 PM EDT Reads: 1,175
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Apr. 28, 2017 04:15 PM EDT Reads: 1,402
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Apr. 28, 2017 04:00 PM EDT Reads: 1,416
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Apr. 28, 2017 03:30 PM EDT Reads: 1,508
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
Apr. 28, 2017 02:30 PM EDT Reads: 3,273
Five years ago development was seen as a dead-end career, now it’s anything but – with an explosion in mobile and IoT initiatives increasing the demand for skilled engineers. But apart from having a ready supply of great coders, what constitutes true ‘DevOps Royalty’? It’ll be the ability to craft resilient architectures, supportability, security everywhere across the software lifecycle. In his keynote at @DevOpsSummit at 20th Cloud Expo, Jeffrey Scheaffer, GM and SVP, Continuous Delivery Busine...
Apr. 28, 2017 02:15 PM EDT Reads: 1,193
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
Apr. 28, 2017 01:30 PM EDT Reads: 1,735