It came as somewhat of a surprise when security expert Bruce Schneier announced in December that he and BT were parting ways after eight years. Schneier was among the most outspoken analysts of Edward Snowden's NSA leaks last year, but it was a desire to look at a particular area of the cyber security landscape which attracted him to his new position.
Speaking to IT Security Guru, American cryptographer Bruce Schneier, now chief technology officer at Co3 Systems, said that he joined the company from BT becasue working for a startup "is fun and something I wanted to do", but also because incident response in general is a space that needs work.
He said: "If you go back to the definition of security being protection, detection and response – this feels like the last area that needs work, and the idea of incident response coordination and working on a response is really important and something that isn't there, and no one else is doing, so that is the space and the company. I know the people and the space and company are interesting, so it all comes together."
Schneier said that there is a huge market for response and while response services have emerged, there are not a lot of response products and that is what Co3 offer.
He said that two things are driving incident response. Firstly attacks have got more sophisticated and therefore they require a sophisticated response.
Secondly, because the regulatory environment in the United States is much more complicated and there are a lot of laws you have to follow or risk being fined/sued, you need to demonstrate in court that you do things properly.
"So those two together shows that you cannot do ad hoc response anymore, and the problem with emergency response is you do it in an emergency, so you do it in a panic and it is easy to respond in the moment and anything that will automate things and anything that will make the coordination more effective is really valuable," he said.
Schneier said that a few years ago at industry conferences, the mood changed from "buy my thing and you'll be safe" to "you're going to get hacked and you have a problem", which he said was very refreshing as for too long imperfect solutions have been suggested.
"So the fact that we are striving to say things like 'yes we know this is imperfect' is a good sign", he said.
He cited the 2010 RSA attack as having a terrible response and lacking coordination of response, and what Co3 Systems offers is to facilitate where the holes are so when it happens you are more prepared.
"It is not prevention or detection, it is response, and it doesn't make attacks less likely to happen, it makes it less bad when they do, and that could be not getting smacked with a class action lawsuit," he said.
Dan Raywood is editor of IT Security Guru.