Home Guru Bruce Schneier: “It is not prevention or detection, it is response”

Bruce Schneier: “It is not prevention or detection, it is response”

Bruce Schneier, Co3 Systems

As well as being a renowned cryptographer, influential security expert and outspoken conference favourite, Bruce Schneier has had his share of coverage in recent months as the Prism story unfolded. He chose to leave his position as BT’s security futurologist at the end of last month and has now turned his hand to incident response.


Schneier recently left BT, who acquired his company Counterpane in 2006, to join Co3 Systems as chief technology officer this month. I began by asking him what attracted him to a relatively unknown company.


He said that working for a start up is fun and something that he wanted to do, as incident response is a space that needs work. “If you go back to the definition of security being protection, detection and response, this feels like the last area that needs work, and the idea of incident response coordination and working on a response is really important and something that isn’t there,” he said.


I asked what he meant by this not being done yet. He said that there is a huge market for response and, while a lot of response services have emerged, there are not a lot of response products and that is what Co3 offers. “That has become important now, and two things are driving it: firstly attacks have got more sophisticated. We are seeing more targeted attacks and you need a sophisticated response; secondly the regulatory environment in the United States is much more complicated and dangerous, so there are a lot of laws you have to follow or else you risk being fined, or face lawsuits and you need to demonstrate in court that you do things properly,” he said.


“So those two together shows that you cannot do ad hoc response anymore, and the problem with emergency response is that you do it in a panic. It is easy to respond in the moment and anything that will automate things, and anything that will make the coordination more effective, is really valuable.”


I asked Schneier if this area is effectively a final frontier for the industry, who need to learn more about incident response? He said that, rather than being that extreme, as an industry we need to be more sophisticated as this is nothing new. “There will be a time when your response will say “call in someone else”, but your thermometer doesn’t replace the doctor, you know to call the doctor,” he said.


“I think we started seeing this at conferences three or four years ago where we went from being told ‘buy my thing and you’ll be safe’ to ‘you’re going to get hacked and you have a problem’, and I thought that was very refreshing as for too long tried to throw imperfect solutions at this. So the fact that we are striving to say things like ‘yes we know this is imperfect’ is a good sign.”


Looking back at the RSA attack from 2010, Schneier said that was a big deal and called the response “terrible” as the coordination to such a big attack “was all pretty much ad hoc”, but with a coordinated response you would know what to do, what to say and how to fix it.


Talking specifically about Co3 Systems, Schneier said that it offers a way to coordinate a response. “It is not prevention or detection, it is response, and it doesn’t make attacks less likely to happen, it makes it less bad when they do, and that could be not getting smacked with a class action lawsuit,” he said.


I concluded by asking if he felt that companies needed to be prepared in the face of a potential attack. He said he did because of sophisticated attacks and legal trends. “For those two reasons, it becomes important to do something like this and there are different reasons for different sized companies, so those two things make it very useful and I am surprised by how much demand there is.”


Bruce Schneier, chief technology officer of Co3 Systems, was talking to Dan Raywood


OPSWAT Market Share Report Finds at Least 15% of Devices at Risk

OPSWAT today announced the release of their latest market share report, which includes detailed analysis of the market share of antivirus vendors and products. The report also takes a look at the use of real time protection (RTP) by users of top antivirus products and the number of devices with persisting threats or potentially unwanted (…read more)

January 29, 2015

Security Advisory for “GHOST” Vulnerability on Linux Systems

Researchers at Qualys recently revealed a critical vulnerability in the Linux GNU C Library (glibc), that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials.   The vulnerability is known as GHOST (CVE-2015-0235) as it can be triggered by the       gethostbyname functions. It affects many (…read more)

January 28, 2015

Data Privacy Day musings from the Infosec community

Today marks the ninth annual Data Privacy Day; the purpose of which is to raise public awareness and advocate data protection and privacy best practices. Over the last year we’ve seen many high profile breaches, which involved eBay, JPMorgan, and most recently Sony Pictures Entertainment – so it is very clear that now more than (…read more)

January 28, 2015