M+E Daily

Convergent Risks used a breakout session at the June 29 Content Protection Summit Europe (CPS EU) event to showcase the benefits of its SanctumIR incident response app.

We are now in the fourth phase of the COVID-19 pandemic and everybody is out to make sure “we get things right in the future,” according to Chris Johnson, CEO and president of Convergent Risks.

But “part of what we’ve learned is we’re not actually going to get this right every time – things will still go wrong,” he said during the session “Don’t Let a Crisis Spoil Your Drama – Experience an Incident Response App at Work.”

Although “we are trying to introduce more and more stringent assurance to our workflows, we also need to retain this capability of having to respond to incidents in a structured and formatted way,” he explained. “So, what we did consciously as a business last year: we acquired a piece of technology to do that,” he said.

From a CTO’s perspective, “how does technology like SanctumIR help a team to respond more quickly, in a more structured fashion?” he asked Matt Lody, Convergent Risks CTO.

“The honest answer to that, Chris, is there’s probably a million answers to that,” Lody said with a smile. “But I’ll touch on a few of them. One of the first things about incident response is preparation is part of the key…. If you use a good IR tool, such as SanctumIR… you’ll be able to do things like input all your processes into that tool in advance. So, the nice thing about that is that when you go to an incident, the tool can automatically feed out tasks to people and be a bit more intelligent than that. So it can say, ‘Well, I know these prerequisites have to be performed before you can do this task.’ And that’s really nice for both embedding your procedures but also speeding up the speed of response – and particularly nice for obviously junior members of [the] staff who might not know the next steps to be taken.”

Also important can be bringing in expert advice from outside to help with an incident, according to Lody. “Now that becomes a really nice and easy thing to do if you use a specialist tool to do that,” he said. You have to consider what you want to give them access to and you can provide them with a restricted log-in and that can be done from potentially anywhere around the world and only allow them to see the thing you want their help with, he noted.

Reporting is also a “really important thing for a tool like this,” he said. Additionally, he pointed out: “It’s the 21st century. IR teams now have so many tools. There’s notifications, events and so on from all of the stack. To bring those into one place and have them all talk to one another and allow the incident response team just to do the triage and response is actually a huge benefit.”

A SanctumIR user’s take
“Technology like SanctumIR provides a platform … that enables organizations to manage their approach to incidents and crisis response, according to Mark Griffiths, senior counter terrorism and law enforcement consultant and director of Microft Solutions, a user of the app.

“These types of incidents will disrupt business and can create significant levels of chaos, and utilizing this technology can bring structure and order to that chaos,” he said.

He has been involved in incident management for over 30 years with the military, policing and counter terrorism, he noted. In those jobs, it was important to be able to “operate [in] secret and be able to gather evidence and intelligence in a confidential and secure environment… and [that it] can only be accessed by… authorized personnel,” he said.

“Platforms like Sanctum [have] this functionality and is now available to those outside of law enforcement and intelligence agencies who have to manage risk and harm and protect their own reputation,” he pointed out.

Pointing to the “impending introduction of the Protect Duty that will impact on U.K.-based businesses,” he said: “Technology like Sanctum will enable organizations to meet their legislative requirements.”
There is increased use of this technology in stress testing for action plans to ensure business continuity, he noted, adding: “Who would have thought 18 months ago we would all need a business continuity plan for a global pandemic?”

“Fundamentally, every incident and response requires leadership, oversight, structure, communication and security, which technology like SanctumIR brings,” he added.

A demonstration
Convergent Risks then demonstrated to viewers how the SanctumIR incident response app works during a short exercise in which the company provided a taste of what it is like to get a call about a breach, how to kick start the response, and manage communications to staff and external stakeholders.

It’s 8 pm on a Friday night and the CTO of a global creative services provider was notified of a significant security breach involving a premium episodic title. Unfinished content was leaked and its office has been told that, unless a significant ransom was paid, further material would be released revealing the plot line, together with sensitive contractual cast information.

The “key takeaways” of the demonstration for Johnson were, he said: “The fact that it’s good to test, train and exercise on the platform that you’re going to actually use in real-life scenarios”; the “benefits of the evidential veracity of using a platform of this nature”; and “you can construct actual playbooks and play the incidents that you are likely to encounter.”

Content Protection Summit Europe was presented by Convergent Risks, with sponsorship by Richey May Technology Solutions, Synamedia, BuyDRM, Friend MTS, NAGRA, and X Cyber Group.

The event was produced by MESA, CDSA, the Hollywood IT Society (HITS) and Women in Technology Hollywood (WiTH), under the direction of the CDSA board of directors and content advisors representing Amazon Studios, Adobe, Paramount, BBC Studios, NBCUniversal, Lionsgate, WarnerMedia, Amblin Entertainment, Legendary Pictures, and Lego Group.