CPR was designed on the front line of cyber conflict
Like many technologies, CPR was designed on the front line of cyber conflict. The Logically Secure IR staff whilst working both on-site and remotely needed a solution to efficiently collaborate, plan and support their clients. They found that many of the attackers victim organisations were using Microsoft Excel and Outlook for their case management and tracking; a solution that had neither scale nor security as part of their feature sets.
They found that while email was almost universally relied upon for information sharing, it had on occasion, allowed attackers to monitor the security and administration team’s efforts to remediate the situation.
Our aim was to simplify and secure the exchange of information so that teams could see all the case details and discuss them away from prying eyes.
We wanted a solution where uploaded files were security stored and that only selected team members could see and review the case data.
The name CPR comes from Crisis Planning Room, a place where you go to plan and coordinate actions to avert or deal with a event or incident that affects your organisation; the reference to Cardio Pulmonary Resuscitation is intended, as for some organisations that are mid hack what we offer is emergency support.
We tried several solutions and conducted public Alpha and Beta trials with both as we matured the technology.
Here are some of the internal versions of CPR and an early Alpha release (last screenshot)
Click on the screenshot to view at larger size
Progress has been interesting as productising a tool we used internally brings interesting challenges, in terms of stability, security and scale-ability (don’t get me started on the “database wars” that ran through the corridors of Logically Secure HQ).
However, throughout this process and at every stage we got great industry feedback on bugs and improvements which we have tried to incorporate where time and security permitted.
CyberCPR is US patent applied for; as we believe this implementation is worth protecting.
Need to know
One of the core aspects of CyberCPR’s security model is the need to know this means that only staff that are placed in a case/incident room can see the information relating to that case.
They cannot search for it and any links they clink to aspects of the case will both be blocked and alerted to administrators. See more on the CyberCPR Security page.