Managed Security Services Provider (MSSP) News: 31 January 2018
Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the lineup for Wednesday, January 31, 2018:
13. False Crypto Statements: Coincheck made false explanations to customers about its security system before suffering one of the world’s biggest cyber heists, a Reuters report asserts.
12. Crypto Regulations: South Korea’s finance minister said the government has no plans to shut down cryptocurrency trading, welcome news for investors worried that authorities might go as far as China’s tough action in blocking virtual coin platforms, Reuters adds.
11. Cyber Insurance: Are these the top five providers of cyber insurance? We’re not in a position to say yes, but the article is worth a read…
10. Partner Program: Morphisec, a provider of Moving Target Defense-based cybersecurity solutions, has gained several new Channel Partner Program members. True believers include Decision Tree Technologies and HoneyTek Systems, Inc.
9. Meltdown and Spectre Vulnerability Updates: Here are the latest vendor alerts for Meltdown & Spectre vulnerabilities…
8. Partnership – SIEM: LogRhythm SIEM customers can now add Webroot’s BrightCloud IP Reputation service to the SIEM platform. A new fulfillment site provides integration information and streamlines the delivery process, the two companies say.
7. Partnership: Ivanti and CrowdStrike have inked a strategic alliance that brings together next-generation antivirus and endpoint detection and response (EDR) with Ivanti’s multi-layered endpoint security solutions, the two companies say.
6. Threat Hunting: Blackpoint Cyber has delivered SNAP-Defense 3.0 (SNAP), a multi-tenant offering that allows MSSPs to deliver SNAP’s next-generation cyber threat hunting and response to their customers. We’ll share more details soon.
5. Partner Program: Cytellix, an MSSP, has launched an SMB partner program. Brian Berger, Cytellix executive VP of commercial cybersecurity, is driving the effort. It includes managed security services, a SOC, 24×7 monitoring and vulnerability monitoring. We’ll share more details soon.
4. MSSP Guidance: What should customers look for in an MSSP? Here are some clues from Gartner. We’ll share more details soon.
3. Penetration Testing Certification: CompTIA has expanded its portfolio of credentials for cybersecurity professionals with the launch of the CompTIA PenTest+ beta exam. The new certification assesses the latest penetration testing and vulnerability assessment and management skills that IT professionals need to run a successful, responsible penetration testing program, CompTIA asserts.
2. Vulnerabilities – MSP Software: Digital Defense has discovered multiple, previously undisclosed vulnerabilities within several Zoho ManageEngine products, allowing unauthenticated file upload, blind SQL injection, authenticated remote code execution and user enumeration, potentially revealing sensitive information or full compromise of the application. Affected applications include: ServiceDesk Plus, Service Plus MSP, OpManager, Firewall Analyzer, Network Configuration Manager, OpUtils and NetFlow Analyzer. Zoho ManageEngine has addressed the vulnerabilities and is making patches available for each of the affected applications. Deeper details about the issues and fixes are here.
1. Thank You: MSSP Alert attracted record readership in January 2018, continuing our strong growth since launching in May 2017. Thank you for your readership, and to the sponsors who embraced our editorial mission.