Managed Security Services Provider (MSSP) News: 24 August 2021 -

Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR), Extended Detection and Response (XDR) and MSP security providers — and those who need to partner up with such companies.
Frequency and Format: Every business morning. Typically one or two sentences for each item below.
Reaching Our Inbox: Send news, tips and rumors to [email protected].

A. Today’s MSSP, MDR, XDR and Cybersecurity News Alerts

1. AWS MSSP Partnerships: It's safe to expect Amazon Web Services (AWS) to announce multiple MSSP partnerships during today's AWS re:Inforce 2021 virtual cybersecurity conference....

2. AT&T Denies Data Breach: AT&T has denied a claim by a hacker group claiming to sell data from more than 70 million of its customers, suggesting that the purported leak wasn't credible, MarketWatch reports.

3. Cloud Security Assessments: Microsoft is open sourcing Cloud Katana, an application built atop Azure Functions. Cloud Katana allows MSSPs and end-customers to assess security controls in the cloud and hybrid cloud environments. The software currently addresses Azure use cases, but support for additional cloud providers is planned, Microsoft indicated. Microsoft did not specifically say if or when Cloud Katana will support Amazon Web Services (AWS) and/or Google Cloud Platform.

4. Ransomware Recovery Strategies: HYCU, FireEye Mandiant, Carahsoft and SADA announced a new public service initiative to help companies better understand what they can do to recover from a ransomware attack.

5. Ransomware Attacks Hospital: The University Medical Center Southern Nevada has reported that a ransomware attack earlier this summer affected the data of 1.3 million people, Healthcare IT News reports.

6. Research - SaaS Data Security: Roughly 40% of all SaaS assets are unmanaged, which means there is a greater degree of internal, external, and public access to sensitive data, according Quantifying the Immense Risk of Unmanaged SaaS Data Access, a new report from DoControl. The research reinforces the growing need for SaaS-focused security monitoring and management tools. Key MSP-focused SaaS tools in the market include Augmentt and SaaS Alerts, among others.

7. Microsoft Power Apps Data Exposure: Microsoft Power Apps portals suffered data leaks because resulting from misconfigurations that allowed public access, UpGuard reports.

8. Hackers Leverage NSO Software: Nine activists from Bahrain had their iPhones hacked by NSO Group’s Pegasus software, Citizen Lab at the University of Toronto said, according to Associated Press.

9. Cyber Insurance APIs: Cowbell Cyber has released application programming interfaces (APIs) for streamlined digital distribution of cyber insurance. The APIs allow insurance digital aggregators to integrate directly to Cowbell’s platform and enable instant quoting of Cowbell Prime 100, the company says.

10. Remote Work Security: Cameyo has announced Secure Cloud Tunneling, a new technology that provides "greater protection for organizations enabling remote & hybrid work by eliminating the need to open ports in their firewall," the company says.

11. Partner Program - Human Layer Security: Tessian is moving to a 100 percent channel model, and partnering with companies such as Optiv Security.

12. Talent - CISO: Splunk has hired Apollo Education Group, Digex, Merck and Citibank veteran Pamela Fusco as chief information security officer (CISO).

13. Multi-Factor Authentication (MFA): JumpCloud has announced general availability of JumpCloud Protect, a one-touch multi-factor authentication (MFA) solution that "makes it easy for IT admins to deploy and enforce MFA that is simple and fast for end users," the company says. JumpCloud Protect is available for Apple iOS and Google Android devices.