Content, Content

Managed Security Services Provider (MSSP) News: 14 March 2018

Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem. Here’s the lineup for Wednesday, March 14, 2018: 17. Microsoft Patch Tuesday: Microsoft patched 15 critical vulnerabilities this month as part of its March Patch Tuesday roundup of fixes, Threatpost notes. In all, the company issued 75 fixes, with 61 rated important. Products receiving the most urgent patches included Microsoft browsers and browser-related technologies such as the company’s JavaScript engine Chakra, the report says. 16. Encryption: Equinix has launched Equinix SmartKey, a global key management and encryption Software as a Service (SaaS) offering. It's designed to simplify data protection across any cloud or destination, the company claims. 15. Breach: The Port of Longview in Washington state was recently victimized by a cyber attack that may have affected hundreds of past and current employees and dozens of vendors, according to The Daily News. The FBI notified the port of the attack on Feb. 1, according to an internal memo obtained Monday by The Daily News. 14. Healthcare Attacks: The infamous PlugX malware has been detected in pharmaceutical organizations in Vietnam, aimed at stealing drug formulas and business information, Kaspersky Lab researchers say. 13. Cryptocurrency Ad Ban, Standards: Google will ban advertisements for cryptocurrencies and related content starting in June. While many cryptocurrency companies are legitimate, regulators and social media companies are scramble to address cryptocurrency-related fraud worldwide. 12. Crypto-Asset Security: The world’s financial leaders will call on international standard-setting bodies on March 20 for stronger monitoring of crypto-assets and to assess the need for a multilateral response as such assets could at some point threaten financial stability. Reuters says. 11. Cloud Email Security: BluVector has introduced Office 365 and Google Mail security features. The offering is  designed to help mid- to large-sized organizations detect file-based and fileless malware attacks through their cloud-based email services, the company says. Continue page two for items 10 to 1. Welcome to page two, featuring items 10 to 1. 10. Funding: Solebit, which identifies and prevents of zero-day malware and unknown threats, has raised $11 million in Series A funding led by ClearSky Security.  9. SIEM & IoTExabeam, which specializes in SIEM technology, has launched Exabeam Entity Analytics. The new product that uses machine learning to spot compromised IoT and issues on other devices. Exabeam Entity Analytics discovers the normal behavior of medical, industrial, networking, home and mobile devices, and uses that baseline to alert security teams when unusual events occur, the company says. 8. Attack Simulator Tool: GuardiCore has upgraded Infection Monkey, an open source attack simulation tool. The software tests the resiliency of modern data centers and clouds against cyber attacks. 7. Bug Hunting:  Cisco Meraki has launched a public bug bounty program with Bugcrowd. Cisco Meraki will award up to $10,000 for vulnerabilities identified on their devices and cloud management interfaces. 6. SOCs & Threat Intelligence: SOCSoter has unveiled a Threat Intelligence Platform (TIP) tool that allows partners to access and query the company's threat intelligence database. The move allows partners to understand, research, and stop threats more effectively and efficiently, the company claims. SOCSoter also promotes a security operations center (SOC) to channel partners. 5. SOC Business Models: Should you build or partner for your security operations center? We constantly cover SOCs here on MSSP Alert. But this SOC how-to article from Verint Systems VP Yitzhak Vager offers some intriguing guidance on the build-vs-partner SOC debate. 4. Risk Management as a Service: TSC Advantage, an MSSP that offers enterprise risk assessments, has launched Third-Party Cyber Risk Management as a Service. 3. Financial Services MSSP: Computer Services Inc. is now the preferred managed security services provider for Pennsylvania Association of Community Bankers members.
MSSP Alert's Joe Panettieri
Compuquip Cybersecurity CEO Eric Dosal
2. MSP to MSSP Roadmap: Register now to join us Thursday (March 15) for our latest webcast -- The MSP to MSSP Roadmap: Potholes, Pitfalls and Profits. VAR and MSP leader Eric Dosal, CEO of Compuquip Cybersecurity, will describe his all-in bet on the security market -- and his unvarnished views on managed security services. I'll provide a reality check for MSPs pushing into security. And we'll answer your questions throughout the live webcast. I look forward to the discussion with you. 1. AMD Blindsided: Hardware security firm CTS Labs yesterday published a paper and website pointing to potential AMD chip vulnerabilities. But CTS is taking heat because the company shared its full findings with AMD only a day before going public, practically blindsiding the company, WIRED notes.
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.