Managed Security Services Provider (MSSP) News: 11 December 2018
Each morning MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the global managed security services provider, SOC (security operations center) and IT outsourcing ecosystem.
Here’s the daily business update for Tuesday, December 11, 2018.
12. Equifax Breach – The Obvious: The Equifax data breach, one of the largest in U.S. history, was “entirely preventable,” according to a new House committee investigation, The Hill reports. Um… even security novices knew that fact the week the massive breach was disclosed.
11. WordPress Botnet: A massive botnet has been chewing through 20,000 WordPress sites, Naked Security reports.
10. Cyberattack Targets Energy Company: The Italian oil-services company Saipem SpA is still assessing the scope and impact of a cyberattack that targeted its servers in the Middle East, according to Bloomberg. The attack mainly targeted servers in the Emirates and Saudi Arabia, with attackers seeking to obtain administrative data, the report says. A smaller attack targeted Aberdeen, Scotland, where the company has fewer than 30 employees, Bloomberg reports.
9. Super Micro Letter to Customers: In a letter to customers, Super Micro says an in-depth investigation reveals no evidence of malicious hardware on the server maker’s motherboards. The letter counters an October 2018 Bloomberg report that claimed hackers had use Super Micro servers as a trojan horse into such companies as Apple and Amazon. Both Apple and Amazon have also denied the Bloomberg report. Super Micro’s stock plummeted when Bloomberg issued its report. The server maker apparently is considering its legal options against the media company.
8. Cyber Insurance: Sompo International Holdings, a Bermuda-based insurance company, has formed a U.S. team focused on cyber offerings, an enhanced cyber and professional liability product, and an expanded suite of cyber risk management services.
7. Google+ Shutdown: The search giant will shut down the Google+ social network sooner than expected after discovering another privacy bug in the system. The bug apparently affects 52.5 million users…
6. Container Security: Sysdig has unveiled new features for Sysdig Secure. The enhancements support Kubernetes auditing and vulnerability management, service-based access control, security analytics, along with simplified compliance to give users a view of the health and risk profiles of their container environments, Sysdig says.
5. Network Security Standards: Eleven security vendors have launched NetSecOPEN, an industry organization focused on the creation of open, transparent network security performance testing standards.
4. Risk Management: Proofpoint has launched a Targeted Attack Protection (TAP) Attack Index capability, which provides security teams with a people-centric view into their organization’s security posture. Security admins can identify the very attacked people (VAPs) within their company and select policies and controls to better secure those users, Proofpoint asserts.
3. Partnership – Fortinet & Symantec: Symantec and Fortinet are partnering to integrate Fortinet’s Next-Generation Firewall (NGFW) capabilities with Symantec’s cloud-delivered Web Security Service (WSS). Also, Symantec’s endpoint protection solutions will be integrated into the Fortinet Security Fabric platform.
2. Managed Threat Monitoring: Bitdefender GravityZone Managed Endpoint Detection and Response (MEDR) service is now available. The service, managed by a Bitdefender Labs, team provides threat monitoring, automated alerting and alert analysis. The team monitors enterprise environments for stealthy and destructive malware campaigns and to notify IT and security teams of potential risks and recommend prevention and remediation actions.
1. MSSP Pricing Guide: We’ll share managed security pricing tips during our webcast this Thursday, December 13. Register now to join us live. You can also register and listen on-demand at a future date.