Managed Security Services Provider (MSSP) News: 15 June 2021
Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR), Extended Detection and Response (XDR) and MSP security providers — and those who need to partner up with such companies.
- Frequency and Format: Every business morning. Typically one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Joe@AfterNines.com.
A. Today’s MSSP and Cybersecurity News Alerts
1. Critical SonicWall Vulnerability – Patch Now: SonicWall physical and virtual firewalls running certain versions of SonicOS may contain a vulnerability that could be leveraged for an unauthenticated Denial-of-Service (DoS) attack by sending a specially crafted POST request to the web interface, SonicWall disclosed.
2. China Spying and Pulse Secure Vulnerabilities: A cyberespionage campaign blamed on China was more sweeping than previously known. The hack of Pulse Connect Secure networking devices, first disclosed in April, targeted Verizon and the largest U.S. water agency. The New York City subway system, the country’s largest, was also breached. Source: The Associated Press, June 15, 2021.
3. Ransomware Attacks Food Equipment Distributor: Food equipment and supply distributor Edward Don has suffered a ransomware attack that has caused the company to shut down portions of the network to prevent the attack’s spread, Bleeping Computer reports.
4. Rebrand – Managed Detection and Response (MDR): CI Security, an MDR service provider, has rebranded as Critical Insight.
5. Funding – Web Application Security: ThreatX, which develops a web application and API protection (WAAP) platform, has raised $10 million in funding led by .406 Ventures. Existing investors, Access Venture Partners and Grotech Ventures, also participated in the round.
6. Funding – Risk Management Technology: Ostendio has raised Series A financing led by Osage Venture Partners. The round also includes follow-on investments from Blu Venture Investors, CIT GAP Funds, and other existing investors.
7. Talent – Managed SOC (Security Operations Center): Blackpoint Cyber has hired OpenText and Webroot veteran Paul Barnes as VP of product.
8. Talent – Cyber Risk Exchange: CyberGRX has hired:
- LinkedIn veteran John Mayhall as chief revenue officer (CRO);
- East Daley Capital Advisors veteran Kerry Nagle as chief operating officer (COO); and
- Couchbase and Gigamon veteran Peter Finter as chief marketing officer (CMO).
The CyberGRX Exchange has generated a 100 percent compound annual growth rate (CAGR) since 2018). Actual revenue and profit dollar figures were not disclosed.
9. Cyber Intelligence Training: FireEye has launched Mandiant On-Demand Cyber Intelligence Training. The training service educates security teams on the practical application of threat intelligence concepts, across multiple use cases designed to build skill sets at all levels, FireEye asserts. The training service surfaces as Mandiant essentially prepares to sell the FireEye products business to private equity firm Symphony Technology Group.
10. Cloud-Based Security: Check Point Software Technologies has expanded the capabilities of its unified Cloud Native Security Platform, to deliver application-first workload protection with Check Point CloudGuard Workload Protection, the company says. Customers gain automate security across applications, Application Programing Interfaces (APIs) and microservices from development to runtime via a single interface, Check Point says.
11. Internet of Things (IoT) Security: Byos has launched the Byos Industrial μGateway, an edge security product that provides secure connectivity for IoT devices and legacy infrastructures.
B. Cybersecurity Partnerships, Strategic Alliances and Integrations
1. Partnership – Google Application Security: Thales CipherTrust Manager and SafeNet Trusted Access have been integrated with Google Workspace client-side encryption, a new privacy and confidentiality offering for Google Workspace users. The result: Customers can benefit from improved regulatory compliance and data ownership by allowing them to maintain ownership of keys used to encrypt Google Workspace documents, Thales asserts.
C. MSSP and Cybersecurity Virtual Events and Conference Calendar
- Zscaler Zenith Live 2021 (June 15-16, Virtual Conference)
- Siemplify SOCstock 2021 (June 15, Virtual Conference)
- ConnectWise IT Nation Secure 2021 (June 21-23, Orlando, Florida)
- Black Hat USA (July 31-August 5, Las Vegas)
- FireEye Cyber Defense Summit (October 4-8, Location to be Disclosed)
- Bonus: MSSP Alert’s complete event calendar