Managed Security Services Provider (MSSP) News: 23 December 2020
Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR), Extended Detection and Response (XDR) and MSP security providers — and those who need to partner up with such companies.
- Frequency and Format: Every business morning. Typically one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Joe@AfterNines.com.
A. Today’s MSSP News Alerts
1. Vulnerabilities – SolarWinds N-Central: A quick heads up to MSPs that are running SolarWinds N-Central, the remote monitoring and management (RMM) software platform. Make sure you’ve addressed these vulnerabilities, as described by the Center for Internet Security on December 18. Some items to note:
- There are currently no reports of these vulnerabilities being exploited in the wild, according to the advisory.
- The N-Central vulnerabilities are not associated with the recently disclosed SolarWinds Orion security incident.
2. Patching the FireEye and SolarWinds Vulnerabilities: Qualys has identified 7.54 million vulnerabilities related to FireEye Red Team assessment tools and compromised versions of SolarWinds Orion, tracked as Solorigate or SUNBURST, across its 15,700-member customer base. The big twist: 99.84% of the 7+ million vulnerability instances are from eight vulnerabilities in Microsoft software that have patches available. To help mitigate risk and exposure from this breach, Qualys is providing IT and security teams free 60-day access to its integrated Vulnerability Management, Detection and Response service, the company says.
3. Funding – Data Privacy: OneTrust has raised $300 million in Series C funding round at a $5.1 billion valuation. TCV signed on as a new investor and led the round, joined by OneTrust’s existing investors, including Kaseya and Veeam parent Insight Partners and Coatue.
4. M&A – Identity and Access Management (IAM): Protiviti, a global consulting firm, has purchased identity and access management (IAM) solutions provider Identropy.
5. Audit – U.S. Government Supply Chain Security Risks: U.S. federal agencies are failing to properly manage supply chain security risks, Government Accounting Office (GAO) audit report finds.
B. MSSP and Cybersecurity Virtual Events and Conference Calendar
- Secureworks Connect 2021 (February 9-10, Virtual Conference)
- RSA Conference 2021 (May 17-21, Virtual Conference)
- Black Hat USA 2021 (July 31-August 5, Las Vegas)
- FireEye Cyber Defense Summit 2021 (October 4-8)
- Bonus: MSSP Alert’s complete event calendar