Managed Security Services, MSP, MSSP

Managed Security Services Provider (MSSP) Market News: 25 August 2023

Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

  • The Content: Written for MSSPs and MSPs; threat hunters; security operations center as a service (SOCaaS); managed detection and response (MDR) and eXtended detection and response (XDR) providers; and those who partner with such companies.
  • Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
  • Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].

Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News

1. Ukraine Cyber Leader to Speak: Illia Vitiuk, Head of Cyber Security Department, Security Service of Ukraine (SBU), and CIA Deputy Director David Cohen will both participate in fireside chats during the 14th Annual Billington CyberSecurity Summit, September 5-8 at the Ronald Reagan Building and International Trade Center in Washington, D.C. The event convenes government and industry cyber executives to explore the theme: "Advancing Cybersecurity's Impact in an Age of Heightened Risk."

2. Cybersecurity Deal: Akamai Technologies, a cloud security provider, has acquired assets including select enterprise customer contracts from StackPath, following StackPath's decision to cease its content delivery network operations. Akamai will extend its standard offerings and support to customers looking for an enterprise solution to their content delivery, cybersecurity and cloud computing needs, the company said.

3. Browser Security Advancement: Keeper Security, a provider of cloud-based zero trust and zero knowledge cybersecurity software, has expanded support for passkey management across all desktop browsers and for every customer. With Keeper, passkeys are stored and managed in the Keeper Vault, and can be used to log in to websites and applications across all desktop web browsers and operating systems with ease, the company said.

4. Cybersecurity Education: The University of Tulsa has announced the formation of the Oklahoma Cyber Innovation Institute to undertake groundbreaking cyber research and identify, test and commercially deploy new cyber solutions. The institute builds on the university's educational foundation in cybersecurity to address cyber workforce development issues. "The Oklahoma Cyber Innovation Institute will capitalize on decades of academic excellence at TU and expand research opportunities to include the expertise needed to put the findings into market," said Rose Gamble, TU vice president for Research and Economic Development.

5. MSP Partnership: Pax8, a cloud commerce marketplace specialist, is partnering with CYRISMA (Cyber Risk Information Security Management Accountability), a risk management platform provider for managed service providers (MSPs). With CYRISMA’s multiple risk management capabilities, MSPs can strengthen their security posture and witness tangible results within hours of implementation, Pax8 said.

6. CISA Releases Annual Report: The Cybersecurity and Infrastructure Security Agency (CISA) released its inaugural Vulnerability Disclosure Policy (VDP) Platform 2022 Annual Report, highlighting the service’s progress supporting vulnerability awareness and remediation across the Federal Civilian Executive Branch (FCEB). The report showcases how agencies have used the VDP Platform (launched in July 2021) to safeguard the FCEB and support risk reduction. The VDP platform gives federal agencies a single, user-friendly interface to intake vulnerability information and to collaborate with the public researcher community for vulnerability awareness and remediation, CISA said.

7. Hacker Alert: A nation-state activity group originating from China has been linked to cyberattacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name "Flax Typhoon," also known as "Ethereal Panda." According to Microsoft, "Flax Typhoon gains and maintains long-term access to Taiwanese organizations' networks with minimal use of malware, relying on tools built into the operating system, along with some normally benign software to quietly remain in these networks." (Source: The Hacker News)

8. Email Security Warning: The U.S. Federal Bureau of Investigation (FBI) is warning that Barracuda Networks Email Security Gateway (ESG) appliances continue to be at risk of potential compromise from suspected Chinese hacking groups. Tracked as CVE-2023-2868 (CVSS score: 9.8), the zero day bug is said to have been weaponized as early as October 2022, more than seven months before the security hole was plugged. (Source: The Hacker News)

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.