Content, Content

Managed Security Services Provider (MSSP) News: 28 July 2021

Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

  • The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR), Extended Detection and Response (XDR) and MSP security providers — and those who need to partner up with such companies.
  • Frequency and Format: Every business morning. Typically one or two sentences for each item below.
  • Reaching Our Inbox: Send news, tips and rumors to [email protected].

A. Today’s MSSP, MDR and Cybersecurity News Alerts

1. From Cyber War to Land War?: President Joe Biden warned that if the United States ended up in a "real shooting war" with a "major power" it could be the result of a significant cyber attack on the country, highlighting what Washington sees as growing threats posed by Russia and China, Reuters reports.

2. PetitPotam NTLM Relay Attack Mitigation: Microsoft offers guidance here.

3. Kaseya Unitrends Zero Day Vulnerabilities: Unitrends, a backup and disaster recovery (BDR) product owned by Kaseya, has multiple zero day vulnerabilities, according to the  Dutch Institute for Vulnerability Disclosure (DIVD). MSPs and customers should not expose the Unitrends service or the clients directly to the Internet until Kaseya has patched the vulnerabilities, DIVD says. The alert comes less than one month after the REvil Ransomware group attacked Kaseya VSA software on July 2, 2021. That attack spread ransomware downstream to roughly 50 MSPs and 1,500 end-customer networks.

4. MSP Expands Managed Security Services: NexusTek, a national MSP based in Denver, has introduced managed protection, detection, and response services to help customers combat cyber threats, the company says.

5. XDR Upgrade: Reliaquest has updated its GreyMatter Open XDR platform with improved detection and threat hunting capabilities, the company says.

6. Zero Trust Readiness Assessment: Optiv Security has launched a Zero Trust Readiness Assessment for customers.

7. Talent - Data Security and Compliance: Very Good Security (VGS) has hired Matt Amundson as chief marketing officer (CMO).

8. Ransomware - Supply Chain Risk Mitigation: CyberGRX has released CyberGRX Ransomware Threat Profiles. The tool provides access to an overview of the ransomware risk within an entire third-party ecosystem, the company says.

B. Cybersecurity Partnerships, Strategic Alliances and Integrations

1. Cloud Distribution - Zero Trust for MSPs: Pax8 has agreed to distribute Isoolate, a zero-trust web threat protection platform for MSPs.

2. XDR - Microsoft Integration: ContraForce, a provider of Open XDR for MSSPs along with small and medium businesses, is joining the Microsoft Intelligent Security Association (MISA). ContraForce was nominated for membership due to a Microsoft Azure Sentinel API integration. The MISA organization is designed for ISVs and MSSPs that integrate with Microsoft's security solutions.

3. Partnership - Ransomware Mitigation: Pentera (formerly Pcysys) and Vectra AI have partnered to develop a joint solution that keeps customers "attack ready" against ransomware.

C. Cybersecurity and Startup Funding

1. Cyber Asset Management and Controls: Noetic Cyber has raised $20 million in funding led Energy Impact Partners, with participation from TenEleven Ventures and Glasswing Ventures.

2. Zero Trust Network Access: Cyolo has raised $21 million in Series A funding led by Glilot Capital Partners. Additional investors include National Grid Partners, Merlin Ventures, Flint Capital, Global Founders Capital and Differential Ventures.

3. Cyber Insurance: At-Bay  has raised $185 million in Series D financing. The funding was co-led by Icon Ventures and Lightspeed Venture Partners, with participation from existing investors including Khosla Ventures, M12, Acrew Capital, Qumra Capital, the HSB fund of Munich Re Ventures, entrepreneur Shlomo Kramer, and Glilot Capital.

4. Device Identity as a Service (DIaaS): Infinipoint has unveiled a Device-Identity-as-a-Service (DIaaS). The company also announced $11 million in funding from JAL VenturesEmerge, and Hetz Ventures.

D. Cybersecurity Research Reports

1. Top Vulnerabilities to Mitigate: CISA and other security sources offer this list of top routinely exploited vulnerabilities.

2. Top 25 Phishing Brand Attacks: Vade Secure offers these findings.

3. Cost of Data Breach: The average per-incident cost of a data breach is now $4.24 million, according to the 2021 Cost of a Data Breach Report from IBM.

4.  Risk Management: SolarWinds' latest research findings are here.

5.  Hacking Tool Downloads: There has been a 65% rise in the use of hacking tools downloaded from underground forums and file sharing websites from H2 2020 to H1 2021, according to the latest Threat Insights Report from PC maker HP Inc.

E. MSSP, MDR and Cybersecurity Virtual Events and Conference Calendar

  1. Black Hat USA (July 31-August 5, Las Vegas)
  2. AWS re:Inforce 2021 (August 24-25, Houston, Texas)
  3. CMMC Con 2021 (September 29, Virtual Event)
  4. FireEye Cyber Defense Summit (October 4-8, Hybrid – virtual and face to face)
  5. InfoSec World 2021 (October 25-27, Orlando, Florida)
  6. BonusMSSP Alert’s complete event calendar
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.