Content, Content

Managed Security Services Provider (MSSP) News: 14 July 2021

Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

  • The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR), Extended Detection and Response (XDR) and MSP security providers — and those who need to partner up with such companies.
  • Frequency and Format: Every business morning. Typically one or two sentences for each item below.
  • Reaching Our Inbox: Send news, tips and rumors to [email protected].

A. Today’s MSSP, MDR and Cybersecurity News Alerts

1. CISA Guidance for Kaseya MSPs: The CISA has issued this guidance for MSPs and customers that run Kaseya's VSA software. The REvil ransomware group attacked Kaseya VSA on July 2. The attack spread downstream to roughly 50 MSPs and 1,500 end-customers. Kaseya on July 11 restored the SaaS-based VSA service and also developed a patch for on-premises VSA services. The attack and its impact affirm that RMM software is critical U.S. infrastructure, ChannelE2E asserts.

2. Microsoft Patch: The CISA has issued Emergency Directive (ED) 21-04: Mitigate Windows Print Spooler Service Vulnerability addressing CVE-2021-34527. Attackers can exploit this vulnerability to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization, the CISA says.

3. Funding - Breach and Attack Simulation: AttackIQ has raised $44 million in Series C funding round led by Atlantic Bridge. 

4. Funding - Shadow Economy: IVIX, a technology platform purpose-built to combat the shadow economy, has closed a $13 million seed funding round, led by Team8 with participation from Citi Ventures, Cardumen Capital and private investors.

5. Funding - Application-Aware Security: Virsec has raised $100 million in Series C funding.

6. Launch - Supply Chain Security: The Global Business Alliance (GBA) has launched GBA Sentinel, a wholly-owned subsidiary focused on helping global companies quickly identify and address potential supply chain and cyber vulnerabilities.

7. Talent: Kudelski Security has hired Roger Hill as senior director, product security and Steven Bay as director, U.S. Security Operations Center (SOC) services.

8. Endpoint Detection and Response (EDR): Bitdefender has unveiled eXtended EDR (XEDR). These new capabilities increase security efficacy for identifying and stopping the spread of ransomware attacks, advanced persistent threats (APTs) and other sophisticated attacks before they impact business operations.

9. Vulnerability and Patch Management Software: SecPod has released SanerNow 5.0 to help partners address vulnerability and patch management.

B. Cybersecurity Partner Programs, Strategic Alliances and Integrations

1. Integration - Threat Intelligence: Cybersixgill's Dynamic Vulnerability Exploit (DVE) Score is now available on the Swimlane security automation platform. The integration helps users accelerate focused prioritization and mitigation of dangerous vulnerabilities with intelligence from the dark web, the companies say.

2. Partner Program - Microsoft 365 Security: archTIS has launched a global Channel Partner Program to provide resellers, system integrators and MSSPs. The goal: Provide information security to customers using Microsoft 365 and Nutanix Files collaboration applications.

C. MSSP, MDR and Cybersecurity Virtual Events and Conference Calendar

  1. Black Hat USA (July 31-August 5, Las Vegas)
  2. CMMC Con 2021 (September 29, Virtual Event)
  3. FireEye Cyber Defense Summit (October 4-8, Hybrid – virtual and face to face)
  4. InfoSec World 2021 (October 25-27, Orlando, Florida)
  5. @Hack Cybersecurity Conference (November 28-30, Saudi Arabia)
  6. BonusMSSP Alert’s complete event calendar
Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.