Managed Security Services Provider (MSSP) News: 28 January 2020

Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across that managed security services provider ecosystem.

A. Today’s MSSP Alerts

1. Ransomware Mitigation Guide: NIST has released a draft guide titled Detecting and Responding to Ransomware and Other Destructive Events. It's available here for public comment.

2. Ransomware Vulnerability Dashboard: RiskSense has unveiled a Ransomware Dashboard that reveals an organization’s exposure to specific attacks including the ransomware family name, vulnerabilities they exploit, the assets at risk and remediation steps to prevent an infection. The RiskSense Ransomware Dashboard is available immediately at no additional cost to all RiskSense customers, the company says.

3. Ransomware Payments Banned?: New York State may soon ban municipalities from paying ransomware demands in the event of a cyberattack, ThreatPost reports. The move may inspire New York towns and cities to strengthen their risk mitigation, data protection and cybersecurity plans. Still, there's an apparent loophole in the proposed legislation: Towns and cities that have cyber insurance could have the insurance provider pay the ransom demand, the report notes...

4. Ransomware Apparently Exploits Citrix Software: Reports have emerged of multiple attempts to exploit a Citrix vulnerability, delivering ransomware to enterprise victims including a German car manufacturer, InfoSecurity Magazine says.

5. Ransomware Attacks Illinois School District: Crystal Lake Community High School District 155’s computers were infected with ransomware last week, the Northwest Herald reports.

6. Compliance: GuardSight, a Top 200 MSSP for 2019, cybersecurity as a service, and managed detection and response (MDR) company, has achieved NIST 800-171 compliance by leveraging the Cybersecurity Planning Tool (CPT) developed by its risk and compliance partner Totem.Tech, the companies say. GuardSight implements this and other compliance frameworks to strengthen the cybersecurity posture of its networks and systems in its duty to protect customer assets and to meet a standard of reasonable cybersecurity practices, the firm adds.

7. Cisco IoT Security Strategy: Details are here.

8. NFL Social Media Accounts Hacked: The Twitter, Facebook and Instagram accounts of multiple NFL teams were hacked on Monday, with profile pictures disappearing for the teams. The hack included the two teams headed to the Super Bowl this weekend, The Hill reports.

9. Talent - Email Security: Vade Secure has hired Frédéric Braut as senior VP of EMEA. Braut previously held key posts at Tech Data Advanced, Arrow ECS, Fortinet, Websense and McAfee.

B. MSSP Partnerships and Strategic Alliances

1. Funding - Partner Push: Defendify, a SaaS cybersecurity solution designed specifically for small businesses, has raised $2 million in seed funding and will pursue more channel partnerships. Existing investor 3dot6 Ventures doubled down and led the round with participation from York IE, Maine Technology Institute (MTI), Maine Venture Fund (MVF), FreshTracks Capital, and Wasabi Ventures, the company says.

2. Check Point Partner Program: Check Point Software Technologies has launched a new partner program, led by Frank Rauch, Check Point’s head of worldwide channels The program introduces a new “Elite” tier, and also aligns with partners' value-add Professional Services and MSSP initiatives, the company says.

3. Distribution: Synnex has agreed to distribute Area 1 Security's anti-phishing security service to U.S. partners.

4. Partner Program: Binary Defense, an MSSP and software developer, is rolling out a new program to its value-added resellers.

C. Next Five Cybersecurity Conferences