Managed Security Services Provider (MSSP) Market News: 10 August 2022 -

Each business day, MSSP Alert delivers this quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.

The Content: Written for MSSPs, SOC as a Service (SOCaaS), Managed Detection and Response (MDR), eXtended Detection and Response (XDR), threat hunters and MSP security providers — and those who need to partner with such companies.

Frequency and Format: Every business morning. Typically one or two sentences for each item below.

Reaching Our Inbox: Send news, tips and rumors to:

Managing Editor James.Masters@CyberRiskAlliance.com; and

Executive VP and Editorial Director Joe.Panettieri@CyberRiskAlliance.com.

Thank you in advance for news tips.

A. Today’s MSSP, MDR, XDR and Cybersecurity Market News

1. MSSP Partner Program: Nozomi Networks continues to grow its two-tier MSSP partner program. Among the milestones to note:

The global MSSP Elite Partner program now has 10 members -- including new members ABS Consulting Inc., Intelligent Buildings and Telefonica Tech.

The regional MSSP Focus Partners program now includes such companies has CyberCX, Deloitte, Gemina, NRI Secure Technologies, 2TS and TI Safe.

2. Partnership - Incident Response: Airiam's AirRescue incident response engagements will now leverage the Cybereason Defense Platform, the two companies said.

3. Channel Chief - Biometric Authentication: Aware has hired Craig Herman as chief revenue officer (CRO).

4. Penetration Testing Tools: NetSPI has released two open source tools to help teams "discover vulnerable network shares and improve detections."

PowerHuntShares inventories, analyzes, and reports excessive privilege assigned to SMB shares on Active Directory domain joined computers. This capability "helps address the risks of excessive share permissions in Active Directory environments that can lead to data exposure, privilege escalation, and ransomware attacks within enterprise environments," the company said.

PowerHunt, a modular threat hunting framework, identifies signs of compromise based on artifacts from common MITRE ATT&CK techniques and detects anomalies and outliers specific to the target environment. PowerHunt automates the collection of artifacts at scale using PowerShell remoting and perform initial analysis. It can also output easy to consume .csv files so that additional triage and analysis can be done using other tools and processes, the company said.

5. Cybersecurity Contract Win: CyberCX has been named as a supplier for the United Kingdom's Crown Commercial Service (CCS) Cyber Security Services 3. CCS is an Executive Agency of the Cabinet Office, supporting the public sector to achieve maximum commercial value when procuring common goods and services.

6. Research - Cost of Network Misconfigurations: Titania's findings are here...

7. Mobile Password Management: 1Password has unveiled 1Password 8 for iOS and Android. 1Password capabilities now offer "more feature parity between the desktop and mobile apps than ever before," the company said.

8. Threat Intelligence: Digital Hands has officially released its own Threat Intelligence platform- Harbinger, created by Digital Hands development and security teams, the company said.

9. FedRamp Compliance: Nucleus Security, a provider of risk-based vulnerability management and process automation services, has achieved FedRAMP in-process status.

10. Email Security: Mimecast has released the Mimecast X1 Platform. The platform is "engineered to leverage a rich source of intelligence to learn about people and how they collaborate. These insights enable organizations to work protected by protecting their people, data, and communications," the company said.

11. Software Supply Chain Security: Cycode, a provider of software supply chain security, has launched its next-gen software composition analysis (SCA) solution and expanded its platform to include static application security testing (SAST) and container scanning.

12. Vulnerability Management and Threat Intelligence: Cybersixgill has launched a new Dynamic Vulnerability Exploit (DVE) Intelligence solution, delivering an "end-to-end intelligence across the entire Common Vulnerabilities and Exposures (CVE) lifecycle," the company asserted.

13. Identity Security - CyberArk Financial Results: CyberArk's Q2 2022 financial results included:

Revenue of $142.3 million, up 21% from $117.2 million in Q2 of 2021.

A GAAP net loss of $37.6 million, which was larger than a $22.8 million GAAP net loss from Q2 of 2021.

14. Security Incident - Crypto Exchange: It sounds like Curve Finance suffered a security incident on August 9, according to Bloomberg. The alleged security incident follows attacks on Nomad and Solana ecosystem, the report noted.