Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs and MSPs; threat hunters; security operations center as a service (SOCaaS), managed detection and response (MDR), and eXtended detection and response (XDR) providers — and those who partner with such companies.
- Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News
1. CISA Alert: The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 23-02, Mitigating the Risk from Internet-Exposed Management Interfaces. The directive requires federal civilian agencies to remove specific networked management interfaces from the public-facing internet or implement zero trust architecture capabilities that enforce access control to the interface within 14 days of discovery.
2. Leadership Move: Trellix, an eXtended detection and response (XDR) specialist, has appointed cybersecurity leader John Morgan as XDR general manager. Morgan served as the CEO of cybersecurity company Confluera, general manager of Security at F5, and the vice president of Product and Ecosystems at MobileIron.
3. Ransomware Attack on African Bank: The Development Bank of Southern Africa reports that it was hit with a ransomware attack, adding that servers, logfiles and documents were encrypted by the Akira gang last month. The bank said the attack began around May 21 and that the gang threatened to publish stolen information if an undisclosed ransom was not paid. (Source: The Record)
4. University Cyberattack: The Stephen F. Austin State University computer network remained offline Tuesday following a weekend cyberattack. The incident occurred sometime between “Saturday evening and Monday morning,” university officials said in a statement. “We didn’t have any services that were knocked out or taken over,” university spokesman Graham Garner said. “We made the choice to shut down access so we could prevent anything from happening.” (Source: Daily Sentinel)
5. Security Partnership: VicOne, an automotive cybersecurity solutions specialist, has announced a collaboration with NXP Semiconductors and Inventec that has led to an integrated, real-time cybersecurity solution for emerging software-defined vehicles (SDVs). Powered by NXP's S32G vehicle network processor, Inventec's vehicle Central Gateway (CGW) is integrated with VicOne's cybersecurity software solutions.
6. Funding Boost: Kodem, a software composition analysis (SCA) platform provider that uses runtime intelligence to determine application risk, has emerged from stealth with $25 million in funding from Greylock and TPY Capital. Kodem will use the funds to launch its platform globally and expand its go-to-market team.
7. Leadership Move: Veeam Software, a data protection and ransomware recovery specialist, has appointed Kacy Hassack as chief people and culture officer. Prior to joining Veeam, Hassack has held leadership roles at Indeed, Amazon Web Services, Hewlett Packard and Dell.
8. Next DLP Promotes 2: Next DLP, a company focused on insider risk and data protection, has made two leadership appointments: John Stringer as head of product and Chris Denbigh-White as chief security officer.
9. Product Launch: Rezilion, an automated software supply chain security platform provider, has released its Agentless Runtime Monitoring solution. Security teams can use the solution to monitor exploitable attack surfaces in runtime without using an agent to simultaneously minimize security and operational risk, the company said.
Annual In-Person MSSP and Cybersecurity Conferences
- The Official Cyber Security Summit Series (Multiple dates and locations)
- 2023 International Cybersecurity Championship and Conference (IC3) (July 31-August 4, 2023, San Diego, California)
- Black Hat (August 5-10, Las Vegas, Nevada)
- Infosec World (September 25-27, Lake Buena Vista, Florida)