Each business day MSSP Alert delivers a quick lineup of news, analysis, and chatter from across the MSSP, MSP and cybersecurity world. Today's market news also covers Thales, Resecurity, Trend Micro, Rubrik, CyCognito, ExtraHop, DataDome, Hydden and WTW.
Reaching Our Inbox:
Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP Alert Market News:
1. HYAS Infosec Integrates with ConnectWise Through Invent Program: HYAS Infosec, an adversary infrastructure platform provider, has announced the completion of all necessary security certifications as required by ConnectWise, a software company dedicated to the success of MSPs. To directly integrate with ConnectWise APIs and platform through Invent, integrators must pass an independent security review that ensures their integration is safe and secure. By embedding and integrating HYAS Protect into the ConnectWise ecosystem, MSPs will benefit from a more comprehensive and complete security posture, effectively mitigating cyber threats and operational risks, the company said.
2. Losses Mount Over Vulnerable APIs and Bot Attacks: Thales, a cybersecurity company that protects critical applications, APIs and data, has released its “Economic Impact of API and Bot Attacks” report. The analysis of more than 161,000 unique cybersecurity incidents uncovers the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $186 billion in losses for businesses around the world.
3. Resecurity Joins Cloud Security Alliance, Names Senior Advisor: Resecurity announced that it has joined the Cloud Security Alliance (CSA), an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. By joining the CSA, Resecurity aims to contribute to enhancing cloud security frameworks and share its insights on tackling emerging threats in an increasingly digital and AI-driven landscape. In addition, Resecurity has appointed Darrell M. Blocker, a 28-year veteran of the CIA's clandestine service, as a senior advisor, the company said.
4. Trend Micro Retains #1 Ranking: Trend Micro announced that it has retained its #1 ranking for worldwide cloud-native application protection platform market share in the "IDC, Worldwide Cloud-Native Application Protection Platform Market Shares, 2023: A Bull Market" report. The worldwide CNAPP market grew 31.5% in 2023, to reach a total valuation of $3.5 billion, according to IDC.
5. Rubrik Boosts Cyber Recovery and Incident Response for Nutanix AHV: Rubrik, a zero trust data security company, has announced that its Rubrik Cyber Recovery capabilities are now available for Nutanix AHV, a modern and secure virtualization platform that powers both virtual machines (VMs) and containers on-premises and in public clouds. With Rubrik Cyber Recovery, Nutanix AHV users can test and validate their recovery plans in clean rooms and expedite their forensic investigations. According to a recent Rubrik Zero Labs report, 83% of all organizations’ encrypted data observed by Rubrik is within a virtualized architecture, such as Nutanix.
6. CyCognito Report Exposes Rising Software Supply Chain Threats: CyCognito has released its second annual "State of External Exposure Management 2024" report, providing critical insights into the threats targeting external assets and the software supply chain.
Here are key findings from the report:
- Web Servers Dominate Severe Issues. Web server environments, including platforms like Apache, NGINX, Microsoft IIS, and Google Web Server, were the host of one in three (34%) of all severe issues across surveyed assets. They accounted for more severe issues than 54 other environments combined (out of 60 total environments surveyed).
- Impact of TLS and HTTPS Protocol Vulnerabilities. 15% of all severe issues on the attack surface affect platforms using TLS or HTTPS protocols. TLS issues are significant for all network-delivered data, but web apps especially so; web apps lacking encryption are currently ranked #2 of the OWASP Top 10.
7. ExtraHop Named 2024 CrowdStrike Ecosystem Innovator of the Year: ExtraHop, a specialist in cloud-native network detection and response (NDR), announced at CrowdStrike’s Global Partner Summit during Fal.Con 2024 that it has been named the 2024 CrowdStrike Ecosystem Innovator of the Year. Earlier this year, ExtraHop announced its integration with CrowdStrike Falcon Next-Gen SIEM, empowering joint customers to stop threats faster.
8. DataDome Finds 95% of Advanced Bots Go Undetected on Websites: DataDome, a cyberfraud protection specialist, has released its 2024 Global Bot Security Report, revealing that more than 65% of websites are unprotected against simple bot attacks and 95% of advanced bot attacks go undetected on websites. DataDome Advanced Threat Research’s analysis of more than 14,000 websites uncovers alarming gaps in protection against cyber fraud, particularly within consumer-centric industries, the company said.
9. Hydden Secures $4.4 Million: Hydden, an identity visibility company, announced that it has closed $4.4 million in seed funding led by Access Venture Partners. Hydden's identity security platform provides security leaders complete visibility into every identity, account and privilege across hybrid infrastructure. The platform connects to existing IAM tools, cloud applications and on-premises systems to build a real-time source of truth about the identity ecosystem, the company said.
10. WTW Launches Document Protection Platform: WTW, a global advisory, broking and solutions company, has launched Indigo Vault, a document protection platform that provides advanced cybersecurity for sharing and storage of business sensitive files. The platform is a combination of cloud and local document management systems, which provides protection against insider threats, AI system exposure and cyber theft by ensuring documents and assets such as Word, Excel spreadsheets, PowerPoint presentations, PDFs and Outlook messages are protected and controlled, the company said.