Threat Intelligence, IT management, Security Management

Security Update: MSPs, MSSPs Rally to Fix CrowdStrike IT Outage

  • Full CRA Network Coverage of the Crowdstrike Outage
  • MSSPs Help Organizations Through CrowdStrike IT Outage
  • SEC’s Lawsuit Against SolarWinds and CISO Dismissed
  • VMware, SolarWinds Vulnerabilities Exploited, and Cisco Warns of Critical ‘10.0’ Flaw
  • JumpCloud Strategist Sees IT Teams Claw Back Control from MSPs
  • Organizations’ Siloed Threat Intelligence Poses Security Risk: Cyware Research

Cybersecurity continues to grow as an essential service offering for managed service providers to offer their end customers. With that in mind, each week ChannelE2E brings you a wrap up of some of the most important cybersecurity news and insights from our affiliate publication MSSP Alert. This week we lead off with a collection of links to the coverage about the Crowdstrike IT outage reported by brands in the CyberRisk Alliance (CRA) network.

We’ve got coverage of how MSSPs are working through the Crowdstrike IT Outage. We’ve also got the news of the most recent development in the U.S. Security and Exchange Commission’s (SEC) lawsuit against SolarWinds and that company’s CISO.  

Plus a new report from JumpCloud shows that IT teams are looking to gain back some control from the work they’ve outsourced to MSPs. But the news from the report is not all negative. We’ve also got a report about how silos within organizations increase the security risks to those organizations.Check out our full coverage here.

Full CRA Network Coverage of the CrowdStrike Outage

MSSPs Help Organizations Through CrowdStrike IT Outage

Organizations around the world were grappling with massive IT outages on July 19 caused by a routine software update to CrowdStrike technology that resulted in the Blue Screen of Death for users. CrowdStrike, in its company blog, said it is aware of reports of crashes on Windows hosts related to the Falcon Sensor and had issued a workaround.

Blackswan Cybersecurity, one of many MSSPs dealing with the aftermath of the incident, experienced an increase in calls for support related to it, according to Mike Saylor, CEO, who provided insight to MSSP Alert in an email. Those calls came in even though Blackswan Cybersecurity is not a CrowdStrike partner.

Saylor said that the calls for support involved users looking to understand the situation and how or if it impacts them. The company also received calls from current clients looking for guidance and support for addressing their environment. Saylor said there are a couple of different impacts to MSSPs dealing with this crisis.

Read the complete story here.

SEC’s Lawsuit Against SolarWinds and CISO Dismissed

SolarWinds appears off the hook over a U.S. Securities and Exchange Commission (SEC) lawsuit accusing the company and its CISO of defrauding investors by way of lax cybersecurity practices after a federal judge dismissed the case.

In New York City on Thursday, U.S. Federal Judge Paul Engelmayer dismissed most of the SEC’s lawsuit alleging Solar Winds concealed its security vulnerabilities before and after a Russia-linked cyberattack that also impacted parts of the U.S. federal government, Reuters reported.

The SEC alleged that SolarWinds hid the cybersecurity viability of its products before the attack and downplayed the attack's severity after it occurred. The court’s 107-page decision dismissed all claims against SolarWinds and Chief Information Security Officer Timothy Brown, which pertained to statements he made after the attack. Brown reportedly said the comments were made in “hindsight and speculation.”

It’s rare for the SEC to sue public company executives. A CISO like Brown is not closely involved in preparing financial statements. Perhaps the SEC will be more cautious in how it pursues future such cases. Regardless, how might the future of MSSPs and MSPs factor into the ruling?

Read the full story here.

VMware, SolarWinds Vulnerabilities Exploited, and Cisco Warns of Critical ‘10.0’ Flaw

VMware, SolarWinds and Adobe users are being warned that vulnerabilities found in each of the products are under active attack. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Impacted products include Adobe Commerce (CVE-2024-34102), SolarWinds Serv-U (CVE-2024-28995) and VMware vCenter Server (CVE-2022-22948)

CISA's warning dovetails another dire vulnerability alert from Cisco of a critical bug with a CVSS rating of 10.0. The vulnerability resides in the authentication system of the networking giant's Cisco Smart Software Manager On-Prem (SSM On-Prem). According to Cisco, the flaw could let an unauthenticated, remote attacker change the password of any user, including administrative users.

In an advisory, Cisco said the vulnerability was caused by an improper implementation of the password change process. Cisco said an attacker could exploit this bug by sending crafted HTTP requests to an affected device. A successful exploit could let an attacker access the web UI or API with the privileges of the compromised user.

Read the full story here.

JumpCloud Strategist Sees IT Teams Claw Back Control from MSPs

In its new trends report, “Detours Ahead: How IT Navigates an Evolving World,” JumpCloud, a cloud and device security specialist, found that 88% for small and medium enterprises (SMEs) either use or are planning to use an MSP.

However, 39% of SMEs expressed concerns about how MSPs manage security. The main reasons SMEs stopped working with an MSP were listed as: cost (28%), outgrowing the MSP's service offerings (26%), moving IT to a strictly internal function (24%), or having a bad customer service or sales team experience (23%).

Chase Doelling, principal strategist at JumpCloud, told MSSP Alert that research from the biannual SME IT Trends report will help the company learn about the competition facing its MSP partners, and that differentiating in this environment “is not about success but survival.”

"I think the big takeaway is that while SMEs continue to lean on MSPs for a whole host of reasons, this is the first time we've seen internal teams claw back a little internal control,” Doelling told MSSP Alert. “Fewer SMEs are turning to MSPs to manage their entire IT program, and 40% are worried about how MSPs handle security. They're simply willing to cut bait more readily than they've been before if they don't see value.”

Read the full story here.

Organizations’ Siloed Threat Intelligence Poses Security Risk: Cyware Research

Cyware, a threat intelligence platform provider used by MSSPs, government agencies and a variety of businesses, has released new research about the benefits of collaboration and information sharing.

The company’s 2024 Threat Intelligence and Collaboration Survey, conducted with security professionals at the recent Infosecurity Europe 2024 exhibition, reveals that the overwhelming majority of organizations recognize the crucial importance of collaboration and information sharing in the fight against cybercrime. However, Cyware found that most organizations struggle to effectively combine insights across teams and security platforms.

Specifically, 91% of respondents said collaboration and information sharing are very important or absolutely crucial for cybersecurity. In addition, 70% believe their organization could improve threat intelligence sharing, with 19% saying they could share significantly more.

However, 53% of respondents said their organization does not currently utilize an information sharing and analysis center (ISAC), underlining the shortcomings of the way most security teams approach threat intelligence. Also, 28% said they were unaware of the existence and role of ISACs altogether.

Read the full story here.

You can skip this ad in 5 seconds