As MSPs and their powerful software tools increasingly come under attack by cyber criminals who exploit both to seed ransomware across thousands of endpoints, ConnectWise says it is time to act to protect the “industry as a whole.”
“We’ve been thinking about this for a long time,” said ConnectWise chief information security officer John Ford. “The urgency right now is that we’re seeing it so much more. This isn’t so much about ConnectWise per se as it is about our industry as a whole.
Using the model of a neighbourhood fire brigade in which everyone pitches in to keep the flames from spreading, Ford hopes to create an organisation that will collect reliable information about an attack as it happens, and share it with a community of fellow MSPs and vendors who can chime in with best practices and hopefully mitigate the chaos that is left following a ransomware hit.
“Right now, these technology solution providers are just getting slammed,” Ford said. “We saw another one yesterday. It’s way too prevalent. We felt the need to step in and get this kicked off and get the right community membership out there. It’s open to anyone in the community. In addition to the threat intel information, is how do we help each other?”
Ford said ConnectWise is opening up membership to rival MSP tool providers as well as to all MSPs.
He said the goal of the Technology Solution Provider Information Sharing and Analysis Organisation “is really to join hands with all of the vendors out there.”
“We don’t look at this as a competitive environment,” Ford said. “The people we normally compete with in business, we’re going to invite them to join. This is about the greater good, about getting information out there, about sharing cyber threat intelligence information among the community. And sharing valuable and curated threat intelligence information with the community with the goal of mitigating some of these attacks.”
Ford said anyone who joins will have access to threat intelligence information ConnectWise collects from places like the US Department of Homeland Security, or US CERT. That information will be put into a specific format and then shared directly to those members, Ford said.
Ford compared it to Information Sharing and Analysis Centre, only this one will focus exclusively on the MSP space.
“Everyday, there’s alerts that go out to all of the ISAC members about cyber threats that are impacting or could be impacting the community,” he said. “And everyday the community shares back whether it is seeing those threats and what they’re doing to counteract them. It’s a bilateral sharing of information that is super helpful and gets very specific.”
Ford said the details are still being worked out, but more information will be available at IT Nation in November. The group would share proactive actionable threat intelligence; analysis of potential impacts; coordinated countermeasure solutions and response; cybersecurity best practice adoption; and role-based workforce education.
In addition, the TSP-ISAO would use a threat intel platform powered by Perch Security – a company ConnectWise invested in last year -- that will allow members to see threat intelligence for no additional fee. Perch plans to automate intel sharing for all TSP-ISAO members – a critical piece to the value of an ISAO membership, Ford said.
“What I would hope would be in a couple years we would have most of our industry participating. When you have that type of scale, it’s really run by the members. Yes. We’re here to support it and help kick it off, but by and large it will be run by the membership down the road,” he said. “Arming that community with threat intelligence is really what we need.”
Todd Thibodeaux, president and CEO for CompTIA, said five years ago that the Federal Trade Commission and the U.S. Department of Justice agreed that the sharing of cyber threat information between IT companies would not result in antitrust violations. However in that time the industry has failed to seize the opportunity to foster discussion on the topic.
“The industry has been slow to respond to the opening that statement provided -- in particular, to weaponize the vast trove of threat data technology solution providers amass on a daily basis against would be attackers,” Thibodeaux said in a prepared statement “CompTIA applauds the goals of the TSP-IASO to address the information shortfall by creating a real-time actionable platform.”