DATA SECURITY

CompTIA Launches Critical Cybersecurity Information Sharing and Analysis Organization in the U.K.

CompTIA | October 12, 2021

CompTIA, the nonprofit association for the global information technology (IT) industry, today expanded the CompTIA ISAO (Information Sharing and Analysis Organization) to the United Kingdom to serve as the focal point for dealing with cyber-threats to technology vendors, MSPs, solution providers, integrators, distributors, and business technology consultants.

We are in a time of unprecedented and malicious hacking activity, much of which is targeted specifically at technology product, service and solution companies,CompTIA aims to improve the cybersecurity landscape in the U.K. by bringing together the know-how and power of the industry to deliver timely, relevant, actionable threat intelligence that companies can use to protect themselves and more importantly, to keep their customers safe and secure.

said MJ Shoer, senior vice president, executive director of the CompTIA ISAO

The CompTIA ISAO, which launched in the United States in 2020, currently has over 1,200 member companies and growing. Axcient, ConnectWise, Dark Cubed, Dell Technologies, and Sophos are Industry Partners of the CompTIA ISAO. The CompTIA ISAO is a member led initiative governed by three co-equal councils, the Executive Advisory Council, the MSP Champions Council and the SME (Subject Matter Expert) Champions Council representing all categories of CompTIA ISAO membership.

"In the current climate of cybercrime, one of the best ways to sharpen the industry's defences against today's cyberattacks, including ransomware, is through industry experts sharing threat intelligence. This move to launch the CompTIA ISAO in the UK will advance industry collaboration and innovation, and Sophos is proud to be a part of this effort," said James Wilson, product director, Sophos. "Having access to SophosLabs Intelix within the ISAO gives members easy and quick access to actionable, relevant threat intelligence from Sophos. Research from SophosLabs continually highlights how adversaries are constantly adapting their tactics, techniques and procedures (TTPs) to breach targets and carry out attacks and emphasises how essential it is for us to work together."

Additionally, innovative partnerships have been forged with the Information Technology-Information Sharing and Analysis Center (IT-ISAC) and  TruSTAR to build out the threat intelligence feed and custom reporting that will serve as the backbone of the CompTIA ISAO. This ensures that members will receive critical, targeted, real-time information in a way that's easy to understand and act upon.

"Raising the cybersecurity resilience of the global tech industry is important for everyone," Shoer explained. "This is how, together, we will fight back against this existential threat and do the right thing for our industry and the global economy."

The CompTIA ISAO is dedicated to advancing the cybersecurity resiliency of the global technology industry. It is a resource where organizations in the business of technology can share real-time threat intelligence, analysis of potential impacts, coordinated countermeasure response efforts, cybersecurity best-practice adoption, and workforce education.

In addition to the latest cybersecurity intelligence data, all CompTIA ISAO members will receive full access to CompTIA corporate member benefits, including all the resources, communities and tools designed to help a technology business thrive.

About CompTIA
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the $5 trillion global information technology ecosystem; and the estimated 75 million industry and tech professionals who design, implement, manage, and safeguard the technology that powers the world's economy. Through education, training, certifications, advocacy, philanthropy, and market research, CompTIA is the hub for advancing the tech industry and its workforce.

Spotlight

"Over the last twelve months the world has seen costly and destructive cyberattacks target organizations of all sizes regardless of industry or geography. With so much at stake, organizations need to know where their security programs are effective and where they are falling short."

Spotlight

"Over the last twelve months the world has seen costly and destructive cyberattacks target organizations of all sizes regardless of industry or geography. With so much at stake, organizations need to know where their security programs are effective and where they are falling short."

Related News

DATA SECURITY

WafCharm Provides Breakthrough Automation of AWS WAF, Enhancing Cybersecurity for Businesses Amidst Ongoing Global Attacks

Cyber Security Cloud Inc. | June 01, 2021

Cyber Security Cloud Inc. (CSC), the world’s leading innovator in cyber threat intelligence and AI-driven web security, announced today that its WafCharm service fully manages AWS WAF operations and automatically optimizes rules for AWS WAF to assist in addressing web-related cyber attacks against business and critical government infrastructure, which are increasing globally. WafCharm is the only service on the market that builds, tests, and tunes AWS WAF rules automatically and continuously defends against zero-day threats. While WafCharm protects against the OWASP 10 — the most critical web application security risks — it also automatically implements new rules in reaction to zero-day vulnerabilities found by CSC’s top threat intelligence team, Cyhorus. CSC CEO Toshihiro Koike said, “As the need for web security grows globally, managing WAF with high accuracy has become a critical problem for many enterprises and web service providers.” WafCharm, our product, is an innovative solution that allows anybody to effortlessly and safely protect their web services. Companies should focus on innovation and value creation without having to worry about WAF rule management. We are happy to reach out to those who want to minimize expenses and effort while maintaining security accuracy to protect their environments better.” About Cyber Security Cloud Inc. The mission of the Cyber Security Cloud is to provide safe cyberspace for people all around the world to use. CSC provides web application security services in over 70 countries, using the most effective cyber threat intelligence and AI-driven security technology available. As one of the world’s few Amazon Web Services (AWS) WAF Managed Rules Sellers certified by AWS — the cloud giant that controls almost half of the global cloud market — CSC optimizes and automates rules best suited to each customer’s AWS deployments as new cyber threats arise. CSC also offers a scalable WAF solution for Microsoft Azure and other clouds. CSC, a global leader in cybersecurity, continues to develop and refine award-winning technologies and security solutions that contribute to the information revolution.

Read More

SOFTWARE SECURITY

IPKeys Power Partners Announces New Grid Cyber Security Breakthrough

IPKeys | September 09, 2021

IPKeys Power Partners, the leading cybersecurity, cyber compliance, and smart grid technology company, announced today the release of its groundbreaking SigmaFlow Beacon platform to provide utilities, generators, and grid operators a simple, unified solution for cybersecurity monitoring and compliance requirements. The SigmaFlow Beacon platform is built specifically to help organizations align with North American Electric Reliability Corp. (NERC) compliance mandates. It provides NERC registered entities with a single solution to advance, simplify and improve existing cybersecurity and monitoring requirements. "We are pleased to provide utilities, generators and grid operators a system that ensures unification of cybersecurity monitoring and NERC-CIP compliance requirements," said Robert Nawy, CEO IPKeys. "It is long past time for the worlds of compliance and cyber defense to converge to provide cyber assurance for our power grid. The SigmaFlow Beacon unites needed capabilities of real-time cybersecurity monitoring with governance and regulation." The SigmaFlow Beacon provides one, purpose-built solution for NERC baseline management, collecting the critical cyber data in real time and seamlessly incorporating the approval process within the SigmaFlow workflow and evidence platform. SigmaFlow Beacon technology is built for rapid deployment, making it faster and easier to implement than current monitoring solutions. It will save utilities valuable time, and provide seamless Critical Infrastructure Protection, improved cybersecurity, and audit ready results. Today, NERC registered entities must use multiple vendors and systems to monitor baseline security and compliance data. These solutions are not connected to workflow, making the correlation between change management and baseline authorization next to impossible because multiple changes could be made since the facilities' last scan. "SigmaFlow Beacon is a major step towards our vision of bringing compliance and security teams together, at the same time simplifying the act of maintaining compliance while enhancing real world cybersecurity," said Louis Riendeau, IPKeys Vice President, Operations & Product Management. "Many of our clients and Governance & Regulation communities tend to get a sense of false cybersecurity validation by passing NERC compliance audits, SigmaFlow Beacon and the entire IPKeys Cyber Lab-as-a-Service platform introduces automated NERC compliance and advancement in real cybersecurity protection," said Trey Kirkpatrick, VP, NERC Implementation Services and Consulting. Benefits of a Unified Approach between Cybersecurity and Compliance Improved cybersecurity: The fewer moving parts, the fewer opportunities for errors—and the fewer cracks for hackers to get in through. With cybersecurity and compliance in sync, there is a shared knowledge between organizations. Time Savings: When a crisis strikes, immediate action is vital. With unified security and compliance, there is less risk of misunderstanding or miscommunication between organizations, less need for work to be redone, and fewer questions about completion. Seamless CIP management: Unified end-to-end management of security and compliance ensures consistent CIP management, while providing more efficient and accessible records, greater access to critical information, and reducing data errors, missed assignments or due dates. Always audit-ready: All data is stored in one secure location, and is consistent, connected, complete and primed for scrutiny. Large cybersecurity incidents like the SolarWinds breach or the Colonial Pipeline hack garner most of the attention, but hundreds of smaller attacks have impacted businesses, municipalities, and utilities across the country - and the threat is accelerating. According to Statescoop, between 2013 and 2018, 180 documented cyberattacks occurred, while 236 incidents have been reported since 2019. About IPKeys Power Partners IPKeys Power Partners' industry-leading, secure OT and IoT intelligence platform addresses the complex cybersecurity, data, and communications challenges faced by operators of mission-critical networks for customers in the energy, government, and industrial markets. The company's suite of solutions encompass cybersecurity and cyber compliance for dynamic OT/IT environments, data analytics, secure energy management, and public safety network monitoring. The company is headquartered in New Jersey and has offices in California, Louisiana, Maryland, Texas, and Virginia.

Read More

DATA SECURITY

Microsoft Exchange Server uncovered huge number of associations to cyber attack

informationsecurity | March 08, 2021

In any event 30,000 associations across the United States have been undermined through four newfound weaknesses affecting Microsoft's Exchange Server email programming. In every occurrence, the assailants abandoned a web shell: a secret word ensured hacking apparatus that can be gotten to over the Internet from any program, giving authoritative admittance to the casualties' workers. Microsoft delivered security updates to address the bugs on second March, and prompted clients utilizing Exchange Server to fix the frameworks as most punctual as could really be expected. Nonetheless, apparently the updates incited the Chinese gathering - which Microsoft has named 'Hafnium' - to venture up its assaults on workers that have not been fixed. Security scientists have now cautioned that Microsoft's security patches can't sanitize frameworks that have effectively been hacked.

Read More