ConnectWise has announced the creation of the Technology Solution Provider Information Sharing and Analysis Organisation (TSP-ISAO). Its mission is to advance: “the cybersecurity resilience of the global TSP (Technology Service providers) industry”. In doing so the aim is increase the ability of MSPs to respond to cyber security threats.
John Ford, CISO for ConnectWise comments: “Cyber-criminals have set their sights on technology solution providers, and it’s time the industry come together to do something about it. To that end, the TSP-ISAO will provide services that help vendors of all sizes accelerate the maturity of their cybersecurity and compliance programs.”
ConnectWise argues that it is the first to create an organisation dedicated to MSPs. However, it acknowledges that many industries have already created them, including the cyber security industry. The number of MSPs increased during the Obama administration as the cyber threat began to be better understood. 2017 research by Sauerwein et al found 22 different threat intelligence platforms at that time.
The organisation is open to all new members with ConnectWise hoping to attract other vendors, not just MSPs to the organisation. Its real success will depend upon that extended membership. Many software vendors, especially the security vendors that MSP software integrates to, either have their own threat information sharing platform or are part of a larger one.
Importantly, however, this is not a ConnectWise solution. It has partnered with Perch Security to deliver the actual threat intelligence platform. Perch also partners with several other large organisations including Water ISAC, the Maritime and Port security ISAC, The Retail ISAC, H-ISAC and others. H-ISAC is the Health Information Sharing and Analysis Center which operates within the private and public healthcare sectors.
What will it deliver?
The new organization will act as a conduit to filter information and advice specific to the MSP community from the threat intelligence platform. It will provide members with several benefits including:
- Real-time availability of proactive actionable threat intelligence;
- analysis of potential impacts;
- coordinated countermeasure solutions and response;
- cybersecurity best practice adoption;
- role-based workforce education.
- Access to the Perch threat intel platform for no additional fee
- Automated intelligence sharing for all TSP-ISAO members, orchestrated by Perch
Why set it up?
The announcement comes a year after the Department of Homeland Security issued an alert (TA18-276B) entitled: “Advanced Persistent Threat Activity Exploiting Managed Service Providers”. It identified an attempt to penetrate the networks of global managed service providers. It gave details and listed several recommendations that MSPs should undertake to protect themselves and their customers.
ConnectWise argues that little has been done since then to promote the sharing of information and more importantly actionable insights for the industry. It therefore decide to create TSP-ISAO to address the gap. Jason Magee, CEO of ConnectWise commented: “ConnectWise is launching the TSP-ISAO and leading the campaign to get companies collaboratively involved with us because we think it’s of the utmost importance for the entire industry. I’ve already reached out to several of my counterparts to begin these collaborative discussions and I invite interested vendors to reach out to ConnectWise and get involved as well.”
CompTIA supports the foundation though did not mention whether it actually intends to join. Todd Thibodeaux, President and Chief Executive Officer for CompTIA commented: “In the five years since the Federal Trade Commission (FTC) and the Department of Justice (DOJ) issued a statement clarifying that the aggregation and sharing of cyber threat information would not result in antitrust violations, the industry has been slow to respond to the opening that statement provided. I
“n particular, to weaponise the vast trove of threat data technology solution providers amass on a daily basis against would be attackers, CompTIA applauds the goals of the TSA-IASO to address the information shortfall by creating a real-time actionable platform. We look forward to supporting the work of this vital new group.”
Enterprise Times : What does this mean?
This appears a laudable attempt by ConnectWise to establish an independent organization that could deliver actionable insights to MSPs in the future. Its success is reliant on other major vendors joining it like Kaseya and Autotask. If they and others do then this could be a significant step forward for the MSPs that actually join as well as if PERCH and TSP-ISAO deliver on their promises.
What is not revealed is the cost of membership. Membership to the Retail ISAC which also utilizes Perch costs $2,500 for organisations under $250 million in annual revenue. The rates scale up to $46,500 for an organization with revenues more than $20 billion in revenue. Membership for H-ISAC is a similar amount though scales differently.
ConnectWise will release more details about the TSP-ISAO at its annual conference IT Nation Connect 2019 in Orlando, Oct. 30-Nov. 1. There will be an increased focus on security at the event with ConnectWise leveraging the knowledge from its acquisition of the Sienna Group late last year.
As of writing this piece the website for TSP-ISAO is not yet live, however interested organisations can enquire about membership by emailing [email protected].