ConnectWise has announced its clearest, most public steps toward launching the cooperative threat intelligence initiative it announced in August, including the appointment of a leader for the venture, two substantial donations of seed money by ConnectWise founder Arnie Bellini, and an agreement with the University of South Florida to develop an open source information sharing and automated response platform.
The managed services software and services vendor showcased those and other measures aimed at rallying the would-be victims of cybercrime to fight back at its IT Nation Connect event in Orlando this week.
Though ConnectWise is spearheading the ambitious effort, it will be led by an independent, non-profit organization to be called the Technology Solution Provider-Information Sharing and Analysis Organization (TSP-ISAO). The federal government has been promoting cybersecurity intelligence sharing via ISAOs since the Obama administration.
Well-known channel pro MJ Shoer has agreed to serve as the TSP-ISAO’s executive director. An MSP and ConnectWise partner for many years, Shoer recently stepped away from his position as CTO of Internet & Telephone LLC, a New England-based provider of voice and IT services.
“When I was in MSP this would have been an absolutely killer resource,” said Shoer during a Wednesday keynote presentation at IT Nation Connect.
Initial efforts toward building that resource will center on recruiting participants, including researchers willing to share real-time threat information and security best practices. In addition to ConnectWise itself, early enrollees include IT industry membership group CompTIA, the University of South Florida, and threat detection and response vendor Perch Security. ConnectWise disclosed an investment stake in Perch at last year’s IT Nation Connect.
“More sources are coming forward daily,” said Shoer today in a conversation with ChannelPro. “The goal is to have as many sources of information coming in so that the analysis and collation process will bring just tremendous, tremendous value.”
Shoer hopes to have a “beta feed” of threat intelligence data flowing from the TSP-ISAO to members by December 1st. “We’ll be actively asking for feedback on that to make sure it’s consumable the way that it needs to be consumed in the short term,” he says, adding that the group’s formal launch is currently scheduled for January 1st.
Per the “A” in the TSP-ISAO’s name, information from the group will be analyzed by security experts before it’s distributed and accompanied by specific response advice. According to Shoer, that’s a departure from what vendors are providing MSPs today.†
“Nobody’s being that prescriptive about it. They’re just making all this general information available,” Shoer says. “We’re flipping the paradigm. We’re going to push actionable information.”
That analysis and prescriptive guidance will come from Perch, which has maintained a threat intelligence database of its own since its founding in 2016. “They’ve done it. They know how to do it,” Shoer says. “That’s why we’re going to have a feed so quickly ready to go. They know how to make this work.”
Distributing threat information is just a starting point for the TSP-ISAO, though. It’s more demanding, longer-term objective is to create and operate an open source, publicly available, security orchestration and automated response platform backed by its own standards-based data exchange language.†
Bellini outlined the vision for that system in an interview with ChannelPro a year ago. When fully operational, it will collect input electronically from TSP-ISAO members, run it past Perch analysts, and then send it back out to security vendors across the industry. Those vendors, if all goes according to Bellini’s vision for the group, will then automatically feed identifying data about new threats to their anti-virus, firewall, and other solutions, so they can prevent mere attacks from becoming epidemics.
“If you think about cyberattacks, the only ways to solve them and remediate them and proactively eliminate them—all of the above—is with automation,” Bellini told ChannelPro today. “Until we have it automated, we really aren’t going to have this problem solved.”
Researchers at the University of South Florida will lead the effort to create the TSP-ISAO’s open source platform. Bellini and his wife Lauren have granted USF $250,000 from their personal funds to kick start that work. That donation, plus a second $250,000 gift directly to the TSP-ISAO, were both announced Wednesday at IT Nation Connect.
“MJ doesn’t have to think about raising money,” Bellini notes. “He just gets to go right away.”
Broad industry adoption of the TSO-ISAO’s automation engine is critical to the system’s success. At present, Shoer notes, most MSPs use security tools from multiple vendors, each of which operates “in their own silos.” The more those vendors utilize the forthcoming automation system, the more their various products will be able to act in concert to block attacks quickly.
“When we get to the true automated response part of it, that feed should be able to come in and lock down against that threat without, ideally, any human interaction,” Shoer states.
That goal will only become reality, though, if a critical mass of security and managed services vendors buy into the TSP-ISAO’s efforts. ConnectWise is already at work encouraging that participation from industry peers.
“We’re talking to Cisco, we’re talking to a lot of people,” says Bellini, who stated during his Wednesday appearance at IT Nation Connect that Datto and Kaseya “have shown great interest.”†
Converting interest from those and other vendors into commitments to join the TSP-ISAO is a top priority for the weeks between now and New Year’s Day. “We need founding members to show that everybody’s participating in this,” Bellini says.
SKOUT Cybersecurity is evaluating membership, but needs to think through the implications for its MSP partners before deciding. “We really believe in community defense,” says Jessvin Thomas, SKOUT’s president and CEO. “One of the things we want to do is make sure that our customers are able to opt in and out of any information that they’re sharing as well, and then as part of that determine what’s the best fit for community defense.”
Though not officially a founding member yet, threat-hunting vendor Huntress Labs enthusiastically endorses the TSP-ISAO. “Threat-sharing is super critical,” says Kyle Hanslovan, the company’s CEO, who expects many top vendors to join the group. In fact, he notes, Datto and Kaseya are already sharing security data behind the scenes with ConnectWise, ID Agent, and other vendors through an informal collaboration that began several months ago.†
“It’s literally a group of probably 20 vendors that talk on a Slack chat and share threat intel,” he says.†
According to Shoer, over 400 members from the vendor and MSP communities will have joined the TSP-ISAO by the end of IT Nation Connect. Funding from ConnectWise will enable all of them to participate free of charge for the first year, but members will have to pay a fee after that. Shoer loosely expects the charge for MSP members to be about $99 annually, but Bellini hopes it will be less.
“We’re going to try and get the vendors to pay for all of it,” he says, noting that the group only needs enough money each year to cover its expenses. “The ISAO doesn’t make any money on any of this.”
It does, however, have a critical role to play in empowering the targets of cybercrime to strike back, according to ConnectWise CEO Jason Magee. From vendors and MSPs to end users though, he emphasizes, those targets must agree to join in the fight.
“Everyone has their part to do,” he says.