Depending on your point of view, industry association CompTIA‘s timing for launching a cybersecurity information sharing and analysis organization (ISAO) was either terrible or spot-on perfect.
Like other such groups, the CompTIA ISAO aims to shift the tide in the battle against cybercrime by helping MSPs, vendors, and others exchange threat intelligence. Managed services vendor ConnectWise created the group in August 2019, before transferring ownership to CompTIA early the next year. CompTIA, in turn, officially introduced the ISAO on March 1st, 2020.
“12 days later the world shut down,” said MJ Shoer, senior vice president and executive director of the CompTIA ISAO, in a conversation with ChannelPro this week at ConnectWise’s IT Nation Secure event in Orlando.
Despite that fact—or perhaps because of it, given the spike in threat activity that accompanied the pandemic—the ISAO now has over 1,120 members using it to glean actionable insights from the torrent of data produced by threat intelligence platforms every day.
“There are so many sources of information that you can’t possibly keep up with it all,” Shoer observes. “Our job is really to aggregate, qualify, and correlate that and give it to the members in a way that they can actually understand and act on no matter where they are in their cyber maturity.”
It took CompTIA five months, utilizing software from SOAR vendor TruStar, to build an underlying infrastructure for that mission. Shoer and his colleagues also used that time to establish connections with threat feeds from sources like the federal government’s Homeland Security Information Network and the IT-ISAC, a 20-year-old security information sharing center for critical IT infrastructure operators that agreed to help CompTIA assess and report on incoming alerts.
“It was hyper efficient, because I didn’t have to go out and hire a team of analysts,” Shoer says. “I was able to bring in a team that is well-qualified and doing this every day.”
Adopting a funding model for the new venture was another early task. CompTIA ultimately chose to employ a mix of its own money and contributions from outside sponsors. Those include ConnectWise and Bellini Capital, the venture capital firm founded by ConnectWise founder Arnie Bellini and his wife Lauren, along with Axcient, Dark Cubed, Dell Technologies, Sophos, and Tech Data. Vendors who simply wish to enroll in the group pay a yearly fee on a sliding scale based on revenue. MSPs each chip in a deliberately modest $500 annually as well.
“We want people to participate,” Shoer observes.
Ensuring those people benefit from participating is equally important. ISAO members range from mom-and-pop MSPs to MSSPs and security vendors with experienced analysts on staff. To make certain the roughly 50 alerts CompTIA currently issues every month are useful to everyone who gets them, the ISAO publishes two kinds of reports. Those meant for sophisticated readers provide details on indicators of compromise, malicious IP addresses, and other technical matters. Those meant for less security-savvy recipients provide a just-the-facts rundown of what the threat is and why it matters.
“Our analysts do a really good job with putting the narrative piece of that together so that it’s easy to digest and understand what the situation is,” Shoer says. Additional content includes “breaking news” alerts on zero days and other threats that pose an immediate danger, as well as a weekly threat report that summarizes the latest security trends and developments.
Of course, the “S” in ISAO stands for sharing, and CompTIA wants everyone involved in that. “I think it’s as important as the data itself,” says Shoer of member interaction. “There’s nothing like developing those peer-to-peer connections.”
To facilitate that process, ISAO members have access to a forum organized around a variety of business and technical discussion groups. Since April, Shoer has been hosting monthly meetups on Zoom as well in which members ask and answer security-related questions.
“It’s not recorded, so you can speak your mind in any way you wish,” he says. “The caliber of what the members are talking about is far greater than I would have imagined.”
With the core of the ISAO’s work now fully underway, Shoer is thinking ahead to the next step in the group’s evolution. Starting soon, members will be invited to submit profile information about the kinds of customers they support and which technologies they use. CompTIA will eventually use that data to send customized alerts targeted to an individual MSP’s needs directly into their PSA system.
“We’ve heard from members that this would be game changing for them,” Shoer says.
It certainly would have been game changing for him earlier in his career when he was a channel pro himself, he adds. “I would have loved to have had this when I was an MSP,” Shoer says of the ISAO. “It would have been incredible.”
