Depending on your point of view, industry association CompTIA’s timing for launching a cybersecurity information sharing and analysis organization (ISAO) was either terrible or spot-on perfect.
Like other such groups, the CompTIA ISAO aims to shift the tide in the battle against cybercrime by helping MSPs, vendors, and others exchange threat intelligence. Managed services vendor ConnectWise created the group in August 2019, before transferring ownership to CompTIA early the next year. CompTIA, in turn, officially introduced the ISAO on March 1st, 2020.
“12 days later the world shut down,” said MJ Shoer, senior vice president and executive director of the CompTIA ISAO, in a conversation with ChannelPro this week at ConnectWise’s IT Nation Secure event in Orlando.
Despite that fact—or perhaps because of it, given the spike in threat activity that accompanied the pandemic—the ISAO now has over 1,120 members using it to glean actionable insights from the torrent of data produced by threat intelligence platforms every day.
“There are so many sources of information that you can’t possibly keep up with it all,” Shoer observes. “Our job is really to aggregate, qualify, and correlate that and give it to the members in a way that they can actually understand and act on no matter where they are in their cyber maturity.”
It took CompTIA five months, utilizing software from SOAR vendor TruStar, to build an underlying infrastructure for that mission. Shoer and his colleagues also used that time to establish connections with threat feeds from sources like the federal government’s Homeland Security Information Network and the IT-ISAC, a 20-year-old security information sharing center for critical IT infrastructure operators that agreed to help CompTIA assess and report on incoming alerts.
“It was hyper efficient, because I didn’t have to go out and hire a team of analysts,” Shoer says. “I was able to bring in a team that is well-qualified and doing this every day.”
Adopting a funding model for the new venture was another early task. CompTIA ultimately chose to employ a mix of its own money and contributions from outside sponsors. Those include ConnectWise and Bellini Capital, the venture capital firm founded by ConnectWise founder Arnie Bellini and his wife Lauren, along with Axcient, Dark Cubed, Dell Technologies, Sophos, and Tech Data. Vendors who simply wish to enroll in the group pay a yearly fee on a sliding scale based on revenue. MSPs each chip in a deliberately modest $500 annually as well.
“We want people to participate,” Shoer observes.
Ensuring those people benefit from participating is equally important. ISAO members range from mom-and-pop MSPs to MSSPs and security vendors with experienced analysts on staff. To make certain the roughly 50 alerts CompTIA currently issues every month are useful to everyone who gets them, the ISAO publishes two kinds of reports. Those meant for sophisticated readers provide details on indicators of compromise, malicious IP addresses, and other technical matters. Those meant for less security-savvy recipients provide a just-the-facts rundown of what the threat is and why it matters.