ConnectWise has announced its clearest, most public steps toward launching the cooperative threat intelligence initiative it announced in August, including the appointment of a leader for the venture, two substantial donations of seed money by ConnectWise founder Arnie Bellini, and an agreement with the University of South Florida to develop an open source information sharing and automated response platform.
The managed services software and services vendor showcased those and other measures aimed at rallying the would-be victims of cybercrime to fight back at its IT Nation Connect event in Orlando this week.
Though ConnectWise is spearheading the ambitious effort, it will be led by an independent, non-profit organization to be called the Technology Solution Provider-Information Sharing and Analysis Organization (TSP-ISAO). The federal government has been promoting cybersecurity intelligence sharing via ISAOs since the Obama administration.
Well-known channel pro MJ Shoer has agreed to serve as the TSP-ISAO’s executive director. An MSP and ConnectWise partner for many years, Shoer recently stepped away from his position as CTO of Internet & Telephone LLC, a New England-based provider of voice and IT services.
“When I was in MSP this would have been an absolutely killer resource,” said Shoer during a Wednesday keynote presentation at IT Nation Connect.
Initial efforts toward building that resource will center on recruiting participants, including researchers willing to share real-time threat information and security best practices. In addition to ConnectWise itself, early enrollees include IT industry membership group CompTIA, the University of South Florida, and threat detection and response vendor Perch Security. ConnectWise disclosed an investment stake in Perch at last year’s IT Nation Connect.
“More sources are coming forward daily,” said Shoer today in a conversation with ChannelPro. “The goal is to have as many sources of information coming in so that the analysis and collation process will bring just tremendous, tremendous value.”
Shoer hopes to have a “beta feed” of threat intelligence data flowing from the TSP-ISAO to members by December 1st. “We’ll be actively asking for feedback on that to make sure it’s consumable the way that it needs to be consumed in the short term,” he says, adding that the group’s formal launch is currently scheduled for January 1st.
Per the “A” in the TSP-ISAO’s name, information from the group will be analyzed by security experts before it’s distributed and accompanied by specific response advice. According to Shoer, that’s a departure from what vendors are providing MSPs today.
“Nobody’s being that prescriptive about it. They’re just making all this general information available,” Shoer says. “We’re flipping the paradigm. We’re going to push actionable information.”
That analysis and prescriptive guidance will come from Perch, which has maintained a threat intelligence database of its own since its founding in 2016. “They’ve done it. They know how to do it,” Shoer says. “That’s why we’re going to have a feed so quickly ready to go. They know how to make this work.”
Distributing threat information is just a starting point for the TSP-ISAO, though. It’s more demanding, longer-term objective is to create and operate an open source, publicly available, security orchestration and automated response platform backed by its own standards-based data exchange language.