The idea is to provide an open source SOAR that will stop the present practice of doing threat intelligence in isolation, and the plan is to have its initial iteration live by January 1.
Two months ago. ConnectWise announced they would take the lead in setting up a Technology Solution Provider Information Sharing and Analysis Organization [TSP-ISAO] to co-ordinate threat intelligence specific to TSPs. Now the organization has named an executive director, and is actively recruiting members. They also have a plan to have a beta in place in a month, and a SOAR [Security Orchestration and Automated Response] service available to members by January 1.
“The ISAO is an information sharing and analysis organization, and an effort to create a non-profit that will share threat intelligence throughout the industry,” said Arnie Bellini, now Senior Advisor at ConnectWise after selling the company to Thoma Bravo early this year. Bellini, who has been a vocal advocate of cross-industry efforts to improve security, has become involved with the ISAO and its mission.
“With my wife Lauren, we just gave a $250,000 grant to the University of South Florida to do research on the Dark Web, and to start creating an open source language – an open source SOAR,” Bellini told ChannelBuzz. “I talked with Sir Tim Berners-Lee, who created the World Wide Web, when he keynoted here a couple of years ago, about this. He emphasized that if the WWW hadn’t been open sourced, all the big companies like IBM would have had their own version, and it would be very different from what it is today.” The Bellinis also donated $250,000 to the TSP-ISAO.
The ISAO was initiated by ConnectWise to get it off the ground, but will not be run by them. The plan is to bring as many organizations into the association as possible, including their competitors. M.J. Shoer, who ran his own MSP in New Hampshire for two decades, and has a strong background in industry association work, has been named as the ISAO’s executive director.
“The trade association CompTIA, and a number of other organizations are coming on board,” Shoer said. “Kaseya and Datto have also expressed interest in joining. We are reaching out to everyone.”
The goal, Bellini said, is to create a joint defense mechanism that he compared to the U.S. Strategic Defense Initiative anti-ballistic system from the 1980s.
“The ISAO is an independent organization funded by donation and founding members’ fees,” Bellini said. “The object is to break even financially, but the hope and desire is to create our own Stars Wars defense against cyber attacks, to take it up a level from where we are today. For this to happen, it has to become automated and it has to be coordinated.”
“It also has to be a trusted independent,” Soer added.
Bellini acknowledged that the industry is aggressively automating on its own, but not in a way that maximizes cybersecurity.
“They are all automating in siloes,” he emphasized. “To solve the problem, we have to all talk together and collaborate together on known threats and identified attacks. Think of it as a war. What you have today is like a medieval castle, with a cannon here, and archers there, and a sentry point there. We have firewall here, and encryption there and spam filter over there. It’s like a castle and they don’t talk to each other, so what good does it do?
“What needs to happen is to have an open source language put out by a nonprofit organization very similar to HTTP,” Bellini added. “Someone needs to invent a language and open source it and have companies automate to a trusted central language. That’s really our ultimate goal. We need to go Star Wars.”
Shoer’s preferred defense analogy was to an AWACS plane, which flies over the battlefield providing early warning radar surveillance of enemy movements.
Shoer also indicated that organizational work is well under way to meet the organization’s internal goals.
“There is a lot of co-ordination going on in the back end, in terms of what it looks like,” he said. “ConnectWise has allowed us to access some of their infrastructure resources. CompTIA has also offered assistance from their expertise in the non-profit space. The website is up. The press releases are out. We are actively taking in memberships. We have well over 400 signups, We are offering membership to solution providers free for a year.” About 325 of those signups are MSPs.
“We will start next week communicating with those who have signed up here [at the IT Connect event],” Shoer added. “We will also push the vision out to other membership groups as they gather. The plan is to launch December 1 with a beta feed of threat information. We will get feedback if it’s the right format and the right communication method, and provide more about our vision for the SOAR and the automation. Our goal is that by January 1 we will be sending information out to members that have signed up.”
“Imagine the extent of the digital feed going out to organizations just by being a member, and how we will help them do things with their clients,” Bellini said. “That’s what the whole SOAR concept is about.”
“I talked to one vendor here this week who was initially hesitant, then agreed they couldn’t keep doing it just by themselves,” Shoer said. “If we continue in siloes, the bad guys just hit the silo that is the weakest link.”
“Everyone knows that there has to be a standard,” Bellini said. “We are asking the vendors who join to basically get certified. It’s not hard and fast rules to join, but there are goals – like 2FA in all their products. That isn’t happening yet today.”