CompTIA ISAO Explained with Wayne Selk

Show Notes

In this episode we were joined by Wayne Selk from CompTIA to discuss CompTIA's Information Sharing & Analysis Organisation (ISAO). This included an explanation of what the ISAO does and the ways that it can benefit MSPs. 

We created this podcast to help support MSPs through the ever-evolving field of the digital world. The goal is to give tangible tips and strategies that MSPs and others in the tech industry can use while releasing the built-up anxiety around the sector. 

The ISAO was created to help tech companies accelerate their cyber resilience, the ISAO is an initiative that analyses the latest cybersecurity threats and provides actionable threat intelligence to its members, it is included in the MSP and solution provider membership benefits package as part of their commitment to helping these businesses combat cybersecurity threats. Vendors, distributors, associate members, and CompTIA Public Technology Institute (PTI) members have the option to upgrade their membership to include the CompTIA ISAO.

For more information on the ISAO check out this link
https://connect.comptia.org/content/articles/what-is-an-isao

Transcript

00:00:04:03 - 00:00:26:10
Luke B
Hi, everyone, and welcome back to the Inbay podcast. Thank you for joining us for another episode in our Cyber Anxiety series. So firstly to start off I should welcome back our two shall we call you series regulars now. So we've got with us Daniel Welling and Simon Butler, and we've also got a special guest with us today. So Wayne Selk is joining us from CompTIA.

00:00:26:21 - 00:00:35:18
Luke B
So thank you for joining us, Wayne. I don't know if you want to kind of kick things off with us, be slight or small introduction to yourself and kind of your background.

00:00:36:07 - 00:01:04:09
Wayne S
Sure. As I've been telling folks lately, I'm a recovering cyber security practitioner. I've been I've been I've been doing this for well over 25 years. I've got an enormous background in just about everything I.T. related, by the way. It's actually quite interesting. Maybe over a pint. Next time I'm over in London, we can kind of talk through some of those things if of interest, but happy to be here.

00:01:04:09 - 00:01:06:00
Wayne S
Looking forward to the conversation. Actually.

00:01:06:26 - 00:01:21:11
Luke B
Brilliant, thank you very much. So just to let everyone know today, we are talking about CompTIA’s ISAO which is the information sharing and analysis organization. So again, Wayne, just maybe a bit of a high level overview about what the ISAO is and what it provides.

00:01:22:16 - 00:02:06:08
Wayne S
Thank you. Yes, so the ISAO is how we affectionately refer to it. That is what, what I am I've been chartered to do is basically set that up as a one stop shop for your threat intelligence. Right. So there's more to the ISAO than just threat intelligence. But but really the primary focus there is to get MSPs as well as the vendor distributor and other associates that make up the entire community to support the MSP set the industry to really come together and start sharing information so that if someone and again, it doesn't matter where you are in the globe, right?

00:02:06:21 - 00:02:34:17
Wayne S
Which I think the Russian Ukraine conflict actually helped bring a very pinpoint focus on that. If somebody in the UK is popped, we are put on alert here in the U.S., in Australia, in New Zealand, right. Or in Asia, it doesn't matter because the, the focal point there is this is a flat world. And so cyber security knows no boundaries, no borders at the end of the day, which is kind of interesting.

00:02:35:07 - 00:03:06:19
Wayne S
It's all pretty much the same stuff. An attack by a Russian threat actor is the same attack that someone over in Australia is going to get as well. Right? They use the same attack methods, which is why Mitre came up with this wonderful attack framework to be able to pick things out. But it's it's absolutely amazing at the end of the day and we are trying through the ISAO to bring all of that stuff a little closer home to help raise awareness and understanding for the MSP community.

00:03:06:19 - 00:03:10:26
Wayne S
On the threats that impact not only themselves but also their customers.

00:03:12:15 - 00:03:29:05
Luke B
Amazing. That sounds great. I mean, one thing I wanted to ask you is, as an MSP or vendor that kind of joins the ISAO, what does that kind of look like in a sense of if you're, you know, part of the organization, what does that look like? What benefits do you get, What do you receive? How do you access this information essentially?

00:03:29:28 - 00:03:56:08
Wayne S
Sure. And so we've actually made some changes to the threat reports themselves. But let me back up for just a second, because I know there's there's a burning question in the room. Right. Let's cover off on how much does this cost. Right. So in the UK, we have a we align the pricing to the sterling. So it's $295 for the year for the entity.

00:03:56:08 - 00:04:18:15
Wayne S
So for the corporate entity. So in this case, right, if we're talking Inbay, Inbay pays $295 a year, all of the employees and I do mean all of that, not just the technicians, the sales staff, the h.r. The finance anybody else that supports the organization can roll up underneath that membership for the low, low cost of $295 a year.

00:04:18:16 - 00:05:04:10
Wayne S
By the way, the ISAO is actually included in as part of a member benefit now. So there's no additional cost for the ISAO so some of the things that we have, we have a portal for you to be able to log into. Right. We gave everybody that a second time when they come in to the ISAO that for a reason, because CompTIA itself is a global organization in over 225 countries around the world, we need to avoid certain known threat actor locations China, Russia, Iran, North Korea, those folks, unfortunately are not allowed to join the threat intel community and share information because there's some very sensitive information that we do share in the form of

00:05:04:10 - 00:05:38:00
Wayne S
analyst comments. But you get some of the benefits, high level. You get your own secure enclave inside the Splunk threat intelligence platform. You get some continuous you get five continuous monitoring and 24 annual monitoring reports through security scorecard as part of your third party vendor risk management solution, you you also have the ability of submitting to not only through your Splunk Threat Intel platform, but also through Sophos.

00:05:38:20 - 00:06:06:02
Wayne S
And you don't have to be a Sophos partner today, but if you get a URL or you get a what appears to be a malicious file, you can actually submit that. And the nice part about that is because of the Sophos relationship with VirusTotal. They they if something is bad, they will then create the signatures definitions or put the IP or email on blacklist to take care of all the other devices inside of your organization.

00:06:06:05 - 00:06:36:27
Wayne S
Right. And so that is actually also part of the giving back and sharing information with other like MSPs around the world because they get to take advantage of those same signatures, definitions and whatnot. The threat reports, real quick, we just launched an integration with with a Canadian firm called Gradient MSP, and it's a pilot. What you can do at no charge, by the way, they have a basic tier where you can actually create the integration into the ISAO

00:06:36:27 - 00:06:58:08
Wayne S
The threat report then goes through gradient and drops into your PSA. So if you only have if you're a very small organization and one person is the one looking at the threat reports, having it integrated into your PSA today, all of your technicians will be able to see what's going on. Right. Your future state for that, if I may, for just a second.

00:06:58:08 - 00:07:26:13
Wayne S
Future state is that you'll be able to fine tune that So you can align it to your tech stack, you'll be able to adjust whether it's actionable and of medium or high severity. And only those reports will will go into your tech stack. So it's actually we're trying to avoid the console fatigue and try to start streamlining some of these processes so that in actionable data gets dropped in for the entire organization to be able to see.

00:07:27:04 - 00:07:35:23
Luke B
So you say that the integration to the PSAs is there kind of a limited number of PSAs that you can integrate with or is it fairly open how the integration works.

00:07:36:07 - 00:08:07:18
Wayne S
So the integration is through the folks that Gradient MSP is currently supporting, right? So the big players are already covered. ConnectWise Kaseya, Datto. I think Ninja is is in there as well. And then we're also looking to integrate with some other similar providers like Pax8 I know is huge over there in the UK. They're I believe they're working on an alert API scale pad is also working on an alert API and there's others, right?

00:08:07:18 - 00:08:20:21
Wayne S
So if your community knows of similar type of folks that are working on alert APIs that have that they've already integrated with, please let me know. Get it back to Daniel. And you know, we can work on getting those integrations done as well.

00:08:21:09 - 00:08:41:08
Luke B
Awesome. Now I was going to say just before I hand over to Simon and Daniel to get more into the nitty gritty, shall we say. I'm a self-confessed non techie, so with these like reports, and things that come in. Is it something that you feel like non-technical people can still, you know, get access information and still, you know, get a lot of relevant information from that and from the ISAO?

00:08:41:08 - 00:08:41:17
Luke B
Yeah.

00:08:41:26 - 00:09:09:05
Wayne S
Yes, absolutely. So the the funny ironic part about it is our threat. Our analysts set up the threat reports so that they're easy to read and easy to digest. We've had other information sharing and analysis centers which were the first foray into this here in the US back in 98’ that have actually said, wow, we really like we really like how you guys are producing these reports because they are they're very easy to read.

00:09:09:10 - 00:09:20:01
Wayne S
Anybody can pick one up and take it out and and apply the mitigation activities as an example and understand what's really going on without having to have very technical background.

00:09:20:03 - 00:09:37:05
Luke B
Oh, that's great. That works for me. So I'll hand over to Daniel and Simon. I don't know if you wanted to kind of delve a bit more from your perspectives and your experience of working with MSPs if there's anything you want to kind of quiz, quiz. Wayne on or any information you feel would be relevant for the people listening at the moment.

00:09:38:20 - 00:09:58:05
Simon B
So I’ve got one to start off with so you've said about, you know, the integration going to the PSA. Is there a more sort of raw way that can come across on things like RSS feeds or emails or something like that where you can just sort of, you know, I get it say for example, I'm on the train, something comes through on the train.

00:09:58:05 - 00:10:22:29
Simon B
I'm not logged into my PSA. Something's come out and I want to look at something on my phone or I’m board on the train, and I want to read through the current things or something like that. You know, is there is there is that format available. So it can be because all technicians, they like to digest the information in different ways, you know, whether that's via Reddit or forums or like I say, via email or RSS feeds, you know, we slice and dice it and we, you know, categorize it.

00:10:22:29 - 00:10:34:07
Simon B
My RSS feed thing is, you know, got all sorts of tags and things on it that it does automatically, you know, it's are those sort of available to to get this information to the members.

00:10:34:21 - 00:10:57:15
Wayne S
Yes. So there's a couple of different things. Right. So we have to be very careful with RSS feed. Right. Because we adhere to the traffic light protocol. So the the information that we have inside these threat reports, when you start pushing up to amber and Amber plus and even Red, you know, that's that's specific intel that, you know, is coming down.

00:10:57:15 - 00:11:26:17
Wayne S
And we have to be very, very, very, very careful with that and how that that is released. But there are two mechanisms. One part of the reason why we kick it into the PSA is because everybody's email is typically just completely overwhelmed and bombarded, right, Simon So but the other the other nice thing that we have, we actually have an app for your phone, which you can log in directly into the ISAO and you get the same format that you would as if you were logged into the portal itself.

00:11:26:26 - 00:11:48:09
Wayne S
So you get access to your Splunk Enclave, you get access to security scorecard, access to Sophos, but you also get access to the threat reports and the discussion forums. And and really the the one of the other nice things that we did here just a week or so ago, because we're always making changes, improvements, and we like to think of them as improvements.

00:11:48:28 - 00:12:13:16
Wayne S
But the threat reports, you can actually now create a discussion. So think back to when log forge and print nightmare came out, right? I mean, our our threat report used to just be here it is digest it. Well now you can actually click on a button inside there that says join the discussion and you can actually start engaging with other MSP colleagues around the globe saying, hey, I'm seeing this.

00:12:13:16 - 00:12:28:11
Wayne S
Anybody else seeing this? You know, how what what's going on? How are you trying to this is what I'm working on. You know, you can actually have some dialog around that information sharing today when it comes to the threat reports as well. So hopefully I answered your question.

00:12:30:04 - 00:12:50:22
Simon B
Yeah, I think so. It's just a matter of, you know, I think the more ways you can have for the IT people to be able to digest the information in a way that suits them because we're not all the same you know and it's it's fine. You know you've got these great reports but you know some, particularly when you're talking and also non-technical people, they’ll have their own way of of getting involved.

00:12:50:22 - 00:13:04:04
Simon B
So you don't want to be a firehose, if you like, of too much information, but it's getting it to them in a way that they can grasp and at times grasp quickly because sometimes it can be time of the essence.

00:13:04:24 - 00:13:21:03
Wayne S
Right? Yes. The average time now from a publicly disclosed vulnerability to the time the threat actors are starting to exploit it is down to 15 minutes. So it is very important that this information get pushed out as quickly as possible.

00:13:21:03 - 00:13:24:06
Luke B
It's kind of worrying those figures sometimes.

00:13:24:19 - 00:13:47:04
Daniel W
Very, very scary, very scary. And yeah, I mean, first of all, thanks ever so much for everything you've said so far Wayne, really interesting, really interesting topic and initiative. I guess the highlight for me so far is that you said the Earth was flat. So that's that's the that's the key thing I'm going to take out of what you said so far.

00:13:48:05 - 00:14:45:04
Daniel W
But seriously, the the reason I'm on these calls is always to add a sort of sales and a commercial marketing perspective to this topic. And I and I guess perhaps starting to do your your job for you, Wayne. But in terms of selling this to the MSP, aside from the technical aspects that we've touched on so far being able to talk to my clients as an MSP and tell them that I'm part of a global initiative to to head on tackle the the ever increasing and ever clever threat actor activities and you know talking about 15 minutes, you know wer’re putting ourselves in that

00:14:45:04 - 00:15:03:17
Daniel W
space right in the fight defending our customers and so I think that's a that's a really mature position for an MSP to have And of course, they should be a member of CompTIA anyway and therefore have access to this benefit. And if not, then what a great reason to join and engage with the community, which I advocate on all of the time.

00:15:04:09 - 00:15:28:19
Daniel W
But the key thing that having had the benefit of seeing this in the flesh just the other day with you, Wayne we seeing the security scorecard, which I found absolutely fascinating in terms of being able to assess perhaps who my other vendors are and how secure they are and and myself and perhaps even my competition. Certainly customers.

00:15:30:08 - 00:15:38:03
Daniel W
Perhaps perhaps you could give us just a bit more detail about how MSPs would use that security scorecard facility.

00:15:38:03 - 00:16:11:24
Wayne S
Sure. So I again, I've got a really broad background when it comes to IT. My but my specific focus has been over the last 20 years in governance, risk and compliance, right? So security scorecard to me is really a tool for your third party vendor risk management program, right? So understanding and this is part of the challenge that that a lot of MSPs face today, especially from a sales side.

00:16:11:24 - 00:16:34:08
Wayne S
Right. They want to talk technology. But really, if you're going to reach into a prospect, you're going to reach into a client. The best way to get their attention is to start aligning the conversation to their business objectives and their business risk. Right. And this the security scorecard set it square in that bucket, right? So you only know what you don't know.

00:16:34:16 - 00:17:00:26
Wayne S
And and there's, you know, believe it or not, the security scorecard ability to reach and gather information. So for the tech tech folks that are on the call, a lot of them are probably already familiar with Shodan.io right. That is a another pay for application. But here security scorecard is included inside your member benefit, right with the ISAO.

00:17:00:26 - 00:17:24:10
Wayne S
So those five continuous monitoring reports that we talked about, I, I always recommend that the MSP first and foremost use the very first continuous monitoring report and you're going to see why in the heck do I need it. I know what I'm doing. Trust me, humans make mistakes. We're all fallible. So knowing again, the 15 minute window being able to shore that up as quickly as possible is vitally important.

00:17:25:07 - 00:17:58:14
Wayne S
The next four continuous monitoring for your top four revenue generating clients. That gives you the foundational revenue to in order to keep going and drive drive your business forward. Right. Always mapping to your business objectives, understanding their risk and being able to communicate to them as effectively as possible is what's really going to help drive the conversations because they don't care about technology, they don't care about the antivirus, they don't care about the firewall, they don't care that it's a Sonicwall Cisco Meraki device.

00:17:58:14 - 00:18:20:13
Wayne S
They really don't. The only thing they care about is that you're doing your best to protect them at the end of the day and you're going to swap out technology because you have to there's there's different things that have to that are coming out in the marketplace today. We are just at I.T nation connect a week or so ago and you know, i can't believe the number of vendors that are new in this space.

00:18:20:13 - 00:18:43:26
Wayne S
From a security perspective, it's mind boggling. Anyway, don't focus on technology though Focus on the business objectives, align to the business risk and help them continue to drive their their revenue up the hockey stick right And that will help you drive your revenue as well from a sales perspective. And score scorecard can help you do that.

00:18:43:26 - 00:19:09:02
Luke B
Cool, that’s brilliant I was going to say one thing from me as well. I was just going to run through was lets make a note so I was going to say one thing I was looking at before I used to work at an MSP. I think one of the key things that MSPs seemed to almost forget is that they are quite a gateway as a target into their customer base from a security point of view.

00:19:09:19 - 00:19:27:21
Luke B
I know, you know, I'm sure we've all experienced where MSPs kind of focus on the security of their customers, without focusing on their their own security. So what are we saying the the ISO would be more about protecting that MSP and making sure that their security standards are where they need to be to then therefore go on to protect their customers.

00:19:28:08 - 00:19:49:15
Wayne S
Yeah. So one of the other great things about the ISAO is that you get access to all of your colleagues around the globe, right? Yeah, I would, I won't say all of them, but the more that join, obviously the more you get to take advantage of and everybody's in a different phase of their security journey. Right. So if you're in phase two looking to move into phase three, you get to ask questions, right?

00:19:49:15 - 00:20:22:26
Wayne S
We have a monthly member meet up for folks to be able to jump in, ask questions, bring up topics, have conversation, have dialog. It's not recorded. So and that goes for that goes for the other MSPs that are listening here too, right join the conversation. Get raise your awareness and understanding for the entire organization as you become more aware of what's out there, what's going on, you start to develop really that security first culture, which is what we're trying to drive MSPs toward, and then that in turn will eventually make its way down to the end client.

00:20:23:20 - 00:20:37:07
Wayne S
And that's really what we're trying to do here, right, is raise the tide for everybody. Yeah, but we have to start with the MSP because they're the ones that are managing the infrastructure in a lot of cases, both from an I.T. perspective, but also from a information security perspective.

00:20:38:12 - 00:20:44:29
Luke B
Brilliant I don't know Simon Or Daniel if you had any kind of final question or final thoughts on what we've discussed today?

00:20:46:23 - 00:21:12:05
Daniel W
I think Wayne’s done a brilliant job from my perspective. And and I guess really, really that's the takeaway for me is aside from the world being flat that is that really this is a great complement to sales and marketing activities and efforts and more importantly, has an authentic benefit for both MSP and the customers. So no great initiative.

00:21:12:05 - 00:21:36:01
Simon B
yeah I was going to be pretty much the same sort of thing. You know, it's there is so much information out there that to get it in a curated form, if you like, so that it can be digested easily, particularly with MSPs and their technician, to potentially juggling so much stuff all the time.

00:21:36:17 - 00:22:10:15
Simon B
And you know, because most MSP techs, you know, normally are a jack of all trades, master of none. And you know, there's so much stuff going on, you know, I just see it with my own with working my own clients, you know, and we sort of go why aren’t you looking at this, why aren’t you looking at that And they just go, Well, we just haven’t got the time, you know, And it needs a curated feed, if you like, to be able to get the relevant information to them at the relevant time so they can react or not, you know, because unfortunately, some of the researchers have a habit of, you know, making lots of noise about nothing.

00:22:11:12 - 00:22:31:20
Simon B
And sometimes major things can in that initial window get lost and you need someone to go look. no you need to know this. You need to be aware of this right now. Um, you know, despite the amount of noise that's coming out. So, you know, I'm all in favor of more stuff that can that can help the technicians with the balancing act they've got.

00:22:31:21 - 00:22:37:16
Simon B
They're doing all day. Yeah. You know, simple as that really 

00:22:37:16 - 00:22:52:10
Luke B
I completely agree. And like I said for me, one of the key things is obviously the organization part of it, like you said, it's an open forum almost that you've got access to everyone else. Almost as I said, around the world who are in the same boat and and, you know, learning the same things have been out to share that knowledge.

00:22:52:25 - 00:23:03:22
Luke B
It's just a really great benefit to that. So thank you again. Wayne really appreciate your time today and thank you for joining us on the podcast. It's been pretty informative and pretty great thank you again.

00:23:04:08 - 00:23:08:19
Wayne S
No worries. Thanks for having me. I'd be willing to come back anytime you want to invite me.

00:23:09:21 - 00:23:14:25
Luke B
Sounds good we’ll make a note of that. So make sure we get that booked in, brilliant. Thank you so much.

00:23:15:06 - 00:23:23:03
Daniel W
And if anyone has any questions for Wayne how can a shameless plug Wayne how can people get in contact?

00:23:23:05 - 00:23:46:10
Wayne S
You really want to pile on in my email, don't you so Look, I'm happy to talk to anybody, quite honestly. You can reach me at WSelk@comptia.org I'm happy to. I'm happy to answer any questions, including around membership. Right. So reach out to me at any time.

00:23:46:10 - 00:23:58:21
Luke B
Brilliant thank you for that cool cheers And I think that's kind of everything we're going to cover today. So thank you for tuning in and listening and I will speak to you all again soon. Thank you.