Fortuna Cysec helps Extended Care Facility increase its security and privacy posture
Increased Social Engineering attacks targeting the IT Helpdesk
Increased Social Engineering attacks targeting the IT Helpdesk
As per the latest sector alert published by The U.S. Health and Human Services, in coordination with its Health Sector Cybersecurity Coordination Center, advises on having user awareness training, as well as policies and procedures for increased security for identity verification with help desk requests. The threat actors continue to evolve their tactics, techniques, and procedures (TTPs) to achieve their goal which is to gain initial access to target organizations.
Tactics, Techniques, and Procedures used by threat actors
As per the HC3 April 3rd alert social engineering is being used across the Healthcare and Public Health (HPH) sector to gain unauthorized access to systems. Threat actors are employing sophisticated social engineering techniques to target an organization’s IT help desk with phone calls from an area code local to the target organization, claiming to be an employee in a financial role (specifically in revenue cycle or administrator roles).
The threat actor can provide the required sensitive information for identity verification, including the last four digits of the target employee’s social security number (SSN) and corporate ID number, along with other demographic details. These details were likely obtained from professional networking sites and other publicly available information sources, such as previous data breaches.
The threat actor claimed that their phone was broken, and therefore could not log in or receive MFA tokens. The threat actor then successfully convinced the IT help desk to enroll a new device in multi-factor authentication (MFA) to gain access to corporate resources.
After gaining access, the threat actor specifically targeted login information related to payer websites, where they then submitted a form to make ACH changes for payer accounts. Once access has been gained to employee email accounts, they sent instructions to payment processors to divert legitimate payments to attacker-controlled U.S. bank accounts.
The funds were then transferred to overseas accounts. During the malicious campaign, the threat actor also registered a domain with a single-letter variation of the target organization and created an account impersonating the target organization’s Chief Financial Officer (CFO).
Rise in Spearphishing voice
What is Spearphishing?
Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary.
Spearphishing voice is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of manipulating a user into providing access to systems through a phone call or other forms of voice communications. Spearphishing frequently involves social engineering techniques, such as posing as a trusted source (impersonation) and/or creating a sense of urgency or alarm for the recipient.
Scattered Spider is a cybercriminal group that has been active since at least 2022 targeting customer relationship management and business-process outsourcing (BPO) firms as well as telecommunications and technology companies. During campaigns, Scattered Spider has leveraged targeted social-engineering techniques and attempted to bypass popular endpoint security tools
They have used several techniques to exploit such as Account Discovery: Cloud Account, Account Discovery: Email Account, Account Manipulation: Additional Cloud Roles, Account Manipulation: Device Registration, Account Manipulation: Additional Cloud Credentials, Data from Cloud Storage, Data from Information Repositories: Sharepoint, Exploit Public-Facing Application, External Remote Services, Gather Victim Identity Information: Credentials, Impersonation, Ingress Tool Transfer, Modify Cloud Compute Infrastructure: Create Cloud Instance, Multi-Factor Authentication Request Generation, Network Service Discovery, Obtain Capabilities: Tool, OS Credential Dumping: DCSync, Permission Groups Discovery: Cloud Groups, Phishing: Spearphishing Voice, Phishing for Information: Spearphishing Voice, Phishing for Information: Spearphishing Service, Protocol Tunneling, Proxy, Remote Access Software, Remote Services: Cloud Services, Valid Accounts: Cloud Accounts, Web Service, Windows Management Instrumentation
How can organizations protect against Spearphishing Voice?
Healthcare organizations and service providers need to implement various detection methods, policies, and procedures to validate the users requesting a password reset or mobile device enrollment.
Helpdesk agents need to employ atmost judgement as the adversary will employ manipulation techniques to bypass the call-back authentication or verification process in place.
Monitor call logs from corporate devices to identify patterns of potential voice phishing, such as calls to/from known malicious phone numbers. Correlate these records with system events.
- Enable logging of events, messaging, and other artifacts provided by third-party services ( ex: metrics, errors, and/or alerts )
- Monitor the events and alerts 24X7X365 using Security Operation Center (SOC)
- Ensure to use of security systems that can tag events from NDR, EDR, SIEM to MITRE ATT&CK framework and are able to predict the later movement quickly
Users can be trained to identify and report social engineering techniques and spearphishing attempts, while also being suspicious of and verifying the identity of callers.
- Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.
- Periodic security awareness training and tabletop exercises can help users understand the impact and mitigation procedures.
- Reviewing process and having escalation procedures for confirming incoming requests through an independent platform like a phone call or in-person, to reduce risk.
Benefits of an MSSP
Benefits of an MSSP
Managed Security Services (MSS) are crucial in today's digital landscape to help organizations protect their sensitive information, critical systems, and overall digital assets from an ever-evolving landscape of cyber threats. Cyberattacks are increasing in complexity and sophistication. Here are some reasons why organizations need Managed Security Services:
Expertise and Specialization:
Cybersecurity is a complex and rapidly evolving field. Managed Security Service Providers (MSSPs) are dedicated to staying up to date with the latest threats, vulnerabilities, and defense strategies. They employ a team of skilled cybersecurity professionals with specialized knowledge and experience in handling various security challenges.
24/7 Monitoring and Response:
Cyber threats can occur at any time, day or night. MSSPs offer continuous monitoring of an organization's networks and systems. This 24/7 monitoring ensures that potential threats are identified and addressed in real-time, reducing the risk of data breaches and minimizing downtime.
Advanced Tools and Technologies:
MSSPs utilize advanced security tools, technologies, and threat intelligence platforms that might be cost-prohibitive for individual organizations to implement and manage on their own. This allows organizations to benefit from cutting-edge security solutions without the need for significant upfront investments.
Scalability:
As organizations grow, their security needs also evolve. MSSPs offer scalability, allowing organizations to easily adjust the level of security services based on their changing requirements without having to invest in new infrastructure or hire additional personnel.
Cost Efficiency:
Building an in-house cybersecurity team and infrastructure can be expensive. It requires recruiting, training, and retaining skilled cybersecurity professionals, as well as investing in hardware, software, and ongoing maintenance. MSSPs offer a more cost-effective solution, as organizations pay for the services they need without the overhead of managing an internal security team.
Focus on Core Business Activities:
Managing cybersecurity internally can be resource-intensive and distract organizations from their core business objectives. By outsourcing security to MSSPs, organizations can free up their internal resources to focus on strategic initiatives that drive growth and innovation.
Compliance and Regulations:
Many industries are subject to strict regulatory requirements regarding data protection and cybersecurity. MSSPs have experience in navigating these compliance frameworks and can help organizations ensure that they meet the necessary standards.
Rapid Incident Response:
In the event of a security incident or breach, MSSPs have established incident response protocols and teams ready to mitigate the damage and guide the organization through the recovery process.
Risk Management:
MSSPs provide organizations with a comprehensive understanding of their security posture and vulnerabilities. This enables organizations to make informed decisions about risk mitigation strategies and allocate resources effectively.
Threat Intelligence:
MSSPs gather threat intelligence from a wide range of sources, allowing them to identify emerging threats and trends. This proactive approach helps organizations stay ahead of potential attacks and adapt their security measures accordingly.
In summary, Managed Security Services offer organizations the advantage of specialized expertise, round-the-clock protection, advanced tools, scalability, cost savings, and the ability to focus on core business activities. As cyber threats become more sophisticated and prevalent, many organizations find that partnering with MSSPs is a strategic way to enhance their overall cybersecurity posture.
Monthly Cybersecurity Vulnerability Bulletin May 2023
Monthly Cybersecurity Vulnerability Bulletin
In May 2023, the vulnerabilities list released includes the monthly Patch Tuesday
vulnerabilities released by several vendors on the second Tuesday of each month,
along with mitigation steps and patches. Vulnerabilities for May are from Microsoft,
Google/Android, Apple, Mozilla, SAP, Cisco, Fortinet, VMWare, and MOVEit.
A vulnerability is given the classification as a zero-day if it is actively exploited with
no fix available or is publicly disclosed. Fortuna Cysec and all security agencies
strongly recommends patching all vulnerabilities, with special consideration to the
risk management posture of the organization.
MOVEit Transfer Critical Vulnerability
A critical vulnerability was discovered in Progress/IPswitch’s MOVEit Transfer
software. MOVEit is a managed file transfer software that encrypts files and uses
secure File Transfer Protocols to transfer data with automation, analytics and
failover options. Tracked as CVE-2023-34362, this vulnerability could lead to
escalated privileges and potential unauthorized access to the environment. It is
recommended that all MOVEit Transfer software users protect their MOVEit Transfer
environment by taking immediate action following Progress’ remediation guidance,
which can be viewed by clicking here.
Department Of Homeland Security/Cybersecurity & Infrastructure Security
Agency
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure
Security Agency (CISA) added a total of 19 vulnerabilities in May to their Known
Exploited Vulnerabilities Catalog.
This effort is driven by Binding Operational Directive (BOD) 22-01: Reducing the
Significant Risk of Known Exploited Vulnerabilities, which established the Known
Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant
risk to the U.S. federal enterprise.
Vulnerabilities that are entered into this catalog are required to be patched by their
associated deadline by all U.S. executive agencies. While these requirements do not
extend to the private sector, It is recommended that all entities review
vulnerabilities in this catalog and consider prioritizing them as part of their risk
mitigation plan. The full database can be found here.
Microsoft
Microsoft issued security updates to fix 38 vulnerabilities and two actively exploited
zero-day vulnerabilities in May. Six of these vulnerabilities have been classified as
'Critical,' which is one of the most severe types of vulnerabilities, as they allow
remote code execution. The number of bugs in each vulnerability category is listed
as follows:
• 8 Elevation of Privilege Vulnerabilities
• 4 Security Feature Bypass Vulnerabilities
• 12 Remote Code Execution Vulnerabilities
• 8 Information Disclosure Vulnerabilities
• 5 Denial of Service Vulnerabilities
• 1 Spoofing Vulnerability
May’s Patch Tuesday had the lowest number of resolved vulnerabilities for Microsoft,
with only thirty-eight vulnerabilities fixed; this is not including eleven Microsoft Edge
vulnerabilities fixed on May 5th.
May’s Patch Tuesday addressed three zero-day vulnerabilities, with two exploited in
attacks and one publicly disclosed. Additional information on the two actively
exploited zero-day vulnerabilities is as follows:
• CVE-2023-29336 – This is a Win32k Elevation of Privilege vulnerability with a CVSS
score of 7.8. Microsoft has fixed this privilege elevation vulnerability in the Win32k
Kernel driver that elevates privileges to SYSTEM, which is Windows' highest user
privilege level. A threat actor who successfully exploits this vulnerability could gain
SYSTEM privileges.
• CVE-2023-24932 – This is a Secure Boot Security Feature Bypass vulnerability with
a CVSS score of 6.2. Microsoft has fixed this Secure Boot bypass that is weaponized
by the BlackLotus UEFI bootkit to exploit CVE-2022-21894 (aka Baton Drop), which
was resolved in January 2022.
Microsoft also released an update for one publicly disclosed zero-day that was not
actively exploited. This is tracked as CVE-2023-29325 and is a Windows OLE Remote
Code Execution vulnerability. According to Microsoft, “In an email attack scenario,
an attacker could exploit the vulnerability by sending the specially crafted email to
the victim.”
For a complete list of Microsoft vulnerabilities released in May and their rating, click
here, and for all security updates, click here. It is recommended that all users follow
Microsoft’s guidance, which is to refer to Microsoft's Security Response Center and
apply the necessary updates and patches immediately, as these vulnerabilities can
adversely impact the entities
Google/Android
Google released security updates in May for Android devices with fixes for over 47
vulnerabilities. While there were no critical flaws addressed, there were high and
moderate severity flaws, with the worst vulnerability potentially leading to privilege
escalation if a threat actor is able to gain physical access to a target’s device. Every
month, security updates are released in two parts. The first part of the update
arrived as the 2023-05-01 security patch level, and 16 vulnerabilities were resolved
in the Android System and Framework. The second part of Android’s security update
arrived on devices as the 2023-05-05 security patch level. This security update
included fixes for 29 vendor-specific vulnerabilities, and two Pixel-specific flaws were
addressed as well. One of Android’s most notable security updates released this
month was a patch for a high-severity vulnerability exploited as a zero-day to install
commercial spyware on compromised devices. Tracked as CVE-2023-0266, this flaw
is a use-after-free weakness in the Linux Kernel sound subsystem that may result in
privilege escalation without requiring user interaction. Google also released Chrome
version 101.0.4951.64 for Windows, Linux, and Mac. This version addresses
vulnerabilities that a threat actor could exploit to take control of a compromised
system. It is recommended all users follow CISA’s guidance to review the Chrome
Release Note and apply the necessary update. It is also recommended users refer to
the Android and Google service mitigations section for a summary of the mitigations
provided by Android security platform and Google Play Protect, which improve the
security of the Android platform. It is imperative that health sector employees keep
their devices updated and apply patches immediately, and those who use older
devices follow previous guidance to prevent their devices from being compromised.
All Android and Google service mitigations along with security information on
vulnerabilities affecting Android devices can be viewed by clicking here.
Apple
This month, CISA ordered federal agencies to address three recently patched zero-
day flaws affecting Apple’s iPhones, Macs, and iPads based on evidence of active
exploitation. The vulnerabilities found in the WebKit browser engine are tracked as
CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373. If successful with
exploitation, threat actors have the ability to escape the browser sandbox, access
sensitive information on a compromised device, and achieve arbitrary code
execution.
According to CISA: “These types of vulnerabilities are frequent attack vectors for
malicious cyber actors and pose significant risks to the federal enterprise.” It is
recommended all users and administrators follow CISA’s guidance which
“encourages users and administrators to review the following advisories and apply
the necessary updates”:
• Apple Multiple Products WebKit Sandbox Escape Vulnerability (CVE-2023-32409)
• Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability (CVE-2023-
28204)
• Apple Multiple Products WebKit Use-After-Free Vulnerability (CVE-2023-32373)
For the first time ever, Apple released a Rapid Security Response to owners of the
devices running iOS 16.4.1 or later, iPadOS 16.4.1 or later, or macOS Ventura 13.3.1
or later. Apple Rapid Security Response was released about a year ago, and is a
security-focused feature that makes user devices automatically install security
patches as they are made available. For a complete list of the latest Apple security
and software updates, click here. It is recommended all users install updates and
apply patches immediately. It is worth noting that after a software update is
installed for iOS, iPadOS, tvOS, and watchOS, it cannot be downgraded to the
previous version.
Mozilla
Mozilla released security advisories for vulnerabilities affecting multiple Mozilla
products, including in Thunderbird, Firefox, and Firefox ESR. If successful, a threat
actor could exploit these vulnerabilities and take control of a compromised device or
system. Best Practices encourages all users to follow CISA’s guidance, which
encourages all users to review the following advisories and apply the necessary
updates:
• Firefox 113 Mozilla Foundation Security Advisory 2023-16
• Firefox ESR 102.11 Mozilla Foundation Security Advisory 2023-17
• Thunderbird 102.11 Mozilla Foundation Security Advisory 2023-18
A complete list of Mozilla’s updates, including lower severity vulnerabilities, are
available on the Mozilla Foundation Security Advisories page. It is recommended
applying the necessary updates and patches immediately and following Mozilla’s
guidance for additional support.
SAP
SAP released 18 new security notes and six updates to previously issued security
notes, to address vulnerabilities affecting multiple products. If successful with
launching an attack, a threat actor could exploit these vulnerabilities and take
control of a compromised device or system. This month, there were two
vulnerabilities with a severity rating of “Hot News,” which is the most severe rating.
There were also nine flaws rated as “High, 10 “Medium,” and three “Low” in
severity. A breakdown of some security notes for vulnerabilities with “Hot News”
severity rating are as follows:
• Security Note #3328495 - (CVE-2021-44151, CVE-2021-44152, CVE-2021-44153,
CVE-2021-44154, CVE-2021-44155) has a 9.8 CVSS score and ‘Hot News’ severity
rating. Multiple vulnerabilities associated with Reprise License Manager 14.2
component used with SAP 3D Visual Enterprise License Manager. Product(s)
impacted: SAP 3D Visual Enterprise License Manager, Version–15.
• Security Note #3307833 - (CVE-2023-28762) has a 9.1 CVSS score and a ‘Hot
News’ severity rating. Information Disclosure vulnerabilities in SAP BusinessObjects
Intelligence Platform.
Product(s) impacted: SAP BusinessObjects Intelligence Platform, Versions–420,430.
For a complete list of SAP’s security notes and updates for vulnerabilities released in
May, click here. It is recommended patching immediately and following SAP’s
guidance for additional support. To fix vulnerabilities discovered in SAP products,
SAP recommends customers visit the Support Portal and apply patches to protect
their SAP landscape.
Cisco
Cisco released security advisories for vulnerabilities affecting multiple Cisco
products. Two advisories were rated “Critical,” two as “High,” and 12 as “Medium.”
Additional information on the “Critical” security advisories are as follows:
• Cisco Small Business Series Switches Buffer Overflow Vulnerabilities has a CVSS
score of 9.8. A remote threat actor could exploit these vulnerabilities to cause a
denial-of-service condition or execute arbitrary code with root privileges on an
affected device. Vulnerabilities for this advisory are: CVE-2023-20024, CVE-2023-
20156, CVE-2023-20157, CVE-2023-20158, CVE-2023-20159, CVE-2023-20160,
CVE-2023-20161, CVE-2023-20162, and CVE-2023-20189.
• Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability
(CVE-2023-20126) has a CVSS score of 9.8. This is a vulnerability in the web-based
management interface of Cisco SPA112 2-Port Phone Adapters that could allow an
unauthenticated, remote threat actor to execute arbitrary code on an affected
device. This is caused by a missing authentication process within the firmware
upgrade function. If successful, a remote threat actor could exploit this vulnerability
by upgrading an affected device to a crafted version of firmware and execute
arbitrary code on the affected device with full privileges.
Currently there are no workarounds to address these vulnerabilities. For a complete
list of Cisco security advisories released in May, visit the Cisco Security Advisories
page by clicking here. Cisco also provides free software updates that address critical
and high-severity vulnerabilities listed in their security advisory.
Fortinet
Fortinet’s May vulnerability advisory addressed two “High, four “Medium,” and three
“Low” rated vulnerabilities across different Fortinet products, including FortiADC,
FortiNAC, FortiOS and FortiProxy. Additional information on the “High” rated
vulnerabilities for this month are as follows:
• FG-IR-22-297(CVE-2023-27999) has a CVSSv3 score of 7.6. This is an improper
neutralization of special elements used in an OS command vulnerability [CWE-78] in
FortiADC that could allow an authenticated threat actor to execute unauthorized
commands through specifically crafted arguments to existing commands.
• FG-IR-22-475 (CVE-2023-22640) has a CVSSv3 score of 7.1. This is an out-of-
bounds write vulnerability [CWE-787] in sslvpnd of FortiOS and FortiProxy that could
allow an authenticated threat actor to achieve arbitrary code execution through
specifically crafted requests.
It is recommended users follow CISA’s guidance, which encourages users and
administrators to review Fortinet’s May 2023 Vulnerability Advisories page for
additional information, and apply all recommended updates and patches
immediately. For a complete list of vulnerabilities addressed in May, click here to
view FortiGuard Labs’ Vulnerability Advisories page.
VMWare
VMWare released three security advisories; one rated “Important” (VMSA-2023-
0009) and two rated “Moderate”(VMSA-2023-0010, VMSA-2023-0011). If successful,
a threat actor could exploit these vulnerabilities and take control of a compromised
device or system. Additional information is as follows:
• VMSA-2023-0009 - This security advisory has a maximum CVSSv3 score of 8.8 and
impacts VMware Aria Operations (formerly vRealize Operations). This update
addresses multiple Local Privilege Escalations and a Deserialization issue (CVE-
2023-20877, CVE-2023-20878, CVE-2023-20879, CVE-2023-20880).
• VMSA-2023-0010 - This security advisory has a maximum CVSSv3 score of 4.3 and
impacts NSX-T. This update addresses a cross-site scripting vulnerability (CVE-2023-
20868).
• VMSA-2023-0011 - This security advisory has a maximum CVSSv3 score of 6.1 and
impacts VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM),
and VMware Cloud Foundation (Cloud Foundation). This update addresses an
Insecure Redirect Vulnerability (CVE-2023-20884).
For a complete list of VMWare’s security advisories, click here. It is recommended
users follow VMWare’s guidance for each, and immediately apply patches listed in
the 'Fixed Version' column of the 'Response Matrix' that can be accessed by clicking
directly on the security advisory.
References
Android Security Bulletins
https://source.android.com/security/bulletin
Android’s May security update is rolling out now to Google Pixel phones
https://www.androidpolice.com/android-may-2023-security-google-pixel/
Android Security Bulletin—May 2023
https://source.android.com/docs/security/bulletin/2023-05-01
Apple Security Updates
https://support.apple.com/en-us/HT201222
CISA Adds Three Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2023/05/22/cisa-adds-three-known-
exploited-vulnerabilities-catalog
Cisco phone adapters vulnerable to RCE attacks, no fix available
https://www.bleepingcomputer.com/news/security/cisco-phone-adapters-vulnerable-
to-rce-attacks-no-fix-available/
Cisco Security Advisories
https://tools.cisco.com/security/center/publicationListing.x
Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
FortiGuard Labs PSIRT Advisories
https://www.fortiguard.com/psirt
FortiGuard Labs May 2023 Vulnerability Advisories
https://www.fortiguard.com/psirt-monthly-advisory/may-2023-vulnerability-
advisories
Google Chrome Releases: Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-
desktop_10.html
Microsoft May 2023 Patch Tuesday
https://isc.sans.edu/diary/rss/29826
Microsoft May 2023 Patch Tuesday fixes 3 zero-days, 38 flaws
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2023-patch-
tuesday-fixes-3-zero-days-38-flaws/
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including 2 Exploited Zero-Day Bugs
https://thehackernews.com/2023/05/microsofts-may-patch-tuesday-fixes-38.html
Microsoft Security Response Center May 2023
https://msrc.microsoft.com/blog/2023/05/
Microsoft Security Update Guide
https://msrc.microsoft.com/update-guide
Microsoft's Security Response Center (May 2023)
https://msrc.microsoft.com/blog/2023/05/
Microsoft Patch Tuesday by Morphus Labs
https://patchtuesdaydashboard.com/
Microsoft Patch Tuesday, May 2023 Edition
https://krebsonsecurity.com/2023/05/microsoft-patch-tuesday-may-2023-edition/
MOVEit Transfer Critical Vulnerability (May 2023) (CVE-2023-34362)
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-
31May2023
Mozilla Foundation Security Advisories
https://www.mozilla.org/en-US/security/advisories/
New Android updates fix kernel bug exploited in spyware attacks
https://www.bleepingcomputer.com/news/security/new-android-updates-fix-kernel-
bug-exploited-in-spyware-attacks/
SANS Microsoft May 2023 Patch Tuesday
https://isc.sans.edu/diary/Microsoft+May+2023+Patch+Tuesday/29826/
SAP Security Patch Day – May 2023
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
SAP Security Notes
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
VMware Security Advisories
https://www.vmware.com/security/advisories.html
Either You Need a New Integrated Partner, or Your MSP Does
An examination of how disconnected MSP and MSSP relationships create dangerous security gaps—and why organizations need an integrated partner that connects detection, remediation, business context, and accountability.
For years, many organizations have relied on their Managed Service Provider to keep their technology running. MSPs handle helpdesk tickets, device management, patching, Microsoft 365 administration, backups, networking, and the day-to-day operational needs that keep a business moving.
But cybersecurity has changed.
Today’s threats move faster, target more parts of the environment, and require deeper expertise than traditional IT support alone was designed to provide. As a result, many MSPs eventually reach a point where they realize they need help. They acknowledge that they are not a 24×7 security operations center, so they outsource security monitoring to a third-party MSSP or SOC provider.
On the surface, that sounds like the right move.
In practice, the standard MSP/MSSP relationship often creates a dangerous gap for the end customer.
The Problem With the Traditional MSP/MSSP Model
The typical model looks like this:
- The MSP manages the client’s IT environment.
- The MSSP monitors alerts.
- The SOC detects, correlates, and validates threats.
- Then, when something is confirmed, the issue is often handed back to the MSP to fix.
- That handoff is where the problem begins.
The MSP already recognized that security was not their strongest capability. That is why they outsourced SOC services in the first place. But when a real incident occurs, when the threat is active, the environment is under pressure, and speed matters most, the responsibility frequently shifts back to the same team that admitted they needed outside security support.
That creates a critical issue at a critical time.
Detection alone is not enough. Correlation alone is not enough. Even response alone may not be enough if the team responsible for remediation does not understand the security context, business impact, root cause, and urgency behind the threat.
The result is often delay, confusion, and incomplete resolution.
The Handoff Problem Is Bigger Than Most Customers Realize
One of the biggest deficiencies in the traditional MSP/MSSP model is that the handoff is rarely seamless.
- The MSP may live in one ticketing system.
- The MSSP may operate in another.
- The customer may have their own system entirely.
When those systems are not tightly integrated, critical handling notes, escalation history, environmental details, and tribal knowledge do not move cleanly between teams. The SOC may validate a threat but lack visibility into previous issues on that device. The MSP may receive a ticket but not fully understand the investigation trail, the severity rationale, or the attacker behavior that triggered the escalation.
This matters because during a security event, context is everything.
A note buried in one system may explain that a server supports a critical business unit. A previous ticket may reveal that a device has recurring patch failures. A technician may know that a certain user travels frequently, works remotely, or has privileged access. A SOC analyst may know that an alert is tied to a broader attack pattern.
When that information is scattered across separate systems and separate teams, the customer loses speed and clarity at the exact moment they need both.
This creates a security model built around ticket passing instead of risk reduction.
Tool Stack Lock-In Creates Another Problem
The other challenge is the tool stack.
In many MSP/MSSP relationships, the customer is forced into whatever security tools the MSP or MSSP has already selected. The model is built around provider convenience, not necessarily customer need.
That may create operational efficiency for the provider, but it can create limitations for the customer.
- The MSP may only support certain endpoint tools.
- The MSSP may only monitor certain logs.
- The SOC may only integrate with a preferred SIEM, EDR, or ticketing platform.
- The customer’s existing investments may be ignored, replaced, or underutilized.
This can leave organizations trapped in an inflexible model where their actual business needs are not fully surfaced. Instead of asking, “What does this customer need based on their risk, operations, compliance requirements, and maturity level?” the model becomes, “Here is the stack we use, and here is how you fit into it.”
That is backwards.
Security tools should support the customer’s operating model. The customer should not have to reshape their security program around the limitations of disconnected providers.
A stronger model should be flexible enough to work with the customer’s environment, integrate with the tools that already matter, and recommend changes based on risk and maturity — not just vendor preference.
The End Customer Pays the Price
From the end customer’s perspective, this fragmented model can be frustrating and risky.
- One provider sees the alert.
- Another provider manages the endpoint.
- Another team owns the firewall.
- A different ticketing system holds the notes.
- A separate platform contains the security investigation.
- The business leader just wants to know: are we safe, what happened, what matters, and what are we doing about it?
When security responsibility is split across disconnected teams, the customer is left managing the seams between providers. During a normal support issue, that may be inefficient. During a cyber event, it can be dangerous.
Common failure points include:
- Delayed remediation because the SOC identifies the issue but does not own the fix.
- Incomplete response because the MSP receives an alert without enough security context.
- Lost tribal knowledge because ticketing systems, notes, and escalation histories are not shared effectively.
- Tool limitations because the customer is forced into a provider-selected stack instead of a model built around their needs.
- Poor prioritization because neither party fully understands which systems, users, data, or business units matter most.
- Recurring incidents because the immediate threat is closed, but the root cause is never fully addressed.
- Executive confusion because reporting focuses on alerts and tickets instead of risk reduction, resilience, and business impact.
This is how organizations end up with activity but not maturity. Lots of alerts. Lots of tickets. Lots of dashboards. But not enough actual reduction in exposure, risk, or threat impact.
Security Requires Environmental Intimacy
Strong cybersecurity is not just about tools. It is not just about having a SOC. It is not just about alert triage.
It requires intimacy with the environment.
A mature security partner should understand your infrastructure, users, business units, critical systems, sensitive data, compliance obligations, operational workflows, and risk tolerance. They should know what matters most to the business, not just what appears most severe in a generic alert queue.
That context changes everything.
A vulnerability on a dormant test system is different from a vulnerability on a system that supports patient care, financial transactions, manufacturing operations, or executive communications. A suspicious login from a normal user is different from a suspicious login from a privileged administrator. A malware alert on a standard workstation is different from an alert tied to a device with access to regulated data.
Without business context, security teams can only react to technical signals.
With business context, they can prioritize, respond, remediate, and mature the environment over time.
The Goal Should Be Maturity, Not Just Monitoring
Many organizations think they are buying security when they purchase SOC monitoring. What they are often buying is visibility into potential threats.
Visibility is important, but it is only the starting point.
The real goal should be to raise the organization’s security maturity level. That means reducing the number of recurring issues, improving response readiness, hardening weak points, prioritizing risk based on business impact, and helping leadership make better decisions.
A mature security operating model should include:
- Continuous visibility across assets, users, vulnerabilities, identities, systems, and sensitive data.
- Risk-based prioritization that goes beyond alert severity or CVSS scores.
- Shared operational context across security, IT, ticketing, remediation, and reporting workflows.
- Flexible tool integration that supports the customer’s environment instead of forcing the customer into a rigid provider stack.
- Coordinated response that connects detection, investigation, containment, remediation, and validation.
- Root-cause analysis to understand why an incident happened and how to prevent it from recurring.
- Executive-level reporting that shows risk reduction, operational improvement, and business impact.
- Remediation support so the customer is not left holding the bag after an alert is validated.
That is the difference between a vendor that watches your environment and a partner that helps improve it.
Either You Need a New Integrated Partner, or Your MSP Does
This does not mean MSPs are the problem. Many MSPs are excellent operational technology partners. They are close to their clients, understand day-to-day IT needs, and play an essential role in keeping businesses running.
But the traditional MSP/MSSP handoff model is no longer enough.
If your MSP is not built to deliver mature cybersecurity outcomes, they need an integrated security partner behind them. If your current provider structure creates handoffs, disconnected ticketing, lost tribal knowledge, tool limitations, or delayed remediation during security events, then your business may need a new model altogether.
The best outcome is not an MSP on one side and an MSSP on the other, with the customer stuck in the middle.
The best outcome is an integrated operating model where security expertise, IT context, remediation capability, business risk awareness, ticketing visibility, and tool flexibility work together.
- That is how organizations reduce threat impact.
- That is how they mature their security program.
- That is how they move from reactive support to resilient operations.
Because when something happens, the question should not be, “Who owns this?”
The answer should already be clear.
Cybersecurity Needs an Immune System, Not a Pile of Disconnected Tools
An exploration of why disconnected cybersecurity tools create noise, duplication, and slower response—and how a coordinated, risk-informed security ecosystem can improve resilience, accountability, and outcomes.
The human body is one of the most sophisticated defense systems ever created.
It does not rely on one control. It does not depend on one sensor. It does not wait for a single alert before deciding whether something is dangerous. The immune system is a coordinated, layered, adaptive defense model that constantly monitors, communicates, prioritizes, responds, learns, and heals.
Now imagine if the body worked the way many cybersecurity programs do today.
Imagine if the skin detected a cut, but could not notify the bloodstream. Imagine if white blood cells saw an infection, but had no way to communicate with the brain. Imagine if inflammation continued long after the threat was gone because no one told the body the incident had been resolved. Imagine if the immune system had five different tools identifying the same infection, but none of them agreed on severity, location, or next steps.
The body would fail.
Not because it lacked defenses, but because those defenses were fragmented.
That is the problem facing many organizations today. They do not lack cybersecurity tools. In fact, many have too many. Endpoint protection, firewalls, vulnerability scanners, SIEMs, identity tools, email security, cloud security, compliance platforms, ticketing systems, backup systems, and managed service providers all generate signals. Each tool may be valuable on its own, but when these systems do not speak to one another, the organization is left with noise instead of clarity.
The result is a security program that looks strong on paper but struggles in practice.
Alerts pile up. Vulnerabilities remain unresolved. Duplicate tools create overlapping costs. Teams chase the same issue from multiple consoles. Executives receive reports that describe activity, but not necessarily risk. Security teams are asked to prioritize thousands of findings without enough business context to know which exposures matter most.
In the human body, defense depends on coordination. Cybersecurity should be no different.
The Problem With Tool Stacking
For years, many organizations responded to cyber risk by adding more tools. A new threat emerged, so a new platform was purchased. A new compliance requirement appeared, so another dashboard was added. A new gap was identified, so another vendor was brought in.
Over time, the security environment became crowded.
This created a new kind of risk: operational fragmentation.
Tool stacking often leads to redundant capabilities, duplicated alerts, inconsistent reporting, and unclear ownership. One system may detect suspicious activity. Another may identify the vulnerable asset. A third may know the user has elevated privileges. A fourth may understand that sensitive data is present. A fifth may open the ticket. But if those systems are not connected through a common operating model, the organization still has to manually determine what matters, who owns it, and what should happen next.
That is not maturity. That is complexity.
The issue is not that these tools are bad. Many are excellent. The issue is that tools alone do not create security outcomes. Just as the body needs coordination between detection, communication, response, and recovery, cybersecurity needs an ecosystem that connects signals to decisions and decisions to action.
Alerts Are Not the Same as Immunity
A fever is not the immune system. It is a signal.
In the same way, an alert is not a security outcome. It is the beginning of a decision process.
Too many cybersecurity programs are built around alert generation instead of risk reduction. A SIEM receives logs. An EDR tool flags behavior. A vulnerability scanner produces findings. A compliance platform identifies gaps. Each system creates more information, but more information does not automatically mean better protection.
The real question is: What happens next?
Does the organization know whether the affected system is business-critical? Does it know whether sensitive data is exposed? Does it know whether the vulnerability is actively exploitable? Does it know whether the user involved has privileged access? Does it know whether the issue has appeared before? Does it know who owns remediation? Does it validate that the fix actually worked?
If not, the organization does not have a security immune system. It has a collection of disconnected alarms.
Redundancy Can Be Useful — Until It Becomes Waste
The human body has redundancy by design. Multiple layers of defense exist because survival requires backup. Skin, mucus membranes, inflammation, antibodies, white blood cells, and memory cells all play different roles.
But biological redundancy is coordinated. It is not random.
In cybersecurity, redundancy can be valuable when controls reinforce one another. But redundancy becomes waste when multiple tools perform overlapping functions without improving visibility, response, or risk reduction. Organizations may pay for the same capability more than once across endpoint tools, cloud platforms, identity systems, SIEMs, MDR providers, compliance platforms, and vulnerability tools.
This creates two problems.
First, the organization overpays for duplicate features.
Second, the security team may still lack a unified view of risk.
That is the worst of both worlds: higher cost and lower clarity.
A mature cybersecurity ecosystem should help organizations understand which tools are delivering value, which capabilities overlap, and where integration can improve outcomes without unnecessary rip-and-replace disruption.
The AI Era Raises the Stakes
The rise of AI-driven attack techniques makes interoperability even more important.
AI can accelerate reconnaissance, phishing, social engineering, malware development, vulnerability research, and attack automation. It can also increase the speed and volume of activity security teams must review. As attackers use automation to move faster, defenders cannot afford to operate through disconnected workflows and manual handoffs.
A fragmented security program will struggle in this environment.
If identity risk is separate from endpoint detection, if vulnerability context is separate from incident response, if sensitive data exposure is separate from asset criticality, and if ticketing is separate from validation, then the organization loses time. In cybersecurity, lost time often means increased exposure.
AI does not eliminate the need for human judgment. It increases the need for a better operating model. Security teams will need systems that can correlate context, reduce noise, prioritize risk, recommend action, and support faster response. But those capabilities are only useful if they are part of an interoperable ecosystem.
The future of cybersecurity is not just more AI. It is better coordination between people, process, tools, telemetry, automation, and business risk.
Fortunox as a Cybersecurity Immune System
Fortunox by Fortuna Cysec was built around this principle.
Rather than treating cybersecurity as a pile of separate tools, Fortunox is designed as a managed security operations ecosystem. It brings together detection, response, exposure management, identity-aware risk context, compliance reporting, remediation workflows, and executive visibility into a coordinated model.
Like the immune system, Fortunox is designed to help organizations detect signals, understand severity, prioritize response, coordinate action, and validate recovery.
On the proactive side, Fortunox supports Continuous Threat Exposure Management by helping organizations move beyond raw vulnerability counts and CVSS scores. It considers exploitability, asset criticality, sensitive data exposure, identity risk, and business impact so teams can focus on the exposures that create the greatest organizational risk.
On the reactive side, MDR+ helps organizations move beyond monitor-and-notify security. Detection is only one part of the process. The real value comes from triage, investigation, containment, root-cause analysis, remediation support, validation, and hardening over time.
That is the difference between alerting and immunity.
Alerting tells you something happened.
An immune-system model helps determine what it means, how serious it is, what should happen next, whether the issue has been resolved, and how to prevent the same problem from recurring.
Bring Your Own Stack, But Make It Work Together
One of the most important realities in cybersecurity is that organizations already have tools. They have made investments. They have existing systems, contracts, workflows, and operational preferences. Asking every organization to rip and replace its environment is often unrealistic.
That is why Fortunox supports a Bring Your Own Stack model.
The goal is not to force every client into one rigid technology stack. The goal is to help the organization make its existing stack work better. Endpoint, firewall, identity, cloud, ticketing, infrastructure, vulnerability, and compliance tools can all contribute important signals. The key is connecting those signals into a managed operating model that improves prioritization, response, reporting, and accountability.
This is especially important for regulated industries such as healthcare, financial services, insurance, manufacturing, and other compliance-driven sectors. These organizations need more than dashboards. They need defensible evidence, clear ownership, measurable improvement, and a partner that can help reduce risk over time.
The Goal Is Not More Noise. It Is Better Defense.
The immune system does not win by creating endless alerts. It wins by recognizing what matters, responding appropriately, learning from exposure, and restoring the body to health.
Cybersecurity programs should aim for the same outcome.
A mature security program should not simply generate more findings. It should reduce unnecessary noise, eliminate duplicate effort, focus attention on the highest-risk issues, validate remediation, and help the organization become more resilient over time.
That requires interoperability.
It requires context.
It requires accountability.
And it requires a model that connects tools, people, processes, and business risk into one coordinated defense system.
The cybersecurity landscape is entering a new era. AI-driven attack vectors, expanding digital environments, tighter compliance requirements, and persistent staffing shortages will continue to pressure organizations. The answer cannot simply be another disconnected tool.
The answer is a security immune system.
That is the role Fortunox is designed to play: helping organizations move from fragmented tool stacking to coordinated, risk-informed, managed cyber defense.
Isolated Security for a Multi-Tenant World: How thefense Platform Sets a New Standard
In an era of cloud transformation andrapidly evolving cyber threats, multi-tenant environments have become the norm for managed security service providers (MSSPs). While shared infrastructure can reduce costs and simplify operations, it often comes with the risk of cross-tenant exposure—where logical data segregation leaves room for misconfigurations and vulnerabilities that may affect multiple customers simultaneously. FortunaCysec’s thefense platform overcomes these challenges by providing true isolation with dedicated instances for each customer, ensuring data sovereignty, enhanced security, and robust regulatory compliance.In this article, we explore the critical challenge of cross-tenant exposure, examine the infamous Capital One breach asa case study, and demonstrate in detail how thefense platform’s dedicated-instance architecture sets a new industry standard for multi-tenant security solutions.
In an era of cloud transformation andrapidly evolving cyber threats, multi-tenant environments have become the norm for managed security service providers (MSSPs). While shared infrastructure can reduce costs and simplify operations, it often comes with the risk of cross-tenant exposure—where logical data segregation leaves room for misconfigurations and vulnerabilities that may affect multiple customers simultaneously. FortunaCysec’s thefense platform overcomes these challenges by providing true isolation with dedicated instances for each customer, ensuring data sovereignty, enhanced security, and robust regulatory compliance.
In this article, we explore the critical challenge of cross-tenant exposure, examine the infamous Capital One breach asa case study, and demonstrate in detail how thefense platform’s dedicated-instance architecture sets a new industry standard for multi-tenant security solutions.
The Challenge: Cross-Tenant Exposure in Multi-Tenant Environments
Many MSSP solutions use a shared infrastructure model where customer data is only logically segregated. This means that while software mechanisms attempt to separate tenant data, all customers share the same underlying hardware, network pathways, and system processes. Such an approach exposes organizations to several risks:
- Data Leakage
If a misconfiguration occurs, sensitive data from one tenant may inadvertently become accessible to another. - Compliance Vulnerabilities
Regulations like NYDFS, CCPA/CDPA, PCI DSS, HIPAA, and others demand strict data isolation. Logical segregation can make it difficult to demonstrate that each customer’s data is truly isolated. - Operational Complexity
Troubleshooting incidents in a shared environment can be challenging, as issues in one tenant might have ripple effects on others.
Case Study: The Capital One Breach
One of the most notable examples of the dangers inherent in shared multi-tenant environments is the Capital One breach in 2019. In this incident, a misconfigured firewall in Capital One’s AWS environment allowed an attacker to exploit a vulnerability and access sensitive customer data. Although the breach was not solely the result of multi-tenant exposure, it highlighted critical weaknesses in environments where data from multiple clients coexisted on shared infrastructure.
According to Reuters, the breach affected over 100 million customers and cost the institution billions in remediation and reputational damage [Reuters, 2019]. Misconfigurations in cloud security controls—common in environments where data segregation is managed logically rather than physically—played a significant role in the incident.
Traditional Multi-Tenant Architectures: Risks and Limitations
In many conventional MSSP solutions, customer environments are hosted on a shared infrastructure with logical separation enforced via software. While this model can be cost-effective, it suffers from several inherent limitations:
- Single Point of Misconfiguration
A misconfiguration in the shared environment, such as an incorrectly set firewall rule or API vulnerability, can potentially expose data across all tenants. - Limited Data Sovereignty
Customers may have limited control over where and how their data is stored, complicating compliance with local data residency laws. - Increased Operational Complexity
When an incident occurs, isolating the source and impact becomes more challenging in a shared architecture. - Potential for Vendor Lock-In
Integrating multiple tools from various vendors within a single shared platform can lead to dependencies that hinder flexibility and scalability.
Thefense Platform: A Dedicated-Instance Approach
Fortuna Cysec’s thefense platform tackles these challenges head-on by offering a dedicated-instance architecture that ensures each customer operates in its own isolated environment. This approach involves:
- Individual Tenant Instances
Every customer’s data is stored and processed within a separate instance, eliminating the risk of cross-tenant data leakage. - Data, API, and Network-Level Isolation
Not only is the data isolated, but the interfaces (APIs) and network communications are segregated as well. This means that the infrastructure supporting one tenant is completely independent of that of another. - Geo-Location Control
Customers can select their preferred geographic region for data residency, ensuring compliance with regional data sovereignty laws and reducing latency. - Unified Management Without Compromise
Despite operating in isolated environments, thefense platform offers a single pane of glass for centralized management, ensuring operational efficiency without sacrificing security.
How thefense Would Have Prevented the Capital One Breach
To illustrate the benefits of our approach, consider how the dedicated-instance architecture of thefense platform would have impacted the Capital One breach:
- Prevention of Cross-Tenant Exposure
In the Capital One breach, a misconfigured firewall in a shared AWS environment allowed an attacker to access data across the system. With thefense’s dedicated instances, each tenant’s data is isolated at the hardware, API, and network levels. Even if one tenant’s security settings were misconfigured, the breach would be contained within that single instance, preventing lateral movement across other customer environments. - Enhanced Control and Visibility
Thefense platform offers comprehensive asset management and real-time monitoring. In a dedicated-instance model, security teams have full visibility into the configuration and health of each isolated environment. Any misconfiguration—such as those that led to the Capital One breach—would be quickly identified and remediated, reducing the window of vulnerability. - Strict Data Sovereignty
By enabling customers to choose their data residency, thefense ensures that sensitive data remains within approved geographic boundaries, in compliance with local regulations. In the Capital One breach, broader exposure risk could have been minimized if data were restricted to isolated, controlled environments. - Automated, Isolated Incident Response
Integrated SIEM and SOAR functionalities within each dedicated instance allow for automated correlation and rapid incident response. Should a threat be detected in one instance, the response is contained and managed locally, preventing any cascading effects that might occur in a shared environment. - Mitigation of Configuration Errors
Dedicated instances reduce the complexity of managing a shared environment, lowering the risk of configuration errors. With fewer overlapping settings and clearly defined boundaries, the likelihood of a misconfiguration that leads to a breach is significantly reduced.
The Value Proposition: Why Dedicated Isolation Matters
Fortuna Cysec’s thefense platform delivers a competitive differentiator with its dedicated-instance architecture. Here’s how it translates into tangible benefits:
- Full Data Sovereignty
Each organization’s data resides in its own isolated instance within a preferred geo-location, ensuring compliance with regional data protection regulations and eliminating cross-tenant risks. - Enhanced Regulatory Compliance
With built-in compliance modules for NYDFS, CCPA/CDPA, PCI DSS, HIPAA, GLBA, SOX, FFIEC, and the NIST Cybersecurity Framework, thefense simplifies audit processes and meets the rigorous requirements of regulated industries. - Operational Efficiency and Cost Savings
Consolidation of security tools into a unified platform that offers isolated instances reduces operational complexity and vendor sprawl. Customers enjoy up to a 72% reduction in operational costs while achieving superior threat detection and response. - Proactive Threat Mitigation
Leveraging advanced threat intelligence from multiple sources, our platform empowers organizations to detect and neutralize threats before they escalate, reducing Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) by up to 75%. - Resilience Against Evolving Threats
Dedicated environments enhance stability and ensure that even if a breach occurs in one instance, it does not compromise the integrity of the entire system—providing a robust defense against increasingly sophisticated cyberattacks.
Conclusion
As organizations across industries continue to grapple with the complexities of multi-tenant environments, the need for true isolation becomes paramount. Fortuna Cysec’s thefense platform offers a breakthrough solution—delivering dedicated-instance architecture that ensures full data sovereignty, robust regulatory compliance, and superior operational efficiency. In a world where the consequences of a breach can be catastrophic, our approach not only mitigates risk but also sets a new standard for cybersecurity.
Had the dedicated isolation approach of thefense been in place, incidents like the Capital One breach could have been contained to a single tenant, significantly reducing the potential damage and exposure. This level of security is not just a competitive advantage—it is a necessity in today’s complex threat landscape.
Ready to experience unparalleled security and compliance? Contact Fortuna Cysec today to discover how thefense platform can transform your organization’s security posture.
References
- Reuters. (2019, July 29). Capital One Data Breach: What You Need To Know. Retrieved from Reuters.
- Capital One. (2019). Capital One Data Breach FAQ. Retrieved from Capital One Official Statement.
- NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity. Retrieved from NIST Cybersecurity Framework.
- NYDFS. (2017). Cybersecurity Regulation. Retrieved from NYDFS Cybersecurity.
Fortuna Cysec Named to CRN’s 2025 Security 100 List
Fortuna Cysec a global cybersecurity company, today announced that CRN®, a brand of The Channel Company, has recognized Fortuna Cysec on its Managed Service Provider (MSP) 500 list in the Security 100 category for 2025.
Atlanta, GA, February 13th, 2025 – Fortuna Cysec a global cybersecurity company, today announced that CRN®, a brand of The Channel Company, has recognized Fortuna Cysec on its Managed Service Provider (MSP) 500 list in the Security 100 category for 2025.
This honor acknowledges Fortuna Cysec’s commitment to providing innovative, comprehensive cybersecurity solutions that empower Healthcare, Finance, Insurance, Manufacturing, other regulated industries, Non-Profits, Local Governments, Managed Service Providers, and organizations looking to enhance their security posture to safeguard their critical data and ensure regulatory compliance.
CRN’s annual MSP 500 list is a comprehensive guide to the leading managed service providers in North America, recognizing companies that drive growth and innovation while delivering exceptional managed services. Security 100 category, spotlighting service providers with cloud-based security services expertise.
Fortuna Cysec’s flagship solution, thefense, provides a modular ecosystem integrating Advanced Threat Intelligence, Real-time Monitoring, and Managed Detection and Response (MDR) to fortify security, ensure compliance, and drive business resilience.
“Fortuna Cysec’s inclusion on the 2025 MSP 500 list is a testament to our relentless commitment to innovation and operational excellence,” said Navin Balakrishnaraja, CEO at Fortuna Cysec. “Our thefense platform transforms how organizations manage cybersecurity—reducing complexity, enhancing compliance, and delivering measurable cost savings. We empower our customers to focus on their core business while we safeguard their critical assets against evolving cyber threats.”
About Fortuna Cysec
Fortuna Cysec delivers an intelligent security ecosystem that integrates AI-driven threat defense, risk mitigation, and compliance to safeguard assets, ensure resilience, and drive growth across diverse environments. For more information, visit www.fortunacysec.com
About The Channel Company
The Channel Company (TCC) is the global leader in channel growth for the world’s top technology brands. We accelerate success across strategic channels for tech vendors, solution providers, and end users with premier media brands, integrated marketing and event services, strategic consulting, and exclusive market and audience insights. TCC is a portfolio company of investment funds managed by EagleTree Capital, a New York City-based private equity firm. For more information, visit www.thechannelco.com
Fortuna Cysec helps Extended Care Facility increase its security and privacy posture
A Lifespan community in South East US with more than 800 residents in its various facilities which include Independent Living (IL), Assisted Living (AL), Skilled Nursing home (SNF) and Memory Care.
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Block quote
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript
Fortuna Cysec helps Healthcare Organization protect sensitive patient health information through robust cybersecurity measures
Working with the acute care facility’s IT security team Fortuna Cysec was able to assess the implemented solutions, find gaps in the implementations, bring best practices and discuss with the team.
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Block quote
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript
