Services

Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?

Blog

2 min read

In Democracy We Trust

By Nisos on Jan 19, 2021 3:43:31 PM

In July 2020, enterprising PhD candidates and a Johns Hopkins professor began aggregating predictions of unrest in the United States into a site unsubtly titled “anewcivilwar.com”. At the time, it could have been easy to dismiss the effort as a cherry-picked exercise in confirmation bias. This talk seemed reminiscent of the main themes of Russian propaganda, which gleefully predicted the imminent collapse of the United States, even as mainstream observers, such as The Atlantic, USA Today, and the FBI warned of the potential of election-related unrest.

Continue Reading
4 min read

Steps for External and Internal Threat Hunting in the Aftermath of SolarWinds

By Vincas Čižiūnas on Dec 30, 2020 2:58:16 PM

The holiday season is full of joy, anticipation, and the latest technology breach news. With this being 2020, the technology industry, not wanting to be outdone by forest fires, plagues, and murder hornets, came out with its own version of a ‘natural disaster’; an espionage campaign, known as SUNBURST that co-opted the SolarWinds Orion Platform. 

Continue Reading
5 min read

White Supremacist Movements Are Exploding

By Patricia Bailey on Dec 23, 2020 1:04:47 PM

Has Your Company Assessed the Possible Risk to Its Brand and Leadership?

Violent white supremacist movements have been undergoing a strong resurgence since 2013. Does your company have eyes on this emerging threat? If not, Nisos has the experience and proprietary tools to help.

Topics: Cybersecurity
Continue Reading
3 min read

Actioning Cyber Threat Intelligence for Cloud-based Enterprise

By Jason Boucher and Travis Peska on Dec 9, 2020 2:21:10 PM

Today, many companies are primarily cloud-based with little on-premise infrastructure. These organizations often have minimal internal network traffic and may even have limited email usage. In these environments, the risk of developer misconfigurations and inadvertent leaks are a higher priority concern than traditional indicators of compromise (IOCs). Monitoring IOC artifacts from spear phishing attempts is not as critical to security as ensuring developers do not accidentally expose critical infrastructure to malicious attackers.

For threat intelligence to be useful in these cloud-based organizations, it is critical that cost-effective monitoring directly targets and triages potential security exposures.

Threat intelligence should assist in:
  • The identification of credential leaks
  • Developer misconfiguration of container environments 
  • Unauthorized access to critical cloud services not protected by multi-factor authentication
  • Infrastructure or code base vulnerabilities. 
For cloud-based companies in which an application is the primary business function, they are bound to experience fraud and attacks on their brand reputation as they grow. In order to combat these attacks, they must leverage customized threat intelligence.

Threat Intelligence Basics for Cloud-Based Companies

IOCs, including malicious hashes, IP addresses, and domains are generally less useful to cloud-based companies that are primarily concerned about misconfigurations or inadvertent leaks.

In general, cloud infrastructure and applications lack the network traffic necessary to allow forensic artifacts to be useful.

While endpoint security, vulnerability management, and SIEMs are still important for cloud-based companies to detect malicious activity on endpoints, identify vulnerable services, and assist if endpoints are lost or stolen, complementary external threat hunting and intelligence services should primarily focus on:

  • Credential Leaks
  • Container Misconfiguration
  • Unauthorized Access to Cloud Services
Credential Leaks

Best practices dictate that multi-factor authentication should be implemented to protect external-facing services, including VPN and RDP. In situations where multi-factor authentication is not in use, it is helpful to use third-party services to monitor for credential leaks for company employees.

Credential leaks are less important if an organization has implemented single-sign-on (SSO) with two-factor authentication. However, it is rare that all applications are configured with SSO. In these instances, it is important to track credential leaks.

Container Misconfiguration

All too often, development teams leverage base images without an understanding of the full image ‘chain’. By injecting malicious code into an upstream base image, a threat actor can compromise downstream services. Regular audits of the full chain of container definitions assist in curbing unwanted code execution. Similar to traditional servers, container environments communicate via IP Monitoring via external netflow or deep packet inspection provides another layer of protection against compromised libraries and publicly available container images.

Visibility into Unauthorized Access to Critical Cloud Services

Monitoring GitHub repositories is critical to preventing accidental disclosure of sensitive information such as private keys or account credentials.

Netflow and passive DNS analysis can help identify unauthorized access to cloud resources. While unauthorized cloud access is hard to detect in netflow, because authorized access looks the same, enabling appropriate logging increases visibility.

For example, AWS logging capabilities allow analysts to review CloudTrail and CloudWatch logs in tandem. By setting up AWS Traffic Mirroring, analysts can collect packet-level network traffic coming to and from the cloud instances. Matching these configurations with external netflow and scouring Github for public and private keys increases the ability to identify unauthorized cloud access.

Outside Partners Provide Additional Adversary Insight

With the increased need for an understanding of often ambiguous indicators, cloud-based companies will benefit from working with a partner like Nisos that specializes in investigations external to the company’s network.

Determining the difference between a true indicator of a breach or a simple misconfiguration requires deep understanding of how an adversary would attack a cloud environment, as well as the external data that can illuminate a potential attacker’s interaction with the environment. This external data can also help companies prevent methods of fraud including account takeover, spamming of customers, or rogue applications being established.

With assistance from outside experts, cloud-based security teams can feel confident they are well equipped to mitigate risk and respond appropriately when needed.
Topics: Cybersecurity
Continue Reading
3 min read

How to Successfully Implement a Threat Intelligence Program

By Landon Winkelvoss on Nov 23, 2020 5:21:55 PM

Threats continue to occur on a global scale. They are large, they are complex, and they are growing. This problem has led to widespread interest in tailoring intelligence programs that provide insight into business problems and generate actionable outcomes.

For intelligence to drive a security program, organizations need 1) a vehicle to drive, 2) a direction to go, 3) a dedicated driver, and 4) an understanding of the terrain as well as the ability to look back, pivot and maneuver when obstacles are encountered.

The Vehicle: Defensive Security

Optimizing threat intelligence requires a defensive security team with the ability to recognize and respond to incidents, identify and patch vulnerabilities, and track and resolve risk.

Programs do not have to launch in a fully-matured state, because threat intelligence and the environment can be used to guide program development, facilitate continuous improvement, and achieve increasingly higher levels of maturity.

However, even from the beginning, it is critical to the development of a threat intelligence program that if and when an organization identifies a threat, they are able to mitigate or resolve the threat.

The Direction: Priority Intelligence Requirements

Initially identifying the direction a threat intelligence program will travel can be as simple as highlighting an organization’s key threats.

Priority Intelligence Requirements (PIR) assist in addressing key threats by providing a series of questions the threat intelligence team must answer.

No single program is suitable for all organizations. Different organizations will have different priorities. For example, if an organization has significant research and development or high value intellectual property, the first PIR may be to identify:

  • Who is interested in our data and what are their tactics, techniques and procedures?

However, if an organization is inundated with phishing emails related to wire fraud and their position in a supply chain, the first PIR may be to outline:

  • What are the key techniques utilized for wire fraud and supply chain takeover and the proactive steps required to reduce or mitigate the threat?


The Dedicated Driver: Full-Time Resource and Collaboration

A common mistake when developing a threat intelligence program is the failure to provide adequate resources and staffing. In many cases, organizations will assign a person the role in addition to other existing duties. Organizations often balk at hiring a full-time, experienced, threat intelligence analyst. This approach is likely to fail. Without dedicated focus, a part-time analyst will be pulled in too many directions to be able to accurately and effectively perform all of the necessary functions and establish a successful intelligence program.

This individual may lean on solutions like intelligence feeds that are noisy and lack context, preventing the development of actionable intelligence. Without actionable intelligence, it is difficult to justify a threat intelligence program.

Threat intelligence programs require a lot of diplomacy and collaboration. An experienced and successful threat intelligence analyst will be able to effectively communicate with an organization’s c-suite as well as technical and non-technical peers. Experienced analysts have the skills to provide consistently actionable intelligence. Just as importantly, they have the ability to communicate the reason, the process, and the desired outcomes to stakeholders across the organization.

The Terrain: Choosing the Right Supplemental Intelligence

Supplemental intelligence resources fill in gaps that a Threat Intelligence Program is not able to provide on it’s own.

For organizations beginning the process with one analyst, this may be a platform that assists in the collection of data, a targeted intelligence feed, or assistance from a managed intelligence services provider.

Of critical importance is an organization’s understanding of the unique terrain their company will traverse. This allows them to reinforce their intelligence program and prepare for incoming threats. For example, engaging with a threat intelligence company specializing in Advanced Persistent Threats and nation state actors may not be the right choice for a retail manufacturer, but it is imperative for critical infrastructure. Likewise, a medical facility without a clear understanding of ransomware and how to protect against the latest variants is missing knowledge that could allow them to prevent or mitigate attacks.

Based on the unique characteristics of each organization, it is important to reinforce any Threat Intelligence Program with supplemental intelligence and investigative expertise that maps directly to the threats they will likely encounter.

The Obstacles

Regardless of whether an organization is facing cyber-crime, nation state espionage, physical security threats, aggressive online hostiles, or threats targeting their supply chain, it’s critical to have investigative support that helps provide proper context.

The “how”, “why”, and potentially the “who” that inform actionable outcomes determine if a threat or vulnerability requires remediation.

Many threat intelligence providers can provide an early warning, but the investigative follow-through is where the value lies. The ability to rapidly confirm or deny whether a breach is in process can be the difference between success and failure.

Conclusion

Topics: Cybersecurity
Continue Reading
2 min read

Weaponization for Disinformation

By Zeshan Aziz on Nov 9, 2020 10:26:23 AM

Continuing our series on the adversarial mindset, we focus on how actors weaponize narratives for disinformation operations. 

In a previous blog post, we wrote about the reconnaissance steps that disinformation actors take prior to launching their operations, including recruitment of individuals with native language proficiency.

Continue Reading
3 min read

What is Coordinated Inauthentic Behavior?

By Zeshan Aziz on Nov 2, 2020 9:39:16 AM

Coordinated Inauthentic Behavior (CIB) is a common phrase heard in the news regarding disinformation, misinformation, and influence operations; but what exactly does it mean? 

First, let’s define our terms: inauthentic behavior, and coordinated

Continue Reading
3 min read

Analyzing a Trump Video for Deepfake Potential

By Justin Simms on Oct 28, 2020 10:19:49 AM

With the presidential election upon us, the looming threat of deepfake videos is most certainly on everyone's minds. 

While the threat of malicious use of this ever-evolving technology has not reached the point where most companies need to dedicate extensive resources into its detection and appropriate defenses, Nisos took a look at the current state of deepfake detection technologies.

Continue Reading
7 min read

Weaponization for Cyber-Enabled Fraud

By Jackie Hicks on Oct 26, 2020 10:46:26 AM

In our previous blog, we highlighted how fraudsters conduct reconnaissance for fraud activities. 

While banking malware, trojans, worms, and botnets such as Zeus Panda, Ramnit and Trickbot have typically been used to infect consumer PCs in order to collect personal data and online login credentials, including banking sites, not all weaponization is malware-related.

Continue Reading
4 min read

Weaponizing Tools for Computer Network Operations

By Landon Winkelvoss & Paul Morrissette on Oct 13, 2020 9:14:13 AM

Continuing in our series on the adversarial mindset, we focus on weaponization for computer network operations. Following the reconnaissance phase and identifying a target, an actor needs to gain a foothold in a network before determining how to monetize the access or remain “low and slow” to conduct additional collection, typically for espionage purposes.

Continue Reading
4 min read

How Adversaries Conduct Reconnaissance For Disinformation Operations

By Landon Winkelvoss and Matthew Brock on Oct 6, 2020 10:08:04 AM

Building on our series exploring the adversarial mindset, disinformation actors seek amplification of their content, regardless of whether their goal is financial, ideological, or political. Disinformation actors need venues to post their content that will be most likely to result in viral spread of their messages. Oftentimes, depending on the sophistication of the actors and the narrative they are trying to publicize, they might not even care if they are identified or not.

Continue Reading
3 min read

An Introduction to Honeypots

By Landon Winkelvoss on Oct 4, 2020 7:23:24 PM

In our latest blog series, we discuss how threat intelligence can be applied smarter for medium sized organizations with limited resources. We discuss ways to proactively detect threats beyond subscribing to information feeds that require a lot of resources to aggregate and ingest into SIEMs.

Continue Reading
3 min read

How Adversaries Conduct Reconnaissance For Fraud Operations

By Jackie Hicks on Sep 29, 2020 10:56:04 AM

Building on our series on the adversarial mindset, fraudsters will identify a target based on the ease and speed with which they are able to monetize their fraudulent activities.

Many of the reconnaissance steps involve a threat actor learning how a company conducts their business, and oftentimes,  fraudsters end up understanding the business almost as well as the company and its employees do.

Continue Reading
2 min read

Making Threat Intelligence Useful for Medium-Sized Enterprises

By Landon Winkelvoss on Sep 28, 2020 9:55:15 AM

Medium-sized enterprises that don’t have sophisticated security operations teams typically focus on the basic blocking and tackling of information security: policies around financial controls, incident response plans, data retention policies, disaster recovery around user access, lifecycle management policies.

Continue Reading
3 min read

How Adversaries Conduct Reconnaissance For Computer Network Operations

By Landon Winkelvoss & Mike Davis on Sep 23, 2020 10:28:44 AM

The adversarial mindset is the core that allows us to provide a world-class intelligence capability tailored to the needs of business. Many people ask what it means to have the adversarial mindset and how that differentiates Nisos. While it’s a complicated answer based on capability, we wanted to share some insights, from our first-hand experience, about how adversaries operate.

Continue Reading
2 min read

Six Considerations for Building a Cyber Threat Intelligence Program

By Landon Winkelvoss on Sep 21, 2020 9:37:01 AM

When evaluating cyber threat intelligence programs for enterprise, organizations should consider six critical topics before spending on data.

Continue Reading
2 min read

Three Steps to Use Threat Intelligence, Red Team, and Blue Team Collaboration to Improve Security

By Landon Winkelvoss on Sep 15, 2020 9:46:51 AM

For many medium and large organizations, a penetration test that results in a “data breach” is going to lead to numerous findings that take months and sometimes years to remediate.

Continue Reading
1 min read

Avoiding Ransomware

By Landon Winkelvoss on Sep 8, 2020 8:24:24 AM

Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night.

Continue Reading
1 min read

Podcast Platitudes

By Landon Winkelvoss on Sep 2, 2020 11:56:49 AM

Cybersecurity is an ever-evolving industry tackling some really challenging problems. Here at Nisos we truly feel that it is necessary to learn from the best at every opportunity, and we try to ensure that all of the material we present makes its consumers better at their jobs the day they consume it.

Continue Reading
2 min read

What is Digital Identity Reduction and Why Does it Matter?

By Seth Arthur on Sep 1, 2020 4:32:29 AM

The amount of information openly available on the internet about any given individual is staggering. 

More and more, privacy and online security are brought into the limelight and people are becoming more protective of their online presence. We urge our family, friends, and colleagues to follow general safety guidelines such as to use complex passwords, change them often, turn off geolocation services, and set profiles to private.

Continue Reading
2 min read

Four Future Trends of Disinformation Campaigns

By Landon Winkelvoss on Aug 31, 2020 11:42:52 AM

While disinformation has played a powerful role in the geopolitical world over the last four years, enterprise is increasingly needing to be prepared to address numerous types of disinformation as well.

Continue Reading
2 min read

Three Ways to Improve Return on Investment for Threat Intelligence

By Landon Winkelvoss on Aug 26, 2020 9:48:57 AM

If a corporate threat intelligence program is merely focusing on indicators of compromise delivered to a security operations function, they should consider expanding their reach throughout the organization. Mature and maturing security programs spend significant time gathering feedback throughout the enterprise to do what’s good for the business.

Continue Reading
4 min read

Hacker Diplomacy: How to Minimize Business Risks Stemming from Vulnerability Disclosures

By Jennifer DeTrani, General Counsel of Nisos on Aug 24, 2020 12:22:01 PM

In the new Work-From-Home world where non-essential companies have pivoted into a remote workforce model with increasing reliance on business tools that ensure connectivity, there is a growing concern that tools like Zoom may not be vetted to the full extent of their now-applicable use case.  And even outside of work, with consumers turning away from gyms and malls and moving their children into virtual environments for schooling, the question remains as to when the cracks in the foundation will come to light, and who will shine the light on them to the companies who are the custodians of our new normal.  

Continue Reading
1 min read

Steps for Medium Sized Businesses to Address Cyber Supply Chain Risk

By Landon Winkelvoss on Aug 17, 2020 7:24:47 AM

Any business operating on the internet with internet accessible services provides an opening for anyone else on the internet - good, bad, or indifferent - to interrogate those services and see what’s running. 

Continue Reading
2 min read

Translating Cyber Threat Intelligence for the Rest of the Business

By Landon Winkelvoss on Aug 10, 2020 10:16:53 AM

For enterprise businesses, especially in the technology, finance, and manufacturing sectors, the use cases and company consumers of intelligence work can be almost limitless. Therefore, it’s critical for a threat intelligence team to be transparent throughout the enterprise and openly promote the capabilities it can bring. 

Continue Reading
4 min read

Five Critical Data Source Considerations for External Threat Hunting

By Willis McDonald on Aug 5, 2020 10:16:30 AM

Strong intelligence starts with good sources and when it comes to gaining the most context around suspicious events or adversaries of interest, nothing beats external hunting.

Most current threat hunting is rightfully focused on hunting inside the firewalls of an enterprise, but often, security teams cannot reach definitive conclusions due to large scale visibility gaps and a lack of effective log aggregation. 

Continue Reading
3 min read

Three Types of Disinformation Campaigns that Target Corporations

By Mike Davis on Aug 4, 2020 4:34:46 AM

In 2018, The Washington Post named “misinformation” its “word of the year.” In 2019, NPR labelled “disinformation” the same.

Then 2020 happened. 

Continue Reading
2 min read

Using Threat Intelligence to Counter Platform Abuse

By Landon Winkelvoss on Aug 3, 2020 5:17:07 AM

Companies whose products serve as collaboration platforms play a key role in our increasingly cloud native and remote work environment. The technology allows companies to achieve clear business opportunities, but also cause unique security challenges. Not only must they protect their corporate and development systems like all enterprises (endpoints, network infrastructure, container and VM security, etc), they also need to protect customers' data on their platforms.

Continue Reading
1 min read

Threat Intelligence Use Cases for Trust and Safety

By Landon Winkelvoss on Jul 27, 2020 11:18:37 AM

Varied threats like disinformation, platform abuse, brand dilution, strategic breach campaigns, extortion, insider threats and nation states stealing intellectual property are more prevalent than ever.  More and more of these threats live far outside the traditional environment of analysts investigating potential cyber intrusions on their dashboards. 

Continue Reading
1 min read

Considerations for Measuring the Return on Investment of Cyber Threat Intelligence

By Landon Winkelvoss on Jul 19, 2020 4:48:19 PM

Security operations centers across the world are consumed with how to measure the return on investment of threat intelligence. There are different schools of thought, but we favor a model that measures actionable events. 

Continue Reading
2 min read

Advancing OSINT to Turn Data into Intelligence

By Landon Winkelvoss on Jul 13, 2020 1:56:35 PM

While cyber threat analysts are critical to determine what cyber threats are relevant to their respective organizations so they can take the appropriate action, open source intelligence (OSINT) and investigations can often be the added value to address the “how”, “why”, and sometimes “who” that brings much needed context. 

Continue Reading
2 min read

Three Considerations for Measuring Return on Investment from Threat Hunting

By Landon Winkelvoss on Jul 8, 2020 10:26:06 AM

Threat hunting often has ill-defined metrics for organizations attempting to measure “return on investment.” If an analyst isn’t finding bad actors in the environment, leadership may question the value they are bringing. If they are finding a lot of actors, leadership may question how effective they are at their job if incident response is constantly being called for false alarms. Furthermore, questions will arise, depending on how long the actors were present in the network, the severity of the breach and if disclosures need to occur.

Continue Reading
1 min read

Two Considerations for Building a Security Program Grounded in Diversity and Inclusion

By Landon Winkelvoss on Jul 6, 2020 10:32:14 AM

Corporate security programs for major organizations deal with a variety of threats at a staggering global scale and there are playbooks to deal with many of these issues. Above all else, though, the most important task is building trust with the workforce according to recent remarks made by Uber’s Global Head of Security Resilience and Partnerships Dan Williams. 

Continue Reading
2 min read

Reflections on Duty and Service

By Justin Zeefe on Jul 2, 2020 3:02:28 PM

The approach of the fourth of July holiday typically marks a moment in time when we as a country take stock of a summer day, look around at family, friends and neighbors and appreciate what we have, where we live, and our freedoms.  However, this year will pose some challenges - both logistical and philosophical.

Continue Reading
2 min read

Three Considerations for Getting Early Wins from an Insider Threat Program

By Landon Winkelvoss on Jun 29, 2020 11:20:47 AM

Building an insider threat program can be a cultural shift for an organization that values transparency and openness with its workforce. Below are some considerations for demonstrating results with limited resources and showing value to executive leadership without disgruntling the workforce, as discussed with Charles Finfrock from Tesla.

Continue Reading
3 min read

Unexpected Benefits of Third Party Risk Management

By Mike Davis on Jun 24, 2020 10:56:47 AM

One of the most interesting engagements we’ve seen at Nisos, and there have been many, is straight out of a binge-worthy Netflix drama. A publicly-traded company enters a new business partnership with a seemingly innocuous third party, only to have the FBI at its door several months later asking real questions about international organized crime syndicates and money laundering.

Continue Reading
3 min read

Considerations for Securing Container Environments

By Landon Winkelvoss on Jun 22, 2020 11:58:07 AM

Containers are popular because they are a cost-effective way to build, package, and promote an application or service, and all its dependencies, throughout its entire lifecycle and across different on-prem, cloud, or hybrid environments. However, major security risks emerge in downstream repositories and subsequent logging of ephemeral objects that naturally disappear. 

Alan Orlikoski of Square shared his insights on how to mitigate some of these risks and conduct proper vulnerability management and incident response with regard to container environments.

Continue Reading
1 min read

Considerations for Security Controls in Containerized and Virtual Environments

By Landon Winkelvoss on Jun 15, 2020 12:04:34 PM

Current security controls will need to be re-defined based on how we protect the enterprise with two primary considerations: containerized and virtualized environments according to CIO and CISO of Risk Management Solutions (RMS) Dave Ruedger.

Continue Reading
5 min read

The Nisos Dogpile

By Landon Winkelvoss & Justin Zeefe on Jun 10, 2020 9:55:21 AM

As co-founders, Justin and I have had thousands of conversations about Nisos with prospects, clients, investors, and peers in the cybersecurity and investigations industry. The question always comes up, “How are you different?” One of the challenges with differentiation, especially as a services business, is so much of what we deliver is tied to intangibles like talent and process in people. “You know how many times vendors walk into my office and say they were former members of the US Intelligence Community?” was a popular response from prospective clients in the early days.

Continue Reading
2 min read

Threat Intelligence Through the Eyes of Adversaries

By Landon Winkelvoss & Tyler Robinson on Jun 8, 2020 12:12:28 PM

Any adversary conducts reconnaissance on a potential target with one question in mind: is the time and resources for research, development, and exploitation, going to be worth the gain? Below are four insights on threat intelligence from the eyes of adversaries.

Continue Reading
2 min read

How to Use Context to Secure Your Platforms

By Mike Davis on Jun 3, 2020 8:40:44 AM

Attribution often gets a bad name in the cybersecurity industry. Attribution can be challenging and may not lead to a direct business outcome is a common refrain. Companies that operate digital platforms have a unique advantage when it comes to attribution, however.

Continue Reading
2 min read

Three Steps to Work with the Business and Get Your Security Team a Seat at the Table

By Mike Davis on Jun 1, 2020 3:40:28 PM

Corporations big and small at least place some emphasis on cybersecurity, but when it comes to establishing a company strategy with data security in mind, many security leaders remain relegated to an “as-needed,” “cost-center” position. This paradigm places security teams in a no-win scenario. Once something bad happens, they are to blame and must react immediately but if nothing happens, there must not be a need to more deeply integrate privacy or data security as a feature of the business. 

Continue Reading
3 min read

Three Things to Look For to Identify Context Around an Attack Quicker

By Mike Davis, Vincas Čižiūnas, David Schertzer on May 29, 2020 2:36:17 PM

The cybersecurity industry has defined the term “attribution” of threat actors to refer to the identification of the specific actor or group of actors responsible for an attack. For many victims,  “attribution” as defined by the industry is unnecessary; understanding the ‘what’ and ‘how’ and returning to business as usual are much more important than knowing the ‘who’ behind the attack. 

Continue Reading
2 min read

Managed Intelligence: Four Factors for Building Adversarial Context

By Landon Winkelvoss on May 26, 2020 8:48:50 AM

With limited time and resources for a SOC to prioritize threats for additional research, Mars CISO Andrew Stanley gives several important factors when considering adversarial context with regard to the “who, how, and why” of attribution.

Continue Reading
3 min read

Managed Intelligence: Four Outcomes from Operationalizing Intelligence for Third-Party Risk Management

By Landon Winkelvoss on May 20, 2020 4:42:07 PM

Actionable intelligence is critical for third party risk management as it’s easy to chase false positives that waste resources. While automation enables timely response, deeper analysis is needed to make information from automated sources actionable. Zero touch diligence provides intuitive and actionable intelligence that matters for businesses assessing third-party risk by fusing robust analytic methodology with a suite of tools to collect, store, enrich, and integrate data from a wide variety of sources. Below are the four outcomes that result from thorough zero touch diligence efforts:

Continue Reading
2 min read

Three Areas of Focus For Your Insider Threat Program During the COVID-19 Crisis

By Mike Davis on May 18, 2020 11:57:00 AM

Security teams are settling in to the “new normal” of remote work as the COVID-19 crisis nears its third month here in the U.S. As many teams have discovered, among the myriad of logistical issues of a remote workforce is the increased risk insiders can cause cybersecurity incidents, even if mostly unintentionally. For many companies, the combination of required changes to network access policies and the human element of uncertainty around layoffs, furloughs, and salary reductions has created a need to quickly re-think the priority placed on insiders.  

Continue Reading
7 min read

Know Your Adversary: Russian APTs

By Vincas Čižiūnas on May 14, 2020 5:28:15 PM

In the previous two articles in this series, we examined the Iranian and Nigerian Advanced Persistent Threats (APTs) under a sociohistorical lens in order to better understand the various drivers that instigate their threat activity.  Today, we examine Russia under the same optic, to see if we can gain more insight than the traditional Technique, Tactic, and Procedure (TTP) game of whack-a-mole generally provides.

Continue Reading
2 min read

Four Priorities for Aligning Your Insider Threat Program

By Sean Weppner on May 6, 2020 1:30:50 PM

Organizations based in the United States continue to deal with considerable intellectual property theft and largely do not address the issue until there is a problem. The ability to effectively monitor for negligent or malicious insider threat activity is largely dependent on four main factors:

Continue Reading
4 min read

Know Your Adversary: The Criminal Underworld in Nigeria

By Vincas Čižiūnas & Jonathan Neuhaus on May 5, 2020 10:52:03 AM

Having examined the underpinnings of Iranian culture and the nexus with its corresponding Advanced Persistent Threat (APT), we turn our eyes towards Africa.  Often overlooked as an APT, elements of postcolonial realities in Nigeria have contributed to an advanced criminal underworld.  

Continue Reading
5 min read

Tracing the Technology Origin of a Presidential Candidate Deepfake

By Rob Volkert on Apr 29, 2020 12:57:50 PM

The recent tweet of a doctored photo, turned into a GIF and nicknamed “Sloppy Joe”, of US presidential candidate Joe Biden1 has prompted controversy over whether the image qualifies as a deepfake, which would make it the first used in a US election cycle. President Trump’s Twitter account retweeted the original post shortly thereafter which resulted in debate over whether the GIF was a deepfake, what the intention was, and whether it violated Twitter’s synthetic and manipulated media policy. Several prominent press outlets, including the Atlantic2 and Motherboard3, went back and forth whether this was the first documented deepfake use in US politics. 

Topics: deepfakes
Continue Reading
2 min read

Risk and Reward – the Importance of Knowing the Network

By Sean Weppner on Apr 21, 2020 6:17:37 PM

The CISO’s role continues to evolve with the variables that change around them - ranging from the threat landscape, to the board of directors. These directly impact who targets you, who/what those attackers target to get access, and the resources you get to protect the company. But for the CISO, the foundation that everything builds on is their knowledge of the network that they defend.

Topics: gap analysis
Continue Reading
4 min read

Disinformation in the Time of Pandemics

By Sean Weppner on Apr 15, 2020 6:33:21 PM

So here we are, caught in the middle of a pandemic stemming from some failed chiroptera cuisine and aside from all of the normal daily activities, ones which a month and a half ago would have pulled me physically in several different directions and locations, I otherwise find myself at the intersection point of these three things: (1) isolation, (2) reading (in this case, browsing the internet), and (3) lots of thinking. 

Continue Reading
2 min read

Cybersecurity Diligence is Financial Diligence

By Mike Davis on Apr 7, 2020 9:11:54 PM

Healthy deal flow that enables investment at a price point in line with an exit strategy is the foundation of the private equity business model. It is a given investors will conduct detailed diligence around a target’s financials, market, structure, and many other factors to help confirm their thesis around an acceptable entry price point. Of course a deal should not move forward if the investor’s plans will not make the difference to achieve an outcome, and these diligence steps are designed to maximize understanding, and thus de-risk the investment.

Continue Reading
2 min read

Cybersecurity Diligence Doesn’t Need to be a Heavy Lift

By Mike Davis on Apr 2, 2020 9:23:58 AM

Corporations large and small have always used acquisitions as a staple of their strategies to enter new markets, gain a competitive edge, and grow faster than they could organically. Similarly, private equity and venture capital firms have a prominent role in our modern economy and operate specifically to find value in acquisitions or investments. While financial and market diligence has always been a fundamental element of the acquisition process, many acquirers continue to place limited scrutiny on the cybersecurity risks and opportunities arising from an acquisition target.

Continue Reading
3 min read

Know Your Adversary: Iran

By Jonathan Neuhaus & Vincas Čižiūnas on Mar 25, 2020 11:56:49 AM

While researching advanced persistent threats (APTs), the common analytic angle has always been to identify malware and infrastructure techniques, tactics, and procedures (TTPs), and to develop detections. While this is effective for big player APTs such as Russia and China, it results in a game of whack-a-mole as blocking known TTPs necessitates identifying new ones.  Without gaining an understanding of the human factors involved, it becomes like an endless game of cat and mouse.

Continue Reading
2 min read

M&A should stand for “Mitigate, Not Avoid"

By Sean Weppner on Mar 20, 2020 8:09:36 AM

We’ve all read the horror stories over the past several years - the revelation of prior data breach in a target organization led to a massive decrease in the sale price, the unknown/unmitigated compromise led to a subsequent breach in the acquiring organization and massive PR fallout. It rings true to all of us in the business of cybersecurity, because the story really could be any of us. Moreover, from what I’ve seen, there are two truths to most large organizations:

  1. Bigger = More assets = larger risk surface area
  2. Growth is often achieved (and sustained) through inorganic growth
Continue Reading
2 min read

Cyber Hygiene for a Remote Workforce

By Vincas Čižiūnas on Mar 12, 2020 4:12:29 PM

With coronavirus gaining strength worldwide, a lot of companies are faced with something that they may have been avoiding:  the prospect of a completely remote workforce. As is usually the case when situations are thrust upon a company, old mistakes come to light, new mistakes are made, and past actions turn out to have unintended consequences.  In our decades of collective experience and by virtue of being a mostly remote company, we have seen these mishaps occur. In that light, we have some recommendations for dealing with empty offices and a remote workforce to minimize threats to your company in the confusion of this new environment.

Continue Reading
2 min read

Don’t let everyone (and their mother) have your PCI data

By Vincas Čižiūnas on Mar 2, 2020 10:54:48 AM

The other day, WIRED posted an article about “How a Hacker's Mom Broke Into a Prison—and the Warden's Computer." Black Hills Cyber’s John Strand sent his non-hacker mother into a prison posing as a health inspector.  Not only did she manage to gain access to computer systems associated with various prison networks, she even managed to get the warden to implant his computer by opening a malicious document.  It reads like the screenplay to an Ocean’s Eleven reboot. 

Continue Reading
1 min read

Purple With a Purpose

By Debra Richardson on Feb 12, 2020 11:08:50 AM

Nisos Purple Team engagements are much more than a simple check-the-box assessment. Ever-evolving threats from persistent malicious actors make your job of protecting the crown jewels difficult. Security-conscious organizations understand the importance of assessing their security team’s capabilities for effective detection and response. We know adversaries and we make it our business to track their use of new tactics, techniques, and procedures across industries and we are all too happy to share this knowledge during our Purple Team engagements.

Topics: Purple Team
Continue Reading
2 min read

The Value of a Pentest

By Debra Richardson on Jan 16, 2020 1:56:26 PM

Businesses and organizations always seem to be a few steps behind adversaries; that is the natural consequence of asymmetric threats. True Penetration testing will make you a fierce competitor, enabling organizations to understand your weaknesses and see your gaps – allowing you to monitor, remediate and defend them.

Topics: Blogs
Continue Reading
2 min read

Red Team: The Nisos Way

By Debra Richardson on Jan 9, 2020 9:48:00 AM

A Nisos Red Team simulates the full breadth of a sophisticated attacker, using the tactics, techniques and procedures employed by malicious actors. Our Red Team exercises are tailored to the needs of our individual clients. You need and deserve more than an automated report.

Topics: Blogs
Continue Reading
2 min read

When Disinformation Targets Companies: The Case of #BoycottOliveGarden

By Cindy Otis on Sep 4, 2019 8:00:00 AM

False information can spread faster than the truth on social media, and more and more, companies are feeling the impact of that reality. In early August, a handful of Twitter accounts began tweeting lists of companies it claimed supported President Trump’s re-election campaign and called for a boycott against them. One of the accounts (@maryruthedk) even tweeted the list in response to a Washington Post article that debunked the claims. One post from an account claiming to be a dual US and Swedish citizen living in New York (@DemocraticSurge) received more than 15,000 retweets and 17,200 likes.

Topics: Cybersecurity
Continue Reading

Featured