Services

Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

Services Overview

Insider Threat Webinar

Getting Inside Insider Threats: Response and Mitigation. Stopping malicious or simply incompetent insiders from doing damage isn't just an exercise in analyzing where the damage came from. Insider Threats aren’t just malicious employees. They can run the gamut from incompetent to accidental to theft.

Blog

4 min read

Disinformation in the Time of Pandemics

By Sean Weppner on Apr 15, 2020 6:33:21 PM

So here we are, caught in the middle of a pandemic stemming from some failed chiroptera cuisine and aside from all of the normal daily activities, ones which a month and a half ago would have pulled me physically in several different directions and locations, I otherwise find myself at the intersection point of these three things: (1) isolation, (2) reading (in this case, browsing the internet), and (3) lots of thinking. 

Continue Reading
2 min read

Cybersecurity Diligence is Financial Diligence

By Mike Davis on Apr 7, 2020 9:11:54 PM

Healthy deal flow that enables investment at a price point in line with an exit strategy is the foundation of the private equity business model. It is a given investors will conduct detailed diligence around a target’s financials, market, structure, and many other factors to help confirm their thesis around an acceptable entry price point. Of course a deal should not move forward if the investor’s plans will not make the difference to achieve an outcome, and these diligence steps are designed to maximize understanding, and thus de-risk the investment.

Continue Reading
2 min read

Cybersecurity Diligence Doesn’t Need to be a Heavy Lift

By Mike Davis on Apr 2, 2020 9:23:58 AM

Corporations large and small have always used acquisitions as a staple of their strategies to enter new markets, gain a competitive edge, and grow faster than they could organically. Similarly, private equity and venture capital firms have a prominent role in our modern economy and operate specifically to find value in acquisitions or investments. While financial and market diligence has always been a fundamental element of the acquisition process, many acquirers continue to place limited scrutiny on the cybersecurity risks and opportunities arising from an acquisition target.

Continue Reading
3 min read

Know Your Adversary: Iran

By Jonathan Neuhaus & Vincas Čižiūnas on Mar 25, 2020 11:56:49 AM

While researching advanced persistent threats (APTs), the common analytic angle has always been to identify malware and infrastructure techniques, tactics, and procedures (TTPs), and to develop detections. While this is effective for big player APTs such as Russia and China, it results in a game of whack-a-mole as blocking known TTPs necessitates identifying new ones.  Without gaining an understanding of the human factors involved, it becomes like an endless game of cat and mouse.

Continue Reading
2 min read

M&A should stand for “Mitigate, Not Avoid"

By Sean Weppner on Mar 20, 2020 8:09:36 AM

We’ve all read the horror stories over the past several years - the revelation of prior data breach in a target organization led to a massive decrease in the sale price, the unknown/unmitigated compromise led to a subsequent breach in the acquiring organization and massive PR fallout. It rings true to all of us in the business of cybersecurity, because the story really could be any of us. Moreover, from what I’ve seen, there are two truths to most large organizations:

  1. Bigger = More assets = larger risk surface area
  2. Growth is often achieved (and sustained) through inorganic growth
Continue Reading
2 min read

Cyber Hygiene for a Remote Workforce

By Vincas Čižiūnas on Mar 12, 2020 4:12:29 PM

With coronavirus gaining strength worldwide, a lot of companies are faced with something that they may have been avoiding:  the prospect of a completely remote workforce. As is usually the case when situations are thrust upon a company, old mistakes come to light, new mistakes are made, and past actions turn out to have unintended consequences.  In our decades of collective experience and by virtue of being a mostly remote company, we have seen these mishaps occur. In that light, we have some recommendations for dealing with empty offices and a remote workforce to minimize threats to your company in the confusion of this new environment.

Continue Reading
2 min read

Don’t let everyone (and their mother) have your PCI data

By Vincas Čižiūnas on Mar 2, 2020 10:54:48 AM

The other day, WIRED posted an article about “How a Hacker's Mom Broke Into a Prison—and the Warden's Computer." Black Hills Cyber’s John Strand sent his non-hacker mother into a prison posing as a health inspector.  Not only did she manage to gain access to computer systems associated with various prison networks, she even managed to get the warden to implant his computer by opening a malicious document.  It reads like the screenplay to an Ocean’s Eleven reboot. 

Continue Reading
1 min read

Purple With a Purpose

By Debra Richardson on Feb 12, 2020 11:08:50 AM

Nisos Purple Team engagements are much more than a simple check-the-box assessment. Ever-evolving threats from persistent malicious actors make your job of protecting the crown jewels difficult. Security-conscious organizations understand the importance of assessing their security team’s capabilities for effective detection and response. We know adversaries and we make it our business to track their use of new tactics, techniques, and procedures across industries and we are all too happy to share this knowledge during our Purple Team engagements.

Topics: Purple Team
Continue Reading
2 min read

The Value of a Pentest

By Debra Richardson on Jan 16, 2020 1:56:26 PM

Businesses and organizations always seem to be a few steps behind adversaries; that is the natural consequence of asymmetric threats. True Penetration testing will make you a fierce competitor, enabling organizations to understand your weaknesses and see your gaps – allowing you to monitor, remediate and defend them.

Topics: Blogs
Continue Reading
2 min read

Red Team: The Nisos Way

By Debra Richardson on Jan 9, 2020 9:48:00 AM

A Nisos Red Team simulates the full breadth of a sophisticated attacker, using the tactics, techniques and procedures employed by malicious actors. Our Red Team exercises are tailored to the needs of our individual clients. You need and deserve more than an automated report.

Topics: Blogs
Continue Reading

Featured