Our Blog
Check back for weekly updates
Three Types of Disinformation Campaigns that Target Corporations
In 2018, The Washington Post named “misinformation” its “word of the year.” In 2019, NPR labelled “disinformation” the same. Then 2020 happened. Many of the disinformation actors taking advantage of the combination of a global pandemic and major US political cycle are...
Using Threat Intelligence to Counter Platform Abuse
Companies whose products serve as collaboration platforms play a key role in our increasingly cloud native and remote work environment. The technology allows companies to achieve clear business opportunities, but also cause unique security challenges. Not only must...
Threat Intelligence Use Cases for Trust and Safety
Varied threats like disinformation, platform abuse, brand dilution, strategic breach campaigns, extortion, insider threats and nation states stealing intellectual property are more prevalent than ever. More and more of these threats live far outside the traditional...
Considerations for Measuring the Return on Investment of Cyber Threat Intelligence
Security operations centers across the world are consumed with how to measure the return on investment of threat intelligence. There are different schools of thought, but we favor a model that measures actionable events. One main reason we like actionable events...
The Rise of Synthetic Audio Deepfakes
Can Audio Deepfakes Really Fake a Human? Audio deepfakes are the new frontier for business compromise schemes and are becoming more common pathways for criminals to deceptively gain access to corporate funds. Nisos recently investigated and obtained an original...
Establishing a System to Collect, Enrich, and Analyze Data to Generate Actionable Intelligence
In the era of data-driven decision making, the value of threat intelligence and interest in establishing or expanding threat intelligence programs is growing rapidly. However, the growing availability and access to data is outpacing the ability of these threat...
Advancing OSINT to Turn Data into Intelligence
While cyber threat analysts are critical to determine what cyber threats are relevant to their respective organizations so they can take the appropriate action, open source intelligence (OSINT) and investigations can often be the added value to address the “how”,...
Three Considerations for Measuring Return on Investment from Threat Hunting
Threat hunting often has ill-defined metrics for organizations attempting to measure “return on investment.” If an analyst isn’t finding bad actors in the environment, leadership may question the value they are bringing. If they are finding a lot of actors, leadership...
An Inside Look at Advanced Attacker TTPs and the Danger of Relying on Industry-based Threat Intelligence
Many organizations use threat intelligence from industry peers to prioritize vulnerability management and assign criticality when there is not enough existing information directly about their organization or their organization’s critical assets. While this is a...
Two Considerations for Building a Security Program Grounded in Diversity and Inclusion
Corporate security programs for major organizations deal with a variety of threats at a staggering global scale and there are playbooks to deal with many of these issues. Above all else, though, the most important task is building trust with the workforce according to...
Three Considerations for Getting Early Wins from an Insider Threat Program
Building an insider threat program can be a cultural shift for an organization that values transparency and openness with its workforce. Below are some considerations for demonstrating results with limited resources and showing value to executive leadership without...
Unexpected Benefits of Third Party Risk Management
One of the most interesting engagements we’ve seen at Nisos, and there have been many, is straight out of a binge-worthy Netflix drama. A publicly-traded company enters a new business partnership with a seemingly innocuous third party, only to have the FBI at its door...
Cyber Threat Intelligence: The Firehose of Noise and How We Got Here
Threat intelligence feeds have become popular, and a company's ability to track threats outside of its own environment is better than ever. With these improvements though, has come an increasing demand on security professionals to select and manage the right...
Considerations for Securing Container Environments
Containers are popular because they are a cost-effective way to build, package, and promote an application or service, and all its dependencies, throughout its entire lifecycle and across different on-prem, cloud, or hybrid environments. However, major security risks...
Considerations for Security Controls in Containerized and Virtual Environments
Current security controls will need to be re-defined based on how we protect the enterprise with two primary considerations: containerized and virtualized environments according to CIO and CISO of Risk Management Solutions (RMS) Dave Ruedger. Looking towards the...
Leveraging Technical Expertise & Data Partnerships to Combat Disinformation
Argument - fierce, bold, and impassioned - has been at the heart of our American democracy since the founding. British censorship (colonists could speak without prior restraint but then be charged with sedition or libel) compelled the drafters of the Bill of Rights to...
The Nisos Dogpile
As co-founders, Justin and I have had thousands of conversations about Nisos with prospects, clients, investors, and peers in the cybersecurity and investigations industry. The question always comes up, “How are you different?” One of the challenges with...
Real Cyber Intelligence Tells a SOC What Its Security Stack Cannot Detect
Actionable cyber threat intelligence should inform a security operations center’s prioritization of the most critical applications and infrastructure to the business and threat hunt program in ways a security stack cannot. With hypotheses-led, defined use cases that...
Threat Intelligence Through the Eyes of Adversaries
Any adversary conducts reconnaissance on a potential target with one question in mind: is the time and resources for research, development, and exploitation, going to be worth the gain? Below are four insights on threat intelligence from the eyes of adversaries....
How to Use Context to Secure Your Platforms
Attribution often gets a bad name in the cybersecurity industry. Attribution can be challenging and may not lead to a direct business outcome is a common refrain. Companies that operate digital platforms have a unique advantage when it comes to attribution, however....
Common Network Segmentation Strategies for Production Environments
Business needs for all company sizes increasingly require managed production environments to perform critical computational and data storage roles that are often administered by company IT professionals, as well as potentially providing services to both internal and...
Three Steps to Work with the Business and Get Your Security Team a Seat at the Table
Corporations big and small at least place some emphasis on cybersecurity, but when it comes to establishing a company strategy with data security in mind, many security leaders remain relegated to an “as-needed,” “cost-center” position. This paradigm places security...
Three Things to Look for to Identify Context Around an Attack Quicker
The cybersecurity industry has defined the term “attribution” of threat actors to refer to the identification of the specific actor or group of actors responsible for an attack. For many victims, “attribution” as defined by the industry is unnecessary; understanding...
Cyber Diligence Provides Actionable Intelligence to M&A Teams
Large companies take robust consultative approaches to integrating networks and applications post-acquisition. Rarely do acquiring security teams have the resources or cost-effective internal processes to do their own investigative cyber diligence on a pending...
Managed Intelligence™: Four Factors for Building Adversarial Context
With limited time and resources for a SOC to prioritize threats for additional research, Mars CISO Andrew Stanley gives several important factors when considering adversarial context with regard to the “who, how, and why” of attribution. Chasing After Ransomware is a...
Managed Intelligence™: Four Outcomes from Operationalizing Intelligence for Third-Party Risk Management
Actionable intelligence is critical for third party risk management as it’s easy to chase false positives that waste resources. While automation enables timely response, deeper analysis is needed to make information from automated sources actionable. Zero touch...
Three Areas of Focus for Your Insider Threat Program During the COVID-19 Crisis
Security teams are settling in to the “new normal” of remote work as the COVID-19 crisis nears its third month here in the U.S. As many teams have discovered, among the myriad of logistical issues of a remote workforce is the increased risk insiders can cause...
Managed Intelligence™: Shaping a Threat Hunt Program to Operationalize Data, Resource Accordingly, and Protect the Business
Deriving actionable intelligence to enhance organizational security is a challenge faced by all global companies and often further complicated by intertwined networks resulting from mergers and acquisitions. With the volumes of data, it’s important to shape a threat...
Know Your Adversary™: Russian APTs
In the previous two articles in this series, we examined the Iranian and Nigerian Advanced Persistent Threats (APTs) under a sociohistorical lens in order to better understand the various drivers that instigate their threat activity. Today, we examine Russia under the...
Zero Touch Diligence℠: Actionable Intelligence for Third-Party Risk Management
Security analysts responsible for vendor management have a unique combination of challenges, both human and technical. Questionnaires are a standard tool, but are also wrought with human error, both intentional and accidental. On the technical side, risk managers are...
Four Priorities for Aligning Your Insider Threat Program
Organizations based in the United States continue to deal with considerable intellectual property theft and largely do not address the issue until there is a problem. The ability to effectively monitor for negligent or malicious insider threat activity is largely...
Managed Intelligence™: An Overview on Signature and Personality-Based Attributions to Mitigate Risk for the Business
Continuing with the Nisos® series on providing context to enable actionable outcomes for Security Operations Centers (SOCs), we examine the differences between signature and personality-based attributions and how each plays a role for enterprises in prioritization...
Know Your Adversary™: The Criminal Underworld in Nigeria
Having examined the underpinnings of Iranian culture and the nexus with its corresponding Advanced Persistent Threat (APT), we turn our eyes towards Africa. Often overlooked as an APT, elements of postcolonial realities in Nigeria have contributed to an advanced...
Stay up to the minute
Subscribe to our blog to get notified of updates in your inbox.