The holiday season is full of joy, anticipation, and the latest technology breach news. With this being 2020, the technology industry, not wanting to be outdone by forest fires, plagues, and murder hornets, came out with its own version of a ‘natural disaster’; an...
Today, many companies are primarily cloud-based with little on-premise infrastructure. These organizations often have minimal internal network traffic and may even have limited email usage. In these environments, the risk of developer misconfigurations and inadvertent...
Threats continue to occur on a global scale. They are large, they are complex, and they are growing. This problem has led to widespread interest in tailoring intelligence programs that provide insight into business problems and generate actionable outcomes.For...
Continuing in our series on the adversarial mindset, we focus on weaponization for computer network operations. Following the reconnaissance phase and identifying a target, an actor needs to gain a foothold in a network before determining how to monetize the access or...
In our latest blog series, we discuss how threat intelligence can be applied smarter for medium sized organizations with limited resources. We discuss ways to proactively detect threats beyond subscribing to information feeds that require a lot of resources to...
The Challenge A retail client requested our assistance to identify an individual, who was also a paying customer, who wrote a python script that scraped a backend server. The customer had also previously published a WiFi vulnerability present at the company’s offices...
Medium-sized enterprises that don’t have sophisticated security operations teams typically focus on the basic blocking and tackling of information security: policies around financial controls, incident response plans, data retention policies, disaster recovery around...
The adversarial mindset is the core that allows us to provide a world-class intelligence capability tailored to the needs of business. Many people ask what it means to have the adversarial mindset and how that differentiates Nisos. While it’s a complicated answer...
When evaluating cyber threat intelligence programs for enterprise, organizations should consider six critical topics before spending on data. It’s natural for an organization to start from one of two places: where they have already been beaten badly enough they need...
For many medium and large organizations, a penetration test that results in a “data breach” is going to lead to numerous findings that take months and sometimes years to remediate. In that timeframe, after operating systems are upgraded across non-production and...
Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night. Ransomware is not a threat; it is a capability criminals use with an intent of monetizing illegal...
In the new Work-From-Home world where non-essential companies have pivoted into a remote workforce model with increasing reliance on business tools that ensure connectivity, there is a growing concern that tools like Zoom may not be vetted to the full extent of their...
For enterprise businesses, especially in the technology, finance, and manufacturing sectors, the use cases and company consumers of intelligence work can be almost limitless. Therefore, it’s critical for a threat intelligence team to be transparent throughout the...
Strong intelligence starts with good sources and when it comes to gaining the most context around suspicious events or adversaries of interest, nothing beats external hunting.Most current threat hunting is rightfully focused on hunting inside the firewalls of an...
Security operations centers across the world are consumed with how to measure the return on investment of threat intelligence. There are different schools of thought, but we favor a model that measures actionable events. One main reason we like actionable events...
Threat hunting often has ill-defined metrics for organizations attempting to measure “return on investment.” If an analyst isn’t finding bad actors in the environment, leadership may question the value they are bringing. If they are finding a lot of actors, leadership...
Many organizations use threat intelligence from industry peers to prioritize vulnerability management and assign criticality when there is not enough existing information directly about their organization or their organization’s critical assets. While this is a...
Threat intelligence feeds have become popular, and a company's ability to track threats outside of its own environment is better than ever. With these improvements though, has come an increasing demand on security professionals to select and manage the right...
Containers are popular because they are a cost-effective way to build, package, and promote an application or service, and all its dependencies, throughout its entire lifecycle and across different on-prem, cloud, or hybrid environments. However, major security risks...
The Challenge The CEO of a multinational manufacturer (Client) identified an urgent need to remove a key executive, along with several accomplices, from the operations of the company, based on concerns that these insiders were intent on sabotaging the company. Given...
Current security controls will need to be re-defined based on how we protect the enterprise with two primary considerations: containerized and virtualized environments according to CIO and CISO of Risk Management Solutions (RMS) Dave Ruedger. Looking towards the...
Actionable cyber threat intelligence should inform a security operations center’s prioritization of the most critical applications and infrastructure to the business and threat hunt program in ways a security stack cannot. With hypotheses-led, defined use cases that...
Any adversary conducts reconnaissance on a potential target with one question in mind: is the time and resources for research, development, and exploitation, going to be worth the gain? Below are four insights on threat intelligence from the eyes of adversaries....
Business needs for all company sizes increasingly require managed production environments to perform critical computational and data storage roles that are often administered by company IT professionals, as well as potentially providing services to both internal and...
Corporations big and small at least place some emphasis on cybersecurity, but when it comes to establishing a company strategy with data security in mind, many security leaders remain relegated to an “as-needed,” “cost-center” position. This paradigm places security...
The cybersecurity industry has defined the term “attribution” of threat actors to refer to the identification of the specific actor or group of actors responsible for an attack. For many victims, “attribution” as defined by the industry is unnecessary; understanding...
Deriving actionable intelligence to enhance organizational security is a challenge faced by all global companies and often further complicated by intertwined networks resulting from mergers and acquisitions. With the volumes of data, it’s important to shape a threat...
The ChallengeA major pharmaceutical company (Client) made the decision to terminate an administrator and was concerned about the malicious exfiltration of personally identifiable information (PII) before his termination. Why Nisos The administrator was being...
The Challenge A global manufacturing company (the Client) experienced a corporate-wide outage due to being locked out of their router devices between corporate headquarters and their branch offices across the globe. After internal investigation and significant...
Linux monitoring is deceptively difficult. The most common tools for performing monitoring - the Linux audit system, log journals and syslog sources - are all, at best, standardized by Linux distribution, and at worst, unique per host in an enterprise environment....
The CISO’s role continues to evolve with the variables that change around them - ranging from the threat landscape, to the board of directors. These directly impact who targets you, who/what those attackers target to get access, and the resources you get to protect...
The Challenge A healthcare technology company (the Client) suffered a wide-scale destructive compromise after an attacker targeted the Client’s backend point of sale technology and deleted all customer data. Why Nisos In addition to the primary forensics firm that was...
The Challenge A multinational manufacturer (The Client) needed assistance investigating a large-scale distributed denial of service (DDOS) attack against several publicly accessible websites and applications. In the course of the attribution investigation, we detected...
Subscribe to our blog to get notified of updates in your inbox.