The holiday season is full of joy, anticipation, and the latest technology breach news. With this being 2020, the technology industry, not wanting to be outdone by forest fires, plagues, and murder hornets, came out with its own version of a ‘natural disaster’; an...
Outside Intel
Actioning Cyber Threat Intelligence for Cloud-based Enterprise
Today, many companies are primarily cloud-based with little on-premise infrastructure. These organizations often have minimal internal network traffic and may even have limited email usage. In these environments, the risk of developer misconfigurations and inadvertent...
How to Successfully Implement a Threat Intelligence Program
Threats continue to occur on a global scale. They are large, they are complex, and they are growing. This problem has led to widespread interest in tailoring intelligence programs that provide insight into business problems and generate actionable outcomes.For...
Weaponizing Tools for Computer Network Operations
Continuing in our series on the adversarial mindset, we focus on weaponization for computer network operations. Following the reconnaissance phase and identifying a target, an actor needs to gain a foothold in a network before determining how to monetize the access or...
An Introduction to Honeypots
In our latest blog series, we discuss how threat intelligence can be applied smarter for medium sized organizations with limited resources. We discuss ways to proactively detect threats beyond subscribing to information feeds that require a lot of resources to...
Mitigating Advanced Threat Actors: Gaining Access to Closed Groups to Gain Insight into Vulnerability Disclosure and Further Litigation
The Challenge A retail client requested our assistance to identify an individual, who was also a paying customer, who wrote a python script that scraped a backend server. The customer had also previously published a WiFi vulnerability present at the company’s offices...
Making Threat Intelligence Useful for Medium-Sized Enterprises
Medium-sized enterprises that don’t have sophisticated security operations teams typically focus on the basic blocking and tackling of information security: policies around financial controls, incident response plans, data retention policies, disaster recovery around...
How Adversaries Conduct Reconnaissance For Computer Network Operations
The adversarial mindset is the core that allows us to provide a world-class intelligence capability tailored to the needs of business. Many people ask what it means to have the adversarial mindset and how that differentiates Nisos. While it’s a complicated answer...
Six Considerations for Building a Cyber Threat Intelligence Program
When evaluating cyber threat intelligence programs for enterprise, organizations should consider six critical topics before spending on data. It’s natural for an organization to start from one of two places: where they have already been beaten badly enough they need...
Three Steps to Use Threat Intelligence, Red Team, and Blue Team Collaboration to Improve Security
For many medium and large organizations, a penetration test that results in a “data breach” is going to lead to numerous findings that take months and sometimes years to remediate. In that timeframe, after operating systems are upgraded across non-production and...
Avoiding Ransomware
Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night. Ransomware is not a threat; it is a capability criminals use with an intent of monetizing illegal...
Hacker Diplomacy: How to Minimize Business Risks Stemming from Vulnerability Disclosures
In the new Work-From-Home world where non-essential companies have pivoted into a remote workforce model with increasing reliance on business tools that ensure connectivity, there is a growing concern that tools like Zoom may not be vetted to the full extent of their...
Translating Cyber Threat Intelligence for the Rest of the Business
For enterprise businesses, especially in the technology, finance, and manufacturing sectors, the use cases and company consumers of intelligence work can be almost limitless. Therefore, it’s critical for a threat intelligence team to be transparent throughout the...
Five Critical Data Source Considerations for External Threat Hunting
Strong intelligence starts with good sources and when it comes to gaining the most context around suspicious events or adversaries of interest, nothing beats external hunting.Most current threat hunting is rightfully focused on hunting inside the firewalls of an...
Considerations for Measuring the Return on Investment of Cyber Threat Intelligence
Security operations centers across the world are consumed with how to measure the return on investment of threat intelligence. There are different schools of thought, but we favor a model that measures actionable events. One main reason we like actionable events...
Three Considerations for Measuring Return on Investment from Threat Hunting
Threat hunting often has ill-defined metrics for organizations attempting to measure “return on investment.” If an analyst isn’t finding bad actors in the environment, leadership may question the value they are bringing. If they are finding a lot of actors, leadership...
An Inside Look at Advanced Attacker TTPs and the Danger of Relying on Industry-based Threat Intelligence
Many organizations use threat intelligence from industry peers to prioritize vulnerability management and assign criticality when there is not enough existing information directly about their organization or their organization’s critical assets. While this is a...
Cyber Threat Intelligence: The Firehose of Noise and How We Got Here
Threat intelligence feeds have become popular, and a company's ability to track threats outside of its own environment is better than ever. With these improvements though, has come an increasing demand on security professionals to select and manage the right...
Considerations for Securing Container Environments
Containers are popular because they are a cost-effective way to build, package, and promote an application or service, and all its dependencies, throughout its entire lifecycle and across different on-prem, cloud, or hybrid environments. However, major security risks...
Preventing Corporate Sabotage by a High-Level Executive
The Challenge The CEO of a multinational manufacturer (Client) identified an urgent need to remove a key executive, along with several accomplices, from the operations of the company, based on concerns that these insiders were intent on sabotaging the company. Given...
Considerations for Security Controls in Containerized and Virtual Environments
Current security controls will need to be re-defined based on how we protect the enterprise with two primary considerations: containerized and virtualized environments according to CIO and CISO of Risk Management Solutions (RMS) Dave Ruedger. Looking towards the...
Real Cyber Intelligence Tells a SOC What Its Security Stack Cannot Detect
Actionable cyber threat intelligence should inform a security operations center’s prioritization of the most critical applications and infrastructure to the business and threat hunt program in ways a security stack cannot. With hypotheses-led, defined use cases that...
Threat Intelligence Through the Eyes of Adversaries
Any adversary conducts reconnaissance on a potential target with one question in mind: is the time and resources for research, development, and exploitation, going to be worth the gain? Below are four insights on threat intelligence from the eyes of adversaries....
Common Network Segmentation Strategies for Production Environments
Business needs for all company sizes increasingly require managed production environments to perform critical computational and data storage roles that are often administered by company IT professionals, as well as potentially providing services to both internal and...
Three Steps to Work with the Business and Get Your Security Team a Seat at the Table
Corporations big and small at least place some emphasis on cybersecurity, but when it comes to establishing a company strategy with data security in mind, many security leaders remain relegated to an “as-needed,” “cost-center” position. This paradigm places security...
Three Things to Look for to Identify Context Around an Attack Quicker
The cybersecurity industry has defined the term “attribution” of threat actors to refer to the identification of the specific actor or group of actors responsible for an attack. For many victims, “attribution” as defined by the industry is unnecessary; understanding...
Managed Intelligence: Shaping a Threat Hunt Program to Operationalize Data, Resource Accordingly, and Protect the Business
Deriving actionable intelligence to enhance organizational security is a challenge faced by all global companies and often further complicated by intertwined networks resulting from mergers and acquisitions. With the volumes of data, it’s important to shape a threat...
Preventing the Exfiltration of PII from a Malicious Administrator
The ChallengeA major pharmaceutical company (Client) made the decision to terminate an administrator and was concerned about the malicious exfiltration of personally identifiable information (PII) before his termination. Why Nisos The administrator was being...
Investigating a Destructive Administrator Following Merger and Acquisition
The Challenge A global manufacturing company (the Client) experienced a corporate-wide outage due to being locked out of their router devices between corporate headquarters and their branch offices across the globe. After internal investigation and significant...
Securing Linux Against Negligent or Malicious Administrators
Linux monitoring is deceptively difficult. The most common tools for performing monitoring - the Linux audit system, log journals and syslog sources - are all, at best, standardized by Linux distribution, and at worst, unique per host in an enterprise environment....
Risk and Reward – The Importance of Knowing the Network
The CISO’s role continues to evolve with the variables that change around them - ranging from the threat landscape, to the board of directors. These directly impact who targets you, who/what those attackers target to get access, and the resources you get to protect...
Countering Destruction to Save a Business
The Challenge A healthcare technology company (the Client) suffered a wide-scale destructive compromise after an attacker targeted the Client’s backend point of sale technology and deleted all customer data. Why Nisos In addition to the primary forensics firm that was...
DDOS Investigation Leads to Much Greater Network Security Bolstering
The Challenge A multinational manufacturer (The Client) needed assistance investigating a large-scale distributed denial of service (DDOS) attack against several publicly accessible websites and applications. In the course of the attribution investigation, we detected...
Stay up to the minute
Subscribe to our blog to get notified of updates in your inbox.