Services

Access a world-class intelligence capability tailored to your specific needs. Control a multi-million dollar program without the time or expense and solve problems both lasting and acute.

What is Managed Intelligence?

Technical Blogs

8 min read

The Myth of Complex Passwords

By Dev Badlu on Sep 16, 2020 11:06:03 AM

Password reuse is one of the most pervasive security concerns for information security teams in enterprise. It’s an easy way for an adversary to gain initial access if two factor authentication is not properly implemented and more importantly, provides the ability to move laterally in a network and escalate privileges, thus compromising critical data. 

Below is a deep dive into the art of passwords, and  how this can play out in both directions.

Continue Reading
7 min read

What is a Selector in the World of Digital Crime?

By Adam Gayde, Michael Eller, and Matthew Brock on Sep 9, 2020 9:36:30 AM

Every hour of every day, criminals, nation states, and fraudsters around the world commit attacks using phone numbers, email addresses, and social media handles. We call these “selectors,” i.e. the technical attributes of an online entity.

Continue Reading
1 min read

How to Use Breach Credentials to Support Intelligence Collection and Attribution

By Jared Hudson, Zeshan Aziz, and Dev Badlu on Aug 19, 2020 1:38:57 PM

While some organizations may view third party breach usernames and passwords as important indicators to prevent unauthorized access to their own networks, larger organizations are using two factor authentication for securing their perimeters by locking down internet-facing services where the mere availability of these credentials are less actionable. 

Continue Reading
4 min read

Five Critical Data Source Considerations for Adversary Attribution

By Jonathan Neuhaus & Adam Gayde on Aug 12, 2020 12:31:41 PM

Strong intelligence is the base of adversary attribution; nothing can replace the holistic picture created by technical indicators in combination with HUMINT and OSINT sources. 

Continue Reading
6 min read

The Rise of Synthetic Audio Deepfakes

By Robert Volkert, VP Threat Investigations and Dev Badlu, VP Technology at Nisos on Jul 19, 2020 4:35:26 PM

Can Audio Deepfakes Really Fake a Human?

Audio deepfakes are the new frontier for business compromise schemes and are becoming more common pathways for criminals to deceptively gain access to corporate funds. Nisos recently investigated and obtained an original attempted deepfake synthetic audio used in a fraud attempt against a technology company. The deepfake took the form of a voicemail message from the company’s purported CEO, asking an employee to call back to “finalize an urgent business deal.” The recipient immediately thought it suspicious and did not contact the number, instead referring it to their legal department, and as a result the attack was not successful.

Continue Reading
3 min read

Establishing a System to Collect, Enrich, and Analyze Data to Generate Actionable Intelligence

By Adam Gayde on Jul 15, 2020 11:53:58 AM

In the era of data-driven decision making, the value of threat intelligence and interest in establishing or expanding threat intelligence programs is growing rapidly. However, the growing availability and access to data is outpacing the ability of these threat intelligence programs to leverage and operationalize it.

According to a recent Gartner report, “the value of (threat intelligence) services is sometimes constrained by the customer’s ability to afford, absorb, contextualize, and, especially, use the information provided by the services.” 1

Continue Reading
5 min read

An Inside Look at Advanced Attacker TTPs and the Danger of Relying on Industry-based Threat Intelligence

By Vincas Čižiūnas on Jul 7, 2020 11:15:37 AM

Many organizations use threat intelligence from industry peers to prioritize vulnerability management and assign criticality when there is not enough existing information directly about their organization or their organization’s critical assets. While this is a natural political response to frame the narrative to allow budgetary approval to build certain aspects of the security program, organizations need to defend specific to their own technology stack and assets, incorporate the proper tooling around this stack, and be able to log events at scale. 

If a security program indicates that their industry peers are being targeted by a variety of different threats broken down by industry, the narrative around this argument will likely be a more persuasive argument for non-technical business executives approving budgets.

Continue Reading
5 min read

Cyber Threat Intelligence: The Firehose of Noise and How We Got Here

By Zachary Henson on Jun 23, 2020 12:18:09 PM

Threat intelligence feeds have become popular, and a company's ability to track threats outside of its own environment is better than ever. With these improvements though, has come an increasing demand on security professionals to select and manage the right combination of tools to achieve their desired outcomes.

Here is a brief look at the history of the cyber threat intelligence industry, and where we might go from here.

Continue Reading
1 min read

Leveraging Technical Expertise & Data Partnerships to Combat Disinformation

By Matthew Brock on Jun 15, 2020 2:32:35 PM

Argument -  fierce, bold, and impassioned - has been at the heart of our American democracy since the founding. British censorship (colonists could speak without prior restraint but then be charged with sedition or libel) compelled the drafters of the Bill of Rights to include freedom of speech as part of the First Amendment to the US Constitution. 

Heated disagreement and even misinformation are as rampant on today’s internet as they were in the taverns and meeting halls of the colonies. This speech is rightly protected. But because of the sacredness of this right, it is disinformation – deliberate attempts by foreign and domestic actors to spread falsehoods in order to achieve a political end – that concerns us here at Nisos and that we leverage our capabilities to fight.

Continue Reading

Real Cyber Intelligence Tells a SOC What Its Security Stack Cannot Detect

By Steve Michael on Jun 9, 2020 1:30:12 PM

Actionable cyber threat intelligence should inform a security operations center’s prioritization of the most critical applications and infrastructure to the business and threat hunt program in ways a security stack cannot. With hypotheses-led, defined use cases that focus on signatures and more importantly behavior, threat hunting programs can operationalize threat intelligence by mapping threats to data sources and decision matrices that provide alerts and subsequent action. As a deliverable, a SOC can then count the actionable alerts versus the total alerts and, if captured appropriately, a security program can scale by reducing time to respond with fewer resources.

Continue Reading

Common Network Segmentation Strategies for Production Environments

By Nisos on Jun 3, 2020 7:28:04 PM

Business needs for all company sizes increasingly require managed production environments to perform critical computational and data storage roles that are often administered by company IT professionals, as well as potentially providing services to both internal and external entities. As a preamble, most common production environments tend to be heavily Linux-based, while most corporate environments are either predominantly Windows or a mixed environment with Windows and MacOS machines. While it should be obvious that the production environment should be heavily protected from arbitrary access from the internet, it can be easily overlooked that protecting company and customer data necessitates security measures against the corporate and other internal networks.

Continue Reading

Cyber Diligence Provides Actionable Intelligence to M&A Teams

By Travis Peska, Vincas Čižiūnas, Jared Hudson on May 27, 2020 5:40:31 PM

Large companies take robust consultative approaches to integrating  networks and applications post-acquisition. Rarely do acquiring security teams have the resources or cost-effective internal processes to do their own investigative cyber diligence on a pending acquisition.  The most cost-effective option is intelligence analysis conducted “outside of the firewall”, analysis of unique data that combines automation and human investigation to provide timely and accurate insights  into key man risk, network security, negative press, and infrastructure and network vulnerabilities. Informed by this analysis, “on-network” compromise assessments can then provide a comprehensive inspection to enable the acquiring party to move forward confident it is on stable ground from a security perspective.

Continue Reading

Managed Intelligence: Shaping a Threat Hunt Program to Operationalize Data, Resource Accordingly, and Protect the Business

By Steve Michael on May 18, 2020 4:03:06 PM

Deriving actionable intelligence to enhance organizational security is a challenge faced by all global companies and often further complicated by intertwined networks resulting from mergers and acquisitions. With the volumes of data, it’s important to shape a threat hunting program to be able to consume and operationalize data collected from various sources.

Continue Reading

Zero Touch Diligence: Actionable Intelligence for Third-Party Risk Management

By Travis Peska & Nisos Team on May 11, 2020 5:06:21 PM

Security analysts responsible for vendor management have a unique combination of challenges, both human and technical. Questionnaires are a standard tool, but are also wrought with human error, both intentional and accidental. On the technical side, risk managers are unlikely to have access to a third party’s network. Furthermore, “on-network” investigations intended to provide appropriate cyber due diligence for third-parties, such as a penetration test or compromise assessment, are rarely completed within an actionable time period aligned with the risk manager’s work flow. Finally, while risk management tools aggregate useful insights in real time, they are unlikely to be tuned perfectly to an individual risk manager’s needs with a specific third party.

Continue Reading

Managed Intelligence: An Overview on Signature and Personality-Based Attributions to Mitigate Risk for the Business

By David Schertzer & Adam Gayde on May 5, 2020 1:27:48 PM

Continuing with Nisos’ series on providing context to enable actionable outcomes for Security Operations Centers (SOCs), we examine the differences between signature and personality-based attributions and how each plays a role for enterprises in prioritization efforts to define and defend threats. By focusing on the technical signatures and open source intelligence (OSINT) footprint  of a group of actors, signature-based attribution efforts allow enterprises to contextualize their findings and better address the coverage gaps in security controls. Threat intelligence or actual incident events are often used by SOCs to test hypotheses or identify previous actions of an adversary. These signatures also form the basis for metrics that enable security resources to increase their own programs that illustrate how they reduced risk exposure to the business.

Continue Reading

Managed Intelligence: Transitioning Cyber Threat Information to Actionable Threat Intelligence Provides Critical Context

By David Schertzer & Jonathan Neuhaus on Apr 30, 2020 1:35:33 PM

Major organizations with significant intellectual property and brand name reputation face a constant onslaught of targeted cyber attacks and information operations campaigns, but often lack the capability to attain context-based attribution - the ability to define the how and the why behind an attack. Such organizations face scenarios ranging from opportunistic threats to financially motivated hackers, state sponsored actors, and even corporate espionage firms.

Continue Reading

Securing Linux Against Negligent or Malicious Administrators

By Willis McDonald & Vincas Čižiūnas on Apr 22, 2020 9:27:28 AM

Linux monitoring is deceptively difficult.  The most common tools for performing monitoring - the Linux audit system, log journals and syslog sources - are all, at best, standardized by Linux distribution, and at worst, unique per host in an enterprise environment.  File-based logging can be spoofed by intruders, while kernel-based subsystems have performance issues.  Many hosts will often be under low latency or high performance requirements, either due to cost saving measures on equipment, or due to an application that sees high utilization.There are few strong solutions today that don't leave gaping holes for intruders to achieve their low resource usage.

Continue Reading

Insider Threat: Reducing Gaps and Increasing Visibility for a Remote Workforce

By Bryan Clements & Chris DiSalle on Apr 10, 2020 2:26:46 PM

While the rapid shift from office to home or remote-based activity has allowed work to continue, the idea that corporate assets are physically leaving the corporate space, and with them access to proprietary or sensitive data, could be a disaster if your security policies and practices are not adapting to this new norm.  Now more than ever, companies need to be evaluating information technology and security practices surrounding insider threats.

Continue Reading

Insider Threat Indicators to Help Baseline an Insider Threat Program

By Nisos on Apr 6, 2020 4:14:05 PM

Insider Threats aren’t just individual malicious employees. They may be anyone who had or has privileged access to the environment. From the vendor partner to the totally unwitting employee, the impact is the same.

 

Download a list of threat indicators to help you determine who is a high risk to your company.

Continue Reading

Compromise Assessments: For Remote Workforce

By Chris DiSalle & Travis Peska on Apr 1, 2020 1:16:58 PM

Many information technology and security professionals are starting to adjust to the “new normal” of administering a remote workforce and subsequently monitoring for malicious activity of the increased attack surface.

Topics: Whitepapers
Continue Reading

Deep Fakes

By Rob Volkert on Apr 1, 2020 12:49:52 PM

This paper examines the illicit ecosystem for deep fakes.

Their technology evolution and migration paths from surface web to deep and dark sites, and uncover some of the actors creating and disseminating these videos. Nisos undertook research into deep fake technology (superimposing video footage of a face onto a source head and body) to determine if we could find the existence of a deep fake illicit digital underground economy or actors offering these services.

Continue Reading

Purple With a Purpose

By Nisos on Feb 16, 2020 8:47:00 PM

 

A true return on investment for network security

Topics: Whitepapers
Continue Reading
1 min read

Fake News Websites and a US-Macedonia Partnership

By Cindy Otis on Dec 1, 2019 8:54:00 PM

Fake News Websites and a US-Macedonia Partnership: A Fake News Case Study examines the fake news industry and specific attempts from bad actors to influence opinions. 

Topics: Whitepapers
Continue Reading

Featured