BlogHacker Diplomacy: How to Minimize Business Risks Stemming from Vulnerability Disclosures In the new Work-From-Home world where non-essential companies have pivoted into a remote workforce model with increasing reliance on business tools that ensure connectivity,...
BlogHow to Use Breach Credentials to Support Intelligence Collection and Attribution While some organizations may view third party breach usernames and passwords as important indicators to prevent unauthorized access to their own networks, larger organizations are...
BlogSteps for Medium Sized Businesses to Address Cyber Supply Chain Risk Any business operating on the internet with internet accessible services provides an opening for anyone else on the internet - good, bad, or indifferent - to interrogate those services and see...
BlogFive Critical Data Source Considerations for Adversary Attribution Strong intelligence is the base of adversary attribution; nothing can replace the holistic picture created by technical indicators in combination with HUMINT and OSINT sources. While many cyber...
BlogTranslating Cyber Threat Intelligence for the Rest of the Business For enterprise businesses, especially in the technology, finance, and manufacturing sectors, the use cases and company consumers of intelligence work can be almost limitless. Therefore, it’s...
BlogFive Critical Data Source Considerations for External Threat Hunting Strong intelligence starts with good sources and when it comes to gaining the most context around suspicious events or adversaries of interest, nothing beats external hunting.Most current threat...
BlogThree Types of Disinformation Campaigns that Target Corporations In 2018, The Washington Post named “misinformation” its “word of the year.” In 2019, NPR labelled “disinformation” the same. Then 2020 happened. Many of the disinformation actors taking advantage of...
BlogUsing Threat Intelligence to Counter Platform Abuse Companies whose products serve as collaboration platforms play a key role in our increasingly cloud native and remote work environment. The technology allows companies to achieve clear business opportunities, but...
BlogThreat Intelligence Use Cases for Trust and Safety Varied threats like disinformation, platform abuse, brand dilution, strategic breach campaigns, extortion, insider threats and nation states stealing intellectual property are more prevalent than ever. More and...
BlogConsiderations for Measuring the Return on Investment of Cyber Threat Intelligence Security operations centers across the world are consumed with how to measure the return on investment of threat intelligence. There are different schools of thought, but we favor a...
BlogThe Rise of Synthetic Audio Deepfakes Can Audio Deepfakes Really Fake a Human? Audio deepfakes are the new frontier for business compromise schemes and are becoming more common pathways for criminals to deceptively gain access to corporate funds. Nisos recently...
BlogEstablishing a System to Collect, Enrich, and Analyze Data to Generate Actionable Intelligence In the era of data-driven decision making, the value of threat intelligence and interest in establishing or expanding threat intelligence programs is growing rapidly....
BlogAdvancing OSINT to Turn Data into Intelligence While cyber threat analysts are critical to determine what cyber threats are relevant to their respective organizations so they can take the appropriate action, open source intelligence (OSINT) and investigations can...
BlogThree Considerations for Measuring Return on Investment from Threat Hunting Threat hunting often has ill-defined metrics for organizations attempting to measure “return on investment.” If an analyst isn’t finding bad actors in the environment, leadership may...
BlogAn Inside Look at Advanced Attacker TTPs and the Danger of Relying on Industry-based Threat Intelligence Many organizations use threat intelligence from industry peers to prioritize vulnerability management and assign criticality when there is not enough existing...
BlogTwo Considerations for Building a Security Program Grounded in Diversity and Inclusion Corporate security programs for major organizations deal with a variety of threats at a staggering global scale and there are playbooks to deal with many of these issues. Above...
BlogThree Considerations for Getting Early Wins from an Insider Threat Program Building an insider threat program can be a cultural shift for an organization that values transparency and openness with its workforce. Below are some considerations for demonstrating...
BlogUnexpected Benefits of Third Party Risk Management One of the most interesting engagements we’ve seen at Nisos, and there have been many, is straight out of a binge-worthy Netflix drama. A publicly-traded company enters a new business partnership with a seemingly...
BlogCyber Threat Intelligence: The Firehose of Noise and How We Got Here Threat intelligence feeds have become popular, and a company's ability to track threats outside of its own environment is better than ever. With these improvements though, has come an increasing...
BlogConsiderations for Security Controls in Containerized and Virtual Environments Containers are popular because they are a cost-effective way to build, package, and promote an application or service, and all its dependencies, throughout its entire lifecycle and...
Current security controls will need to be re-defined based on how we protect the enterprise with two primary considerations: containerized and virtualized environments according to CIO…
Argument – fierce, bold, and impassioned – has been at the heart of our American democracy since the founding…
BlogThe Nisos Dogpile As co-founders, Justin and I have had thousands of conversations about Nisos with prospects, clients, investors, and peers in the cybersecurity and investigations industry. The question always comes up, “How are you different?” One of the...
BlogReal Cyber Intelligence Tells a SOC What Its Security Stack Cannot Detect Actionable cyber threat intelligence should inform a security operations center’s prioritization of the most critical applications and infrastructure to the business and threat hunt program...
BlogThreat Intelligence Through the Eyes of Adversaries Any adversary conducts reconnaissance on a potential target with one question in mind: is the time and resources for research, development, and exploitation, going to be worth the gain? Below are four insights on...
BlogHow to Use Context to Secure Your Platforms Attribution often gets a bad name in the cybersecurity industry. Attribution can be challenging and may not lead to a direct business outcome is a common refrain. Companies that operate digital platforms have a unique...
BlogCommon Network Segmentation Strategies for Production Environments Business needs for all company sizes increasingly require managed production environments to perform critical computational and data storage roles that are often administered by company IT...
BlogThree Steps to Work with the Business and Get Your Security Team a Seat at the Table Corporations big and small at least place some emphasis on cybersecurity, but when it comes to establishing a company strategy with data security in mind, many security leaders...
BlogThree Things to Look for to Identify Context Around an Attack Quicker The cybersecurity industry has defined the term “attribution” of threat actors to refer to the identification of the specific actor or group of actors responsible for an attack. For many...
BlogCyber Diligence Provides Actionable Intelligence to M&A Teams Large companies take robust consultative approaches to integrating networks and applications post-acquisition. Rarely do acquiring security teams have the resources or cost-effective internal...
With limited time and resources for a SOC to prioritize threats for additional research, Mars CISO Andrew Stanley gives several important factors…
Actionable intelligence is critical for third party risk management as it’s easy to chase false positives that waste resources…
Security teams are settling in to the “new normal” of remote work as the COVID-19 crisis nears its third month here in the U.S. As many teams have discovered, among the myriad of logistical issues…
Subscribe to our blog to get notified of updates in your inbox.