Our Blog
Check back for weekly updates
The Myth of Complex Passwords
Password reuse is one of the most pervasive security concerns for information security teams in enterprise. It’s an easy way for an adversary to gain initial access if two factor authentication is not properly implemented and more importantly, provides the ability to...
Three Steps to Use Threat Intelligence, Red Team, and Blue Team Collaboration to Improve Security
For many medium and large organizations, a penetration test that results in a “data breach” is going to lead to numerous findings that take months and sometimes years to remediate. In that timeframe, after operating systems are upgraded across non-production and...
What is a Selector in the World of Digital Crime?
Every hour of every day, criminals, nation states, and fraudsters around the world commit attacks using phone numbers, email addresses, and social media handles. We call these “selectors,” i.e. the technical attributes of an online entity. On the other side of the...
Avoiding Ransomware
Many maturing security operations centers within medium and large enterprises will indicate that ransomware is often the biggest “threat” that keeps them up at night. Ransomware is not a threat; it is a capability criminals use with an intent of monetizing illegal...
Podcast Platitudes
Cybersecurity is an ever-evolving industry tackling some really challenging problems. Here at Nisos we truly feel that it is necessary to learn from the best at every opportunity, and we try to ensure that all of the material we present makes its consumers better at...
What Is Digital Identity Reduction and Why Does It Matter?
The amount of information openly available on the internet about any given individual is staggering.More and more, privacy and online security are brought into the limelight and people are becoming more protective of their online presence. We urge our family, friends,...
Four Future Trends of Disinformation Campaigns
While disinformation has played a powerful role in the geopolitical world over the last four years, enterprise is increasingly needing to be prepared to address numerous types of disinformation as well. Much of the discourse on ‘fake news’ these days conflates three...
Three Ways to Improve Return on Investment for Threat Intelligence
If a corporate threat intelligence program is merely focusing on indicators of compromise delivered to a security operations function, they should consider expanding their reach throughout the organization. Mature and maturing security programs spend significant time...
Hacker Diplomacy: How to Minimize Business Risks Stemming from Vulnerability Disclosures
In the new Work-From-Home world where non-essential companies have pivoted into a remote workforce model with increasing reliance on business tools that ensure connectivity, there is a growing concern that tools like Zoom may not be vetted to the full extent of their...
How to Use Breach Credentials to Support Intelligence Collection and Attribution
While some organizations may view third party breach usernames and passwords as important indicators to prevent unauthorized access to their own networks, larger organizations are using two factor authentication for securing their perimeters by locking down...
Steps for Medium Sized Businesses to Address Cyber Supply Chain Risk
Any business operating on the internet with internet accessible services provides an opening for anyone else on the internet - good, bad, or indifferent - to interrogate those services and see what’s running. Bad actors and security companies are always actively...
Five Critical Data Source Considerations for Adversary Attribution
Strong intelligence is the base of adversary attribution; nothing can replace the holistic picture created by technical indicators in combination with HUMINT and OSINT sources. While many cyber threat intelligence teams focus on technical events and indicators that...
Five Critical Data Source Considerations for External Threat Hunting
Strong intelligence starts with good sources and when it comes to gaining the most context around suspicious events or adversaries of interest, nothing beats external hunting.Most current threat hunting is rightfully focused on hunting inside the firewalls of an...
Three Types of Disinformation Campaigns that Target Corporations
In 2018, The Washington Post named “misinformation” its “word of the year.” In 2019, NPR labelled “disinformation” the same. Then 2020 happened. Many of the disinformation actors taking advantage of the combination of a global pandemic and major US political cycle are...
Using Threat Intelligence to Counter Platform Abuse
Companies whose products serve as collaboration platforms play a key role in our increasingly cloud native and remote work environment. The technology allows companies to achieve clear business opportunities, but also cause unique security challenges. Not only must...
Stay up to the minute
Subscribe to our blog to get notified of updates in your inbox.