Search results
Industrial automation and control systems (IACS) are getting smart and digital, so cybersecurity is essential. Aleksandr Värä and Matti Suominen explain how to use the IEC 62443-4 standard to build secure industrial automation products.
Digital forensics and incident response (DFIR) was the topic of the sixth and final meetup of the Cyber Security Essentials training program. Two Nixuans, Juho Jauhiainen and Timo Miettinen, were introducing the participants into the fascinating world of memory forensics, malware analysis, and the incident response process. But why is memory forensics important? Because it can be the only way to find what happened.
Konecranes is a world-leading group of Lifting Businesses™, serving a broad range of customers, including manufacturing and process industries, shipyards, ports, and terminals.
My colleague Anne Oikarinen has written a blog or two about secure software development and how to incorporate ‘Evil user stories’. The idea is that you envision how an evil user could misuse the system you are developing and, subsequently, you mitigate your code. From a CISO perspective, it makes more sense to analyze and take things a step further: How would an evil person compromise the company? How would he commit fraud? How would he go about stealing goods or money? How would he abuse your organization’s vulnerabilities?
We've had a fun half a year packed with information with the Cyber Security Essentials training program. I interviewed a few of the participants, Mia Brunila, Milla Puutio, and Marjanah Sadiq, on their views on the course. It looks like although the program ended, there's no way to stop these cybersecurity enthusiasts.
Gartner reports that "Buyers face challenges in selecting managed detection and response (MDR) services to meet their needs due to the quantity and variety of providers, and the different delivery models, available in the market." To avoid changing providers because of failed expectations, we provide you with a list of critical questions to consider when selecting an MDR provider. You should also evaluate the service as a whole and try it with a pilot.
Nixu Corporation Press release, June 26, 2020 at 9.30 AM EEST
Is once a year enough? I’m talking about penetration tests, of course. Doing a penetration test once a year and only using this methodology to test your cybersecurity performance is far from sufficient. What about doing a penetration test that takes a year to complete?
Traditional antivirus, which focuses primarily on detecting and preventing known malware, is in many cases not equipped to handle the new generation of rapidly evolving cyberthreats. Every organization today should review and consider whether their current antivirus solution is capable of handling the myriad of emerging challenges.
Overview
Vulnerability disclosure in a controlled manner is a foundation of ethical hacking and a prerequisite for establishing trust with Nixu customers.
Nixu corrects its Half-Year Financial Report for January 1–June 30, 2020. The company has noticed a need to adjust the timing of recognition of certain technology resale client agreements of the Denmark market area.
The EU Court's Schrems II judgment ruled Privacy Shield to be invalid in July 2020. As Privacy Shield was one of the most commonly used safeguards for personal data transfers outside EU/EEA, organizations need to figure out a new GDPR safeguard to cover such transfers.
Nixu Corporation
Stock Exchange Release on August 13, 2020 at 8:30 AM EEST
Nixu CEO Petri Kairinen's presentation at a news conference on August 13, 2020.
If you've ever visited any information security events in Finland, you've likely encountered people wearing black hoodies with the text "Cyber Defense Center, Nixu". What exactly is the Cyber Defense Center? Is it a SOC or about digital forensics? We do both and loads more.
Whether your organization is newly ready to evolve beyond just firewalls and antivirus, or actively investing in maturing Security Operations Center operations, this blog post will give you some key takeaways to consider.
Security patching is not without risk, but not patching comes with a risk too. When does the coin flip from "don't touch" to "patch"? You can calculate the risk an make an informed decision.
Assume an attacker owned your AD, and all workstations and all connected file repositories were encrypted. You could easily recover your data by paying the required amount of bitcoins. What would you trust as your point of recovery or as the backup method, if you choose not to pay?
Sometimes vulnerability scanning is the best thing you can do to improve information security, and sometimes it's the worst. Matti Suominen and Quinten Perquin revealed four questions that you should ask yourself when considering vulnerability scanning.