pa|Find out what we learned from analysing nearly 7 trillion security events and detecting over 38 000 security incidents last year. You will also find articles written byon and topics. With mnemonic's service, you receive protection against cyberattacks and security threats targeting your business. Our security experts provide guidance, expertise and recommendations to assist our customers to make fact-based decisions about addressing gaps, managing risk and allocating resources to better protect your organisation. Technology is an important part of any cyber security program. Protecting your company's infrastructure and data requires indepth competence and appropriate technology.processed daily of security incidents confirmed accurate of incidents enriched with mnemonic Threat Intelligence di|To top Upcoming webinars h1|Security Report 2021 h2|Risk Services Products and Support WEBINARS Latest from mnemonic labs News Whitepaper: IT outsourcing after COVID-19. Risks, concerns and mitigations. Technology Partners billion events per cent per cent sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search 20 APR SECURITY REPORT WEBINAR Read more about the event 6 MAY 29+ 98 83 +47 2320 4700 pa|Finn ut hva vi lærte fra å analysere nesten 7 billioner sikkerhetshendelser og å detektere over 38 000 sikkerhetshendelser i fjor. Du finner også artikler omhandlende et bredt sett med aktuelle sikkerhetsutfordringer og emner skrevet av mnemonics sikkerhetseksperter. Med mnemonics Managed Detection and Response-tjeneste sørger vi for å beskytte din virksomhet mot dagens avanserte dataangrep og sikkerhetstrusler. Ved faktabasert og analytisk risikostyring kan risikoer innen informasjonssikkerhet også kvantifiseres, og vi kan gjøre rasjonelle beslutninger om hvordan risikoen skal håndteres. Vi fører de mest avanserte og best tilpassede sikkerhetsproduktene på markedet, og kombinerer dem med erfaring, kunnskap og ekspertise i våre vedlikehold- og supporttjenester.store virksomheter i Norge benytter mnemonic av sikkerhetsvarslene er bekreftet korrekte hendelser blir prosessert daglig di|Til toppen Upcoming webinars h1|Security Report 2021 h2|Risk Services Produkt og Support WEBINARS Latest from mnemonic labs Nyheter Whitepaper: IT outsourcing after COVID-19. Risks, concerns and mitigations. Teknologipartnere av prosent milliarder sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk 20 APR SECURITY REPORT WEBINAR Les mer om arrangementet 6 MAI 5 7 98 +29 +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|processed daily of security incidents confirmed accurate of incidents enriched with mnemonic Threat Intelligence di|To top SNIcat: when security features in TLS inspection devices introduce new vulnerabilites The new office in The Hague will serve customers throughout the Benelux region Great Place to Work® ranks mnemonic as a Best Workplace on European listing Joining forces to strengthen cybersecurity in the Netherlands with mnemonic’s proprietary (MDR) service Argus mnemonic wins first place for second year in a row! mnemonic is closely monitoring the development of the COVID-19 virus. We have contingency plans in place covering this type of scenario, and we test these plans annually to ensure our routines and processes function optimally. As part of an ongoing collaboration with the digital consumer rights team at the Norwegian Consumer Council, two researchers from mnemonic have carried out an in-depth investigation into how mobile applications share data with third parties for advertising purposes. The results show that personal data is shared widely within the advertising ecosystem. h1|News h2|mnemonic joins IT-SECPRO, the security month for security professionals mnemonic presenting at Black Hat Europe mnemonic continues expansion: opens office in the Netherlands mnemonic named one of the Best Workplaces in Europe mnemonic and EYE announce partnership mnemonic joins Amazon Web Services for launch of AWS Marketplace in Norway mnemonic named as best workplace in Norway by Great Place to Work Information on COVID-19 “Out of control”: Advertisers receive large amounts of personal data from popular mobile apps mnemonic once again featured as a representative vendor in Gartner’s Market Guide for Digital Forensics and Incident Response Services billion events per cent per cent sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search 29+ 98 83 +47 2320 4700 di|To top mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats. Do you want to offer 24/7 (MDR) services to your customers? Our organizational certifications document our accreditations and commitment to quality. We have offices in Oslo, Stavanger, Stockholm, The Hague, London, and Palo Alto. As a company processing personal data about European citizens, mnemonic complies to the provisions of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"). h1|About h2|Who is mnemonic Partner Program Management Certifications and awards Contact us Privacy Notice sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Organisations are faced with a complex and ever-evolving list of risks and threats, constantly demanding time, manpower and updated know-how. How can we approach this challenge in an efficient way, while at the same time making sure we continue to stay ahead of our adversaries?Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. di|To top h1|Events sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search 6 MAY SECURITY REPORT WEBINAR Read more about the event 6 MAY SECURITY REPORT WEBINAR Read more about the event 20 APR SECURITY REPORT WEBINAR Read more about the event 20 APR SECURITY REPORT WEBINAR Read more about the event 8 APR SECURITY REPORT WEBINAR Read more about the event 8 APR SECURITY REPORT WEBINAR | THE US Read more about the event 25 MAR WEBINAR | THE NETHERLANDS Read more about the event 18 MAR SECURITY REPORT WEBINAR Read more about the event 18 MAR SECURITY REPORT WEBINAR | THE US Read more about the event 9 MAR SECURITY REPORT WEBINAR Read more about the event +47 2320 4700 pa|In mnemonic, we always welcome brilliant minds. mnemonic has security experts in all fields within information security. We are one of the largest IT security service providers in Europe, and recognised by Gartner as a provider of (MDR) services, threat intelligence and incident response. Our departments and teams contain a mix of different educational backgrounds and competencies. This includes fields like communication technology, programming, networking, electronics, informatics, solution architecture, economics, law, industrial technology and finance management, design, interaction, mathematics, physics and many others. For eight consecutive years we have been among the top in Great Place to Work’s Norwegian and The last two years, mnemonic has been ranked as the Our 200+ security experts deliver services accross of security fields. You can read more about each of the departments below: This department delivers our market-leading security monitoring based on our proprietary Argus platform. This group is working on the development of mnemonic's proprietary platform Argus, which forms the basis of our service delivery. Argus is tailored to deliver our services and is the tool both our analysts and customers use on a daily basis. This group is working on research and development. R&D coordinates and manages mnemonic's participation in external research and innovation projects, and develops new methods and tools for use in mnemonic. MSI employees are “trusted advisors” for our clients on cyber security and security architecture controls and products. TRS is a consulting department that assists customers in understanding technical risk and vulnerability in their IT portfolios, through means such as pentesting and vulnerability analyses. mnemonic's GRC department solves challenges related to the management of digital processes, security management, risk management and strategy, as well as compliance with privacy and security requirements. Infrastructure delivers the IT systems that support mnemonic's market-leading security monitoring service, based on our proprietary platform Argus. We always accept open applications. We are now recieving applications for our summer 2021 internships. Read about the experiences of previous interns here interns Are you looking for a relevant part-time job while you are studying? Our SOC Trainee Program offers exciting Security Analyst positions. Join our NOC team! This is a great starting point for a career in cyber security, and a unique opportunity to jump right into the middle of the action. Head of Recruitment di|To top st|Who are we? See our full list of vacancies . Where do I fit in? mnemonic Security Services (MSS) mnemonic System Integration (MSI) Technical Risk Services (TRS) Governance, Risk and Compliance (GRC) Infrastructure mInternship Program h1|Careers h2|Any questions regarding a career in mnemonic? h3|Feel free to visit our to see how we handle your recruitment information. sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Would you like to receive updates from mnemonic? Stay informed on upcoming seminars? Or are you already getting some of our updates but want more? di|To top h1|Newsletter sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search I would like to recieve the following communication from mnemonic: *requires approval by mnemonic mnemonic takes your privacy seriously. Please read the for more details on how we handle your privacy data. +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 di|Til toppen mnemonic hjelper virksomheter med å administrere og håndtere sine sikkerhetsrisikoer, beskytte sine data og forsvare seg mot trusler fra Internett. Do you want to offer 24/7 (MDR) services to your customers? Vi har kontorer i Oslo, Stavanger, Stockholm, Haag, London og Palo Alto. As a company processing personal data about European citizens, mnemonic complies to the provisions of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"). h1|Om oss h2|Hvem er mnemonic Partner Program Ledelse Sertifiseringer Kontakt oss Privacy Notice sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Learn more about mnemonic's services by reading our solution briefs Here you can find our whitepapers where our security experts share from their experiences Have a listen to the mnemonic security podcast Download mnemonic's annual security reports where we share trends observed from our SOC, our predictions for the year ahead and analyses from our experts Watch recordings of our past webinars, and stay updated on upcoming topics Information about the most recent Gartner guides mentioning mnemonic's services di|To top h1|Resources h2|Solution briefs Whitepapers Podcast Security report Webinars Industry Recognition sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event +47 2320 4700 pa|Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Organisations are faced with a complex and ever-evolving list of risks and threats, constantly demanding time, manpower and updated know-how. How can we approach this challenge in an efficient way, while at the same time making sure we continue to stay ahead of our adversaries?Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. di|Til toppen h1|Seminarer sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk 6 MAI SECURITY REPORT WEBINAR Les mer om arrangementet 6 MAI SECURITY REPORT WEBINAR Les mer om arrangementet 20 APR SECURITY REPORT WEBINAR Les mer om arrangementet 20 APR SECURITY REPORT WEBINAR Les mer om arrangementet 8 APR SECURITY REPORT WEBINAR Les mer om arrangementet 8 APR SECURITY REPORT WEBINAR | THE US Les mer om arrangementet 25 MAR WEBINAR | THE NETHERLANDS Les mer om arrangementet 18 MAR SECURITY REPORT WEBINAR Les mer om arrangementet 18 MAR SECURITY REPORT WEBINAR | THE US Les mer om arrangementet 9 MAR SECURITY REPORT WEBINAR Les mer om arrangementet +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. The Cybersecurity Maturity Model Certification (CMMC) was introduced in January 2020 by the United States’ Office of the Under Secretary of Defense for Acquisition & Sustainment. This blogpost outlines the core principles of the CMMC framework, and discusses how CMMC differs from other established frameworks when it comes to security practices, maturity definitions and the certification process itself. It will also present how CMMC will influence both US organisations and international subcontractors of the US defence industry performing everything from software development to human resource services. It is expected that subcontractors that retrieve, process or use sensitive information from the US defence industry will be subject to the requirements defined in the CMMC framework. The blog post also presents some advice on how to get a head start while we are waiting for the framework to be rolled out. There is no shortage of information security frameworks. Some of the more established frameworks include ISO 27001, NIST SP 800-171, and NIST 800 SP 800-53. These are often accompanied by compliance reports such as SOC 2 or ISAE 3402. If there weren’t’ already enough acronyms, here’s one more: CMMC. This particular acronym however may prove to have a significant impact on the global defence industry. CMMC is a certification framework that sets out to secure the US defence industry and their associated Controlled Unclassified Information (CUI). Defining CUI could be a blogpost itself, but to keep it short; it is information that is considered to be sensitive, but not so sensitive that it is considered classified. In other words, it is sensitive information that the nation does not depend upon. The CMMC framework also grants organisations the possibility to certify and attest their information security maturity, much like the . By the looks of it, the framework might have consequences beyond just the defence industry. The framework consists of a lot of useful content, and there are few limitations in regards to which sectors it might affect - both public and private organisations are on the table. Nevertheless, implementation of the CMMC framework outside the defence industry is a futuristic topic; the US defence industry consist of more than 300,000 organisations, and it is a safe assumption to say that it will take some time to get everyone on-board. If you are working for a non-US organisation, the CMMC will still apply to you. One of our key learnings is that CMMC will affect all subcontractors of the US organisation that process or store Federal Contract Information (FCI) and/or CUI as part of their service delivery. FCI is easier than CUI to define, as this primarily includes contractual information not intended for public release. One of the key elements that differentiate CMMC from other frameworks is that CMMC has defined five different levels of cyber hygiene. This means that CMMC is not a one-size-fits-all-framework. This approach is refreshing change in the world of information security frameworks. Most frameworks today, especially those you can certify yourself after, are rarely open for tailoring the requirements to the actual needs of the organisation. The cyber security maturity levels outlined in CMMC are quite straightforward. The lowest levels set the basics requirements to information security, while the higher levels set more mature requirements. Each level defines a set of practices and policies that need to be adhered to. How to adhere to each practice is not yet set in stone, but I suspect that the specific controls used to measure maturity will be similar to what we have seen in and in . Each level is further summarised in the table below: The CMMC Accreditation Body (CMMC-AB) have throughout 2020 tried to nourish the public with answers, timelines and other information relevant to the CMMC-framework. Their introduces the reader to the various roles that will be applicable. These roles differ in scope and include both organisation-wide roles and certifications as well as individual roles and certifications. The currently published roles are defined below: – C3PAOs are organisations employing Certified Assessors which are responsible for auditing and certifying provider organisations according to the CMMC requirements. – RPOs are organisations employing registered practitioners and are authorised to represent the organisation as they are familiar with the basic constructs of the CMMC standard with a CMMC-AB provided logo. They will provide non-certified CMMC consulting services. – LPPs are organisations that create and provide the training materials for CMMC. The training material is used by Certified Instructors for training Certified Professionals and Certified Assessor applicants. There are also three additional organisation roles, which are published but not yet defined: – LIs are expected to be individuals that are trained and certified to teach assessor applicants the details and rigors of their CMMC assessment practices. – LTPs are expected to be either public or private organisations that train Certified Professionals and Certified Assessors. – CMMC-AB have not defined the responsibilities of the LSPs, but the name of the role gives us some indication of what it might be. The timeline for the framework is constantly changing, so the timeline presented here may soon be adjusted. However as of November 2020, the timeline is: There are still a multitude of questions and concerns surrounding the CMMC framework, and we will continue looking into how the framework will hit the global defence industry. Nevertheless, if your organisation processes FCI or CUI today, or are planning to do so in future, then it is very likely that you will be subject to the CMMC requirements and should already be preparing for them. To give you a head start, here are our recommendations on how to prepare for the CMMC framework: If you have any questions regarding CMMC, or if you want to have an open discussion about how CMMC might affect your organisation, feel free to contact me at . di|To top li|Subscribe to the website to stay updated about the framework, and attend workshops and seminars that relate to CMMC. Keep an eye on your national defence industry interest groups and communities to be up to date on any national briefings, meetings or guidelines that relate to CMMC. Identify which CMMC level that will be relevant to your organisation, and start reviewing how your current practices reflect the requirements from the chosen CMMC maturity level. Flag to the Board of Directors and/or relevant internal stakeholders that there will be a cost to both implementing potential new security controls, and also to the overall certification process. Perform a readiness assessment to see how well your organisation has implemented the CMMC-requirements, how well the requirements are documented and if the maturity is sufficient. The figure below shows mnemonic’s methodology in regards to how maturity assessments can be assessed and virtualised. st|TL;DR A. Third-Party Assessor Organisations (C3PAO) and Assessors B. Registered Provider Organisations (RPO) and Registered Practitioners C. Licensed Partner Publishers (LPP) D. Licensed Instructors (LI) E. Licensed Training Providers (LTP) F. Licensed Software Provider (LSP) h1|mnemonic Labs CMMC: New cybersecurity requirements to work with the US Defence industry h2|What is CMMC? CMMC on a global scale Five levels of Cyber Security Maturity What roles will CMMC introduce? The current timeline How should you prepare for the coming requirements? Contact information sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 em|Written by Anders Hval Olsen, Security Consultant at mnemonic’s Governance, Risk & Compliance department Click to enlarge: Summary of the five maturity levels of CMMC Click to enlarge timeline Click to enlarge: Example of result from a readiness assessment towards the CMMC requirements pa|Ønsker du å motta oppdateringer fra mnemonic? Eller mottar du allerede våre oppdateringer, men ønsker flere? di|Til toppen h1|Meld deg på vår mailingliste sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk I would like to recieve the following communication from mnemonic: *requires approval by mnemonic +47 2320 4700 pa|store virksomheter i Norge benytter mnemonic av sikkerhetsvarslene er bekreftet korrekte hendelser blir prosessert daglig di|Til toppen SNIcat: when security features in TLS inspection devices introduce new vulnerabilites The new office in The Hague will serve customers throughout the Benelux region Great Place to Work® ranks mnemonic as a Best Workplace on European listing Joining forces to strengthen cybersecurity in the Netherlands with mnemonic’s proprietary (MDR) service Argus mnemonic wins first place for second year in a row! mnemonic is closely monitoring the development of the COVID-19 virus. We have contingency plans in place covering this type of scenario, and we test these plans annually to ensure our routines and processes function optimally. As part of an ongoing collaboration with the digital consumer rights team at the Norwegian Consumer Council, two researchers from mnemonic have carried out an in-depth investigation into how mobile applications share data with third parties for advertising purposes. The results show that personal data is shared widely within the advertising ecosystem. h1|Nyheter h2|mnemonic joins IT-SECPRO, the security month for security professionals mnemonic presenting at Black Hat Europe mnemonic continues expansion: opens office in the Netherlands mnemonic named one of the Best Workplaces in Europe mnemonic and EYE announce partnership mnemonic joins Amazon Web Services for launch of AWS Marketplace in Norway mnemonic named as best workplace in Norway by Great Place to Work Information on COVID-19 “Out of control”: Advertisers receive large amounts of personal data from popular mobile apps mnemonic once again featured as a representative vendor in Gartner’s Market Guide for Digital Forensics and Incident Response Services av prosent milliarder sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk 5 7 98 +29 +47 2320 4700 pa|mnemonic's MSS department delivers our market-leading security monitoring service, based on our proprietary platform, Argus. Our network of IDS sensors, other log sources and listening points is the largest in the Nordic region. By compiling information from this network with several external information sources, we get a unique understanding of the local and global threat landscape. We use this understanding to customise filters and configurations to meet the dynamic threat picture. About 80 percent of all our notifications and alerts are a result of our own filters. MSS is structured in several sub-groups that all contribute to maintain mnemonic's position among the best within security monitoring in Europe: di|To top h1|MSS (mnemonic Security Services) sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|MSI is responsible for protecting services and applications vital for our society. We make our customers’ services and systems resistant against cyber-attacks and at the same time ensure operational availability. We work with all areas of system integration, specialising in cyber security. Our customers trust us to design, implement and manage protections for their most critical assets, and focus their attention on the correct cyber security controls and products. We take this task seriously and spend a lot of time investigating and learning about our customers' infrastructure and needs. MSI is a consulting department working long-term with customers, aiming to be a trusted advisor where it really matters. This helps us complement customers’ security architecture with relevant and cost-effective controls. Our developer team also helps our customers’ individual systems speak and work together. In addition, we work with training, system reviews and project support both in Norway and internationally. MSI has four sub-groups: Would you like to be part of our trainee program? Read more here: Head of Recruitment di|To top h1|MSI (mnemonic System Integration) h2|Any questions regarding a career in mnemonic? sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Technical Risk Services is a consulting department assisting customers in understanding the technical risks and the vulnerabilities in their IT portfolios. Among other things, we do penetration and security testing, technical audits, and source code analysis on existing solutions, and establish architecture, processes, and tools to help defend new solutions. di|To top h1|TRS (Technical Risk Services) h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|In GRC, we work with our customers on the management of digital processes, security management, risk management and strategy, as well as compliance with privacy and security requirements. Working in GRC means you get to be close to decision makers, and you will be considered a reliable sparring partner in strategic decisions. In the GRC department you get the opportunity to work on projects and services across all disciplines in mnemonic. di|To top h1|GRC (Governance, Risk and Compliance) h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Passive DNS records the historical relationship between IP addresses and domains. It is a common tool used during activities like incident response, threat hunting and mapping threat actor infrastructure. mnemonic maintains one of the largest passive DNS databases globally and offers it as a free, open service. Visit to test it yourself. Threat intelligence plays an important role in defending against modern threat actors. However existing platforms focus on collecting data rather than analysing it, lack flexibility to support collaboration, and are often closed solutions that make sharing intelligence a challenge. Semi-automated Cyber Threat Intelligence (ACT) is a joint research effort that has delivered an open platform to enable the collection, analysis and sharing of threat intelligence. Annotate your searches with a live lookup of threat data within your ACT platform. Query your ACT platform directly from the Splunk search field. *Requires an installation of the ACT platform. Get it at or test with our demo installation Threat feeds enhance existing security solutions with live threat data, add valuable context to incident investigations and provide insight to new threats as they emerge. Focused on providing high quality, high confidence data, mnemonic’s Threat Feed is populated in near real-time from the threats we observe from our Security Operations Center, our global sensor network, incident response activities, collaborative threat research projects and our intelligence partners. Search domains against mnemonic’s extensive reputation lists. *The Argus Threat Feed requires a valid subscription. Solutions that can import CSV or STIX data are also supported, such as Check Point, Palo Alto Networks, Carbon Black, or Symantec/Blue Coat. Contact for more info. di|To top li|Query mnemonic passive DNS directly from the Splunk search field to find historical relationships between IP addresses and domains. Annotate your searches with a live lookup from mnemonic’s passive DNS database. Utilse a workflow action that launches a pre-defined search within your ACT instance. Pre-defined searches can be customised. For example, perform a lookup for any threat intelligence reports that mention a specific IP address. Utilise a workflow action to enable reputation lookups directly from your search results. st|With this app you can: With this app you can: With this app you can: h1|Check out mnemonic's apps on Splunkbase h2|MNEMONIC PASSIVE DNS FOR SPLUNK ACT THREAT INTELLIGENCE FOR SPLUNK MNEMONIC’S ARGUS THREAT FEED FOR SPLUNK sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|I mnemonic ønsker vi alltid skarpe hoder velkommen. Det blir det godt miljø av. mnemonic har sikkerhetseksperter innen alle fagfelt av informasjonssikkerhetsfaget. Vi er en av de største IT-sikkerhetstjenesteleverandørene i Europa, og fremheves av Gartner som leverandør av (MDR), trusseletterretning, samt hendelseshåndtering. Alle våre team innehar sammensatt kompetanse, og representerer en lang liste av ulike bakgrunner, være seg kommunikasjonsteknologi, programmering, nettverk, elektronikk, informatikk, samfunnssikkerhet, løsningsarkitektur, økonomi, juss, industriell teknologi og økonomiledelse, design, interaksjon, matematikk, fysikk og mye mer. De siste åtte årene har vi ligget i toppen av kåringen av Norges og i regi av Great Place to Work. De siste to årene har vi også gått av med seieren som Våre 200+ sikkerhetseksperter leverer tjenester innenfor en rekke områder. Du kan lese mer om hva de enkelte avdelingene gjør nedenfor: Denne avdelingen leverer vår markedsledende sikkerhetsmonitorering basert på vår egenutviklede plattform Argus. Denne gruppen jobber med utviklingen av mnemonics Argus-plattform som ligger til grunn for våre tjenesteleveranser. Argus er skreddersydd for å levere våre tjenester, og er det daglige arbeidsverktøyet til både våre analytikere og kunder. Denne gruppen jobber med forskning og utvikling. R&D-gruppen koordinerer og leder mnemonics deltagelse i eksterne forsknings- og innovasjonsprosjekter, og utvikler nye metoder og verktøy til bruk i mnemonic. Ansatte i MSI fungerer som “trusted advisors” for våre kunder på kontroller og produkter relatert til cyber-sikkerhet og sikkerhetsarkitektur. TRS er en konsulentavdeling som bistår kunder med å forstå teknisk risiko og sårbarhet i sine IT-porteføljer, blant annet gjennom virkemidler som pentesting og sårbarhetsanalyser. mnemonics GRC-avdeling jobber med utfordringer innen styring av digitale prosesser, sikkerhetsledelse, risikostyring og –strategi, samt etterlevelse av personvern- og sikkerhetskrav. Infrastruktur leverer IT-systemene som understøtter mnemonics markedsledende tjeneste for sikkerhetsmonitorering, basert på vår egenutviklede plattform Argus. Vi tar alltid imot åpne søknader. Vi mottar nå søknader for våre internships sommeren 2021. Les erfaringene til tidligere interns . Er du på utkikk etter en relevant deltidsjobb ved siden av studiene? Vårt SOC Trainee Program tilbyr spennende sikkerhetsanalytiker-stillinger. Bli en del av vårt NOC team! Trainee-programmet er en flott plass å starte en karriere innen cybersikkerhet. Rekrutteringsansvarlig di|Til toppen st|Hvem er vi? Se alle våre ledige stillinger . Hvor passer jeg inn i mnemonic? mnemonic Security Services (MSS) mnemonic System Integration (MSI) Technical Risk Services (TRS) Governance, Risk and Compliance (GRC) SOC Trainee Program h1|Karriere h2|Kontakt oss gjerne om du har noen spørsmål! h3|Vennligst besøk vårt for å se hvordan vi håndterer informasjon gitt til oss i rekrutteringsøyemed. sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Learn more about mnemonic's services by reading our solution briefs Here you can find our whitepapers where our security experts share from their experiences Have a listen to the mnemonic security podcast Download mnemonic's annual security reports where we share trends observed from our SOC, our predictions for the year ahead and analyses from our experts Watch recordings of our past webinars, and stay updated on upcoming topics Information about the most recent Gartner guides mentioning mnemonic's services di|Til toppen h1|Resources h2|Solution briefs Whitepapers Podcast Security report Webinars Industry Recognition sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. Stay updated on our security analysts’ findings and recommended actions. di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. Wearable smartphone from Chinese manufacturer includes hidden snapshot and wiretapping capabilities di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. The Cybersecurity Maturity Model Certification (CMMC) was introduced in January 2020 by the United States’ Office of the Under Secretary of Defense for Acquisition & Sustainment. This blogpost outlines the core principles of the CMMC framework, and discusses how CMMC differs from other established frameworks when it comes to security practices, maturity definitions and the certification process itself. It will also present how CMMC will influence both US organisations and international subcontractors of the US defence industry performing everything from software development to human resource services. It is expected that subcontractors that retrieve, process or use sensitive information from the US defence industry will be subject to the requirements defined in the CMMC framework. The blog post also presents some advice on how to get a head start while we are waiting for the framework to be rolled out. There is no shortage of information security frameworks. Some of the more established frameworks include ISO 27001, NIST SP 800-171, and NIST 800 SP 800-53. These are often accompanied by compliance reports such as SOC 2 or ISAE 3402. If there weren’t’ already enough acronyms, here’s one more: CMMC. This particular acronym however may prove to have a significant impact on the global defence industry. CMMC is a certification framework that sets out to secure the US defence industry and their associated Controlled Unclassified Information (CUI). Defining CUI could be a blogpost itself, but to keep it short; it is information that is considered to be sensitive, but not so sensitive that it is considered classified. In other words, it is sensitive information that the nation does not depend upon. The CMMC framework also grants organisations the possibility to certify and attest their information security maturity, much like the . By the looks of it, the framework might have consequences beyond just the defence industry. The framework consists of a lot of useful content, and there are few limitations in regards to which sectors it might affect - both public and private organisations are on the table. Nevertheless, implementation of the CMMC framework outside the defence industry is a futuristic topic; the US defence industry consist of more than 300,000 organisations, and it is a safe assumption to say that it will take some time to get everyone on-board. If you are working for a non-US organisation, the CMMC will still apply to you. One of our key learnings is that CMMC will affect all subcontractors of the US organisation that process or store Federal Contract Information (FCI) and/or CUI as part of their service delivery. FCI is easier than CUI to define, as this primarily includes contractual information not intended for public release. One of the key elements that differentiate CMMC from other frameworks is that CMMC has defined five different levels of cyber hygiene. This means that CMMC is not a one-size-fits-all-framework. This approach is refreshing change in the world of information security frameworks. Most frameworks today, especially those you can certify yourself after, are rarely open for tailoring the requirements to the actual needs of the organisation. The cyber security maturity levels outlined in CMMC are quite straightforward. The lowest levels set the basics requirements to information security, while the higher levels set more mature requirements. Each level defines a set of practices and policies that need to be adhered to. How to adhere to each practice is not yet set in stone, but I suspect that the specific controls used to measure maturity will be similar to what we have seen in and in . Each level is further summarised in the table below: The CMMC Accreditation Body (CMMC-AB) have throughout 2020 tried to nourish the public with answers, timelines and other information relevant to the CMMC-framework. Their introduces the reader to the various roles that will be applicable. These roles differ in scope and include both organisation-wide roles and certifications as well as individual roles and certifications. The currently published roles are defined below: – C3PAOs are organisations employing Certified Assessors which are responsible for auditing and certifying provider organisations according to the CMMC requirements. – RPOs are organisations employing registered practitioners and are authorised to represent the organisation as they are familiar with the basic constructs of the CMMC standard with a CMMC-AB provided logo. They will provide non-certified CMMC consulting services. – LPPs are organisations that create and provide the training materials for CMMC. The training material is used by Certified Instructors for training Certified Professionals and Certified Assessor applicants. There are also three additional organisation roles, which are published but not yet defined: – LIs are expected to be individuals that are trained and certified to teach assessor applicants the details and rigors of their CMMC assessment practices. – LTPs are expected to be either public or private organisations that train Certified Professionals and Certified Assessors. – CMMC-AB have not defined the responsibilities of the LSPs, but the name of the role gives us some indication of what it might be. The timeline for the framework is constantly changing, so the timeline presented here may soon be adjusted. However as of November 2020, the timeline is: There are still a multitude of questions and concerns surrounding the CMMC framework, and we will continue looking into how the framework will hit the global defence industry. Nevertheless, if your organisation processes FCI or CUI today, or are planning to do so in future, then it is very likely that you will be subject to the CMMC requirements and should already be preparing for them. To give you a head start, here are our recommendations on how to prepare for the CMMC framework: If you have any questions regarding CMMC, or if you want to have an open discussion about how CMMC might affect your organisation, feel free to contact me at . di|Til toppen li|Subscribe to the website to stay updated about the framework, and attend workshops and seminars that relate to CMMC. Keep an eye on your national defence industry interest groups and communities to be up to date on any national briefings, meetings or guidelines that relate to CMMC. Identify which CMMC level that will be relevant to your organisation, and start reviewing how your current practices reflect the requirements from the chosen CMMC maturity level. Flag to the Board of Directors and/or relevant internal stakeholders that there will be a cost to both implementing potential new security controls, and also to the overall certification process. Perform a readiness assessment to see how well your organisation has implemented the CMMC-requirements, how well the requirements are documented and if the maturity is sufficient. The figure below shows mnemonic’s methodology in regards to how maturity assessments can be assessed and virtualised. st|TL;DR A. Third-Party Assessor Organisations (C3PAO) and Assessors B. Registered Provider Organisations (RPO) and Registered Practitioners C. Licensed Partner Publishers (LPP) D. Licensed Instructors (LI) E. Licensed Training Providers (LTP) F. Licensed Software Provider (LSP) h1|mnemonic Labs CMMC: New cybersecurity requirements to work with the US Defence industry h2|What is CMMC? CMMC on a global scale Five levels of Cyber Security Maturity What roles will CMMC introduce? The current timeline How should you prepare for the coming requirements? Contact information sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 em|Written by Anders Hval Olsen, Security Consultant at mnemonic’s Governance, Risk & Compliance department Click to enlarge: Summary of the five maturity levels of CMMC Click to enlarge timeline Click to enlarge: Example of result from a readiness assessment towards the CMMC requirements pa|Our security experts provide guidance, expertise and recommendations to assist our customers to make fact-based decisions about addressing gaps, managing risk and allocating resources to better protect your organisation. Cybersecurity is an exercise in risk management. The ability to identify, assess, and manage these risks helps remove their uncertainty and transforms technology from a liability into a business enabler. Applications, systems, networks and people form the technological foundation for any business. Expert security testing of this foundation will identify risks, isolate vulnerabilities and prioritize remediation before any exposures are exploited by attackers. ISO/IEC 27001? General Data Protection Regulation (GDPR)? CSA Cloud Control Matrix? Our team of compliance specialist will help you achieve your compliance initiatives, meet regulatory requirements and align your security strategy with your mandates. Security is complex. From developing long-term security strategy to implementing the vision, having access to experienced, trusted advisors is essential in safeguarding your assets and protecting against cyberthreats. Applications, systems, networks and people form the technological foundation for any business. By having security experts test this foundation they will identify risks, isolate vulnerabilities and prioritise remediation before exposures can be exploited by attackers. Organisations are challenged in using a limited set of resources and budget to mitigate an evolving list of risks and threats. Building robust security architecture requires the ability to make informed, business-driven decisions on security investments to address the identified risks – a task easier said than done. So where do you start? Does your organisation have the capabilities to detect and stop real-life threat actors from compromising your network? Conducting a Red Team assessment from mnemonic will let you find out. Manager Risk Services di|To top h1|Risk Services h2|Risk Assessment Security Assessments Compliance and regulatory Security Advisory Penetration testing Application security assessments Enterprise Security Architecture CISO for hire Security strategy Red teaming Threat Intelligence-Based Ethical Red-teaming (TIBER) Cloud security assessments Contact me for more information sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. How the security features in state-of-the-art TLS inspection solutions can be exploited for covert data exfiltration di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|To top h1|mnemonic Labs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|This group is working on . R&D coordinates and manages mnemonic's participation in external research and innovation projects, and develops new methods and tools for use in mnemonic. If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. di|To top h1|R&D h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|This group provides information and intelligence products to mnemonic's monitoring and response service, customers and external partners. We are experiencing a high demand for our services, and are always looking for skilled people. di|To top h1|TI h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Passive DNS records the historical relationship between IP addresses and domains. It is a common tool used during activities like incident response, threat hunting and mapping threat actor infrastructure. mnemonic maintains one of the largest passive DNS databases globally and offers it as a free, open service. Visit to test it yourself. Threat intelligence plays an important role in defending against modern threat actors. However existing platforms focus on collecting data rather than analysing it, lack flexibility to support collaboration, and are often closed solutions that make sharing intelligence a challenge. Semi-automated Cyber Threat Intelligence (ACT) is a joint research effort that has delivered an open platform to enable the collection, analysis and sharing of threat intelligence. Annotate your searches with a live lookup of threat data within your ACT platform. Query your ACT platform directly from the Splunk search field. *Requires an installation of the ACT platform. Get it at or test with our demo installation Threat feeds enhance existing security solutions with live threat data, add valuable context to incident investigations and provide insight to new threats as they emerge. Focused on providing high quality, high confidence data, mnemonic’s Threat Feed is populated in near real-time from the threats we observe from our Security Operations Center, our global sensor network, incident response activities, collaborative threat research projects and our intelligence partners. Search domains against mnemonic’s extensive reputation lists. *The Argus Threat Feed requires a valid subscription. Solutions that can import CSV or STIX data are also supported, such as Check Point, Palo Alto Networks, Carbon Black, or Symantec/Blue Coat. Contact for more info. di|Til toppen li|Query mnemonic passive DNS directly from the Splunk search field to find historical relationships between IP addresses and domains. Annotate your searches with a live lookup from mnemonic’s passive DNS database. Utilse a workflow action that launches a pre-defined search within your ACT instance. Pre-defined searches can be customised. For example, perform a lookup for any threat intelligence reports that mention a specific IP address. Utilise a workflow action to enable reputation lookups directly from your search results. st|With this app you can: With this app you can: With this app you can: h1|Check out mnemonic's apps on Splunkbase h2|MNEMONIC PASSIVE DNS FOR SPLUNK ACT THREAT INTELLIGENCE FOR SPLUNK MNEMONIC’S ARGUS THREAT FEED FOR SPLUNK sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|This group analyses traffic patterns and system logs, as well as operates and develops services based on various commercial and open-source security products within networks, such as IDS and IPS. If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. di|To top h1|NSA h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. Stay updated on our security analysts’ findings and recommended actions. di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. Wearable smartphone from Chinese manufacturer includes hidden snapshot and wiretapping capabilities di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|MSS-avdelingen leverer mnemonics markedsledende tjeneste for sikkerhetsmonitorering, basert på vår egenutviklede plattform, Argus. Vårt nettverk av IDS-sensorer, andre loggkilder og lyttepunkter er det største i Norden. Ved å sammenstille informasjon fra dette nettverket med flere eksterne informasjonskilder har vi en unik forståelse av det lokale og globale trussellandskapet. Vi bruker denne forståelsen til hurtig å tilpasse filtre og konfigurasjoner for å møte det dynamiske trusselbildet. Omtrent 80 prosent av alle varslinger vi gjør kommer som et resultat av egenutviklede filtre. Den stadige utviklingen mot et mer komplekst og utfordrende trusselbilde, kombinert med økte kundebehov, gjør at vi konstant ser etter å utvide avdelingen for sikkerhetsmonitorering med sikkerhetsanalytikere. MSS er strukturert i flere ulike undergrupper som alle bidrar til å opprettholde mnemonics posisjon som ledende innen sikkerhetsmonitorering i Europa: Rekrutteringsansvarlig di|Til toppen h1|MSS (mnemonic Security Services) h2|Kontakt meg for mer informasjon sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|This group works on log analysis solutions to detect external threats and internal abuse of data. Surveillance solutions increasingly use log analysis solutions to detect external threats and internal abuse of data. This creates new demands on the solutions that collect and analyse logs. We are looking for skilled consultants who can help our customers to design and manage solutions that effectively support security monitoring and event management. If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. di|To top h1|Log h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|MSI hjelper virksomheter å prioritere riktige kontroller og produkter relatert til cyber-sikkerhet. Vi tar oppgaven på alvor og bruker mye tid på å sette oss inn i kundenes infrastruktur og behov. Vi setter faglig integritet høyt, og våre konsulenter fungerer ofte som langsiktige "trusted advisors" for kundene våre. Slik bidrar vi til å gi kundene våre komplett sikkerhetsarkitektur, med relevante og kostnadseffektive kontroller. Vi er spesialisert innen informasjonssikkerhet, og har god kjennskap til alle områder innenfor systemintegrasjon, være seg risikoforståelse og arkitekturinnspill, klassisk installasjon og driftstjenester eller komplekse leveranser der vi leverer komponenter med egenutviklede moduler. MSI leverer målrettede tjenester for å beskytte våre kunders mest kritiske verdier, og hjelper de understøtte eksisterende arkitektur med de mest relevante kontrollene. Vårt utviklerteam jobber med å få spesifikke systemer til å kommunisere og fungere godt sammen. I tillegg jobber vi med opplæring, gjennomgang av systemer og prosjektstøtte hos våre kunder i Norge og internasjonalt. Har du lyst til å være trainee hos oss? Les mer om trainee-programmet vårt her: Rekrutteringsansvarlig di|Til toppen h1|MSI (mnemonic System Integration) h2|Kontakt meg for mer informasjon sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk MSI består av fire undergrupper: +47 2320 4700 pa|Technical Risk Services er en konsulentavdeling som bistår kunder med å forstå teknisk risiko og sårbarhet i sine IT-porteføljer. Vi jobber både med sjekk av eksisterende løsninger, eksempelvis gjennom penetrasjons- og sikkerhetstesting, tekniske revisjoner, kildekodeanalyse, og etablering av arkitektur, prosesser og verktøy for å hjelpe til å etablere nye løsninger. Avdelingen består i dag av over 20 fulltidsansatte konsulenter, hovedsakelig lokalisert i Oslo. di|Til toppen h1|TRS (Technical Risk Services) h2|Stillingsannonse: sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|I GRC jobber vi med utfordringer innen styring av digitale prosesser, sikkerhetsledelse, risikostyring og –strategi, samt etterlevelse av personvern- og sikkerhetskrav. Hos oss kommer man svært tett på beslutningstakerne, og man blir ansett som en pålitelig sparringspartner i strategiske beslutninger. I GRC-avdelingen får du mulighet til å levere prosjekter og tjenester på tvers av alle fagområder i mnemonic. di|Til toppen h1|GRC (Governance, Risk and Compliance) h2|Stillingsannonse: sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 di|To top Chief Executive Officer (CEO) and Co-Founder Chief Financial Officer (CFO) Manager, mnemonic Security Services (MSS) Manager, Governance, Risk & Compliance (GRC) Manager, Risk Services Manager, Infrastructure Manager, mnemonic System Integration (MSI) Manager, Business Development & Contracts Director of Sales Director of Marketing h1|Management h2|Tønnes Ingebrigtsen Line Kloster Erik Alexander Løkken Gjermund Vidhammer Andreas Furuseth Lars Are Aschim Jon-Finngard Moe Kåre Magne Almåsbakk Richard Jensen Andrew Facchini sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|We have offices in Oslo, Stavanger, Stockholm, The Hague, London, and Palo Alto. mnemonic as Henrik Ibsens gate 100 0255 Oslo Norway Phone (+47) 2320 4700 Email mnemonic as Solaveien 88 4316 Sandnes Norway Phone (+47) 2320 4700 Email Visit: mnemonic ab Borgarfjordsgatan 6c Kista Sweden Post: mnemonic ab P.O. Box 1073 164 25 Kista Sweden Phone (+46) 08 444 8990 Email WTC Business Center Prinses Margrietplantsoen 33 2595 AM The Hague The Netherlands Email mnemonic Cybersecurity Level 39 One Canada Square, Canary Wharf London E14 5AB UK Phone (+44) 203 973 0036 Email mnemonic 470 Ramona Street Palo Alto, CA, 94301 USA Email processed daily of security incidents confirmed accurate of incidents enriched with mnemonic Threat Intelligence di|To top h1|Contact us h2|Corporate Headquarters Stavanger Stockholm The Hague London Palo Alto billion events per cent per cent sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search SE-164 55 29+ 98 83 +47 2320 4700 pa|Ved faktabasert og analytisk risikostyring kan risikoer innen informasjonssikkerhet også kvantifiseres, og vi kan gjøre rasjonelle beslutninger om hvordan risikoen skal håndteres. IT-sikkerhet er en øvelse i riskoledelse. Evnen til å identifisere, vurdere og administrere risiko innen IT gjør det lettere å håndtere dem. God risikostyring er avgjørende for å kunne lykkes med digitalisering av tjenester. Applikasjoner, systemer, nettverk og mennesker danner den teknologiske plattformen for ethvert selskap. Avanserte sikkerhetstestinger av dette vil identifisere risiko og sårbarheter. I tillegg vil man få hjelp til prioritering av nødvendige tiltak før risikoene blir eksponert for eventuelle angripere. PCI DSS? ISO/IEC 27001? EUs Personvernsdirektiv? CSA Cloud Control Matrix? Vårt team med spesialister innen regulative krav og lovverk hjelper virksomheter med å være i henhold til disse. I tillegg sørger de for å etablere en sikkerhetsstrategi som sørger for at endringene forblir varige. Teamet av høyt utdannede og erfarne sikkerhetskonsulent gjør at vi ofte gis stor tillit i sikkerhetspørsmål. Leveranser til prosjekter som BankID og Norges nye system for elektronisk stemmegivning viser dette. Applications, systems, networks and people form the technological foundation for any business. By having security experts test this foundation they will identify risks, isolate vulnerabilities and prioritise remediation before exposures can be exploited by attackers. Organisations are challenged in using a limited set of resources and budget to mitigate an evolving list of risks and threats. Building robust security architecture requires the ability to make informed, business-driven decisions on security investments to address the identified risks – a task easier said than done. So where do you start? Does your organisation have the capabilities to detect and stop real-life threat actors from compromising your network? Conducting a Red Team assessment from mnemonic will let you find out. Avdelingsleder Governance, Risk & Compliance di|Til toppen h1|Risk Services h2|Risikovurdering Sikkerhetstesting Regulative krav og lover Sikkerhetsrådgiver Penetrasjonstesting Sikkerhetsvurdering av applikasjoner Enterprise Security Architecture CISO for hire Sikkerhetsstrategi Red teaming Threat Intelligence-Based Ethical Red-teaming (TIBER) Cloud security assessments Kontakt meg for mer informasjon sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Head of Recruitment di|To top st|GOVERNANCE, RISK & COMPLIANCE (GRC) TECHNICAL RISK SERVICES (TRS) MNEMONIC SYSTEM INTEGRATION (MSI) MNEMONIC SECURITY SERVICES (MSS) Infrastructure h1|Vacancies h2|Any questions regarding a career in mnemonic? sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. How the security features in state-of-the-art TLS inspection solutions can be exploited for covert data exfiltration di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. di|Til toppen h1|mnemonic Labs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|We are looking for a researcher for an exciting role in our R&D department mnemonic is the Nordic region’s leading IT and information security company, offering a unique combination of services and solutions. mnemonic currently has more than 200 employees, and we are rapidly growing both in Norway and internationally. For the eight consecutive year, we are ranked as one of Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! We are working side by side some of Europe’s most important organisations in the fight against cyber attacks, and we are actively participating in reputable research programs both in Europe and globally. mnemonic is also a trusted source of threat intelligence information to Europol and other international law enforcement agencies. mnemonic's MSS department delivers our market-leading security monitoring service, based on our proprietary platform Argus. Our network of IDS sensors, other log sources and listening points is the largest in the Nordic region. By compiling information from this network with several external information sources, we get a unique understanding of the local and global threat landscape. This group is working on research and development in MSS. R&D coordinates and manages mnemonic's participation in external research and innovation projects, and develops new methods and tools for use in mnemonic. If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. In R&D, you will get the opportunity to work with a wide range of tasks, for example: We are looking for someone that: If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. If you have publications or other works that you think represents your technical skills or ability to communicate in Norwegian or English, please attach or refer to these as well. Email us at and write “MSS-RD” in the subject field. Add a text about why you are right for the job, and your CV. We use Semac AS for background checks in our recruitment process. It is an advantage if you qualify for a Norwegian security clearance. di|To top li|Work with research and innovation projects. Design and develop new methods and tools to support analysis and management of security incidents. Present research results at conferences and workshops. Contribute ideas for improving existing services. Contribute ideas for and development of new services and business areas. Contribute with articles and input within your own field of study. Participate in operational missions, such as event management and incident response. Has strong analytical skills. Is self-driven and independent. Is creative and able to find new solutions to problems. Is critical and able to find weak points in existing and proposed solutions. Has a broad experience within the information security field, especially detection, analysis, event handling and threatening direction. Has experience from development of scalable systems. Has experience from analysis of large amounts of data. Has the ability to translate abstract results into concrete code. Has experience from research and innovation projects. A work environment focusing on professional development and continuous learning, training and gaining new certifications. A unique and experienced workplace with more than 180 security specialists working on some of the most challenging and exciting problems within information security. Competitive terms including a collective bonus scheme for all employees. A solid and profitable corporate economy providing resources for development and innovation. For the past eight years, mnemonic has been ranked among Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! st|About mnemonic About mnemonic Security Services (MSS) About Research and Development (R&D) Tasks and responsibilities Experience and qualifications What we can offer How do I apply? Background check h1|Researcher sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Watch recordings of our past webinars, and stay updated on upcoming topicsJoin us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. Organisations are faced with a complex and ever-evolving list of risks and threats, constantly demanding time, manpower and updated know-how. How can we approach this challenge in an efficient way, while at the same time making sure we continue to stay ahead of our adversaries?Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. di|To top h1|Webinars sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search 6 MAY SECURITY REPORT WEBINAR Read more about the event 6 MAY SECURITY REPORT WEBINAR Read more about the event 20 APR SECURITY REPORT WEBINAR Read more about the event 20 APR SECURITY REPORT WEBINAR Read more about the event 8 APR SECURITY REPORT WEBINAR Read more about the event 8 APR SECURITY REPORT WEBINAR | THE US Read more about the event 25 MAR WEBINAR | THE NETHERLANDS Read more about the event 18 MAR SECURITY REPORT WEBINAR Read more about the event 18 MAR SECURITY REPORT WEBINAR | THE US Read more about the event 9 MAR SECURITY REPORT WEBINAR Read more about the event +47 2320 4700 pa|Our Technical Presale group is a part of our department for (MDR) / Managed Security Services (MSS). As a part of this group, you will participate in presale-cases both in Norway and in Europe. We are always on the lookout for talent. If you are skilled in the technical inner workings of an MDR solution and enjoy presale, send us an . di|To top h1|Presale sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|MSI-DEV aims to develop custom solutions where out-of-the-box products are not enough to cover the customer’s needs. Through the combined knowledge of technology, products and experience of MSI, this group provide code in the form of scripts or programs in order to integrate third party systems and mnemonic’s Argus delivery, seamlessly. MSI-DEV is a flexible group, aiming for fast delivery and quick adoption of new technologies. We work with everything from designing new solutions, to frontend and backend development and tap into almost all aspects of development. This leaves us with varied workdays. In addition to development, the group also work with most of the products and solutions the other sub-groups of MSI are involved with. Vacancies: di|To top h1|MSI-DEV sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Denne gruppen jobber med forskning og utvikling. R&D-gruppen koordinerer og leder mnemonics deltagelse i eksterne , og utvikler nye metoder og verktøy til bruk i mnemonic. di|Til toppen h1|R&D h2|Stillingsannonser sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Gruppen leverer informasjon og etterretningsprodukter til mnemonics overvåknings- og responstjeneste, kunder og eksterne samarbeidspartnere. Vi opplever svært stor etterspørsel etter våre tjenester, og er til enhver tid på utkikk etter dyktige mennesker. Vi søker nye konsulenter og analytikere i teamet som utfører trusseletterretning, granskning av sikkerhetshendelser, malware-analyse og forensics. di|Til toppen h1|TI (Threat Intelligence) h2|Stillingsannonser: sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Watch recordings of our past webinars, and stay updated on upcoming topicsJoin us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021.Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. Organisations are faced with a complex and ever-evolving list of risks and threats, constantly demanding time, manpower and updated know-how. How can we approach this challenge in an efficient way, while at the same time making sure we continue to stay ahead of our adversaries?Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. Join us in our webinar series wherepresent some of the major findings from our Security Report 2021. di|Til toppen h1|Webinars sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk 6 MAI SECURITY REPORT WEBINAR Les mer om arrangementet 6 MAI SECURITY REPORT WEBINAR Les mer om arrangementet 20 APR SECURITY REPORT WEBINAR Les mer om arrangementet 20 APR SECURITY REPORT WEBINAR Les mer om arrangementet 8 APR SECURITY REPORT WEBINAR Les mer om arrangementet 8 APR SECURITY REPORT WEBINAR | THE US Les mer om arrangementet 25 MAR WEBINAR | THE NETHERLANDS Les mer om arrangementet 18 MAR SECURITY REPORT WEBINAR Les mer om arrangementet 18 MAR SECURITY REPORT WEBINAR | THE US Les mer om arrangementet 9 MAR SECURITY REPORT WEBINAR Les mer om arrangementet +47 2320 4700 pa|Threat intelligence-based ethical red-teaming (TIBER) is a testing framework created by the European Central Bank in 2018, which provides guidance on conducting realistic simulated cyberattacks to test the cyber resilience of critical infrastructure. The framework was primarily created with the financial sector in mind, but is also appropriate for other critical sectors. It describes how authorities, organisations, threat intelligence providers, and red-team providers can work together to run an assessment, and obtain actionable information about the strengths and weaknesses of the target organisation. The TIBER framework is both provided as a general European standard (TIBER-EU), as well as national implementations (e.g. TIBER-DK, TIBER-NO). It is also closely related to the CBEST framework in the UK. Although a TIBER test contains elements of a Red Team assessment, it differentiates itself by having a separate phase where a dedicated threat intelligence provider performs an assessment on the target organisation, in order to create customised realistic attack scenarios that the Red Team will carry out. These attack scenarios may dictate the Red Team to simulate known threat actors, and adopt all their known techniques, tactics, and procedures (TTPs). The three phases of a TIBER test are similar to that of a standard Red Team assessment, but are then further split into six sub-parts. These sub-parts are there to provide standardised and measurable approaches that can be audited by a governing organisation. For more information about TIBER-EU, we refer to the European Central Bank's mnemonic has the capability to deliver both the threat intelligence and Red Team services required for a TIBER assessment. These capabilities are performed by different departments internally, and can be made to cooperate or work independently without communications, depending on the needs of the assessment. The detailed approach will depend on the specific TIBER framework applicable. For example, the Norwegian Financial Supervisory Authority, together with the Norwegian Central Bank, are currently in the process of establishing a TIBER-NO framework, but this is not yet in place. Conversely, TIBER-DK is in place and initial assessments are being carried out within this framework. As mnemonic has conducted security and penetration tests ever since the company was founded in 2000, we have some of the most experienced and knowledgeable consultants in the Nordics in this area. Several of the consultants have experience from TIBER or similar threat intelligence based redteaming engagements, for large multinational enterprises. Throughout a TIBER test, mnemonic will draw on a diverse team with broad technical expertise, in order to provide realistic adversary simulation of the capabilities of known threat actors and APT groups. mnemonic has a mature Threat Intelligence practice, which is organised in a separate department of more than 15 FTE's, and has experience providing threat intelligence to multiple customers. As part of a TIBER test, their role is to prepare a Targeted Threat Intelligence Report which details attack scenarios and other inputs to the Red Team. The Targeted Threat Intelligence Report will be based on the generic threat landscape as well as multiple additional information sources. A typical Threat Intelligence team will consist of 3 consultants, an engagement lead, an OSINT specialist, and a technical specialist. Manager Risk Services di|To top h1|Threat Intelligence-Based Ethical Red-teaming (TIBER) h2|TIBER versus Red Team exercise How mnemonic can assist your TIBER test mnemonic as Red Team provider mnemonic as Threat Intelligence provider Contact me for more information h3|Need more information? sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Vårt nettverk av IDS-sensorer, andre loggkilder og lyttepunkter er det største i Norden. Ved å sammenstille informasjon fra dette nettverket med flere eksterne informasjonskilder har vi en unik forståelse av det lokale og globale trussellandskapet. Denne gruppen jobber med å analysere trafikkmønstre og systemlogger, samt drifte og videreutvikle tjenester basert på ulike kommersielle og "open source" sikkerhetsprodukter innen nettverk, som blant annet IDS og IPS. di|Til toppen h1|NSA h2|Stillingsannonser: sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats. Our expert team of security consultants, product specialists, threat researchers, incident responders and ethical hackers, combined with our Argus security platform ensures we stay ahead of advanced cyberattacks and protect our customers from evolving threats. Acknowledged by Gartner as a notable vendor in delivering Managed Security Services, threat intelligence and advanced targeted attack detection, we are among the largest IT security service providers in Europe, the preferred security partner of the region’s top companies and a trusted source of threat intelligence to Europol and other law enforcement agencies globally. With intelligence-driven managed security services, 200+ security experts and partnerships with leading security vendors, mnemonic enables businesses to stay secure and compliant while reducing costs. di|To top h1|Who is mnemonic sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|In this year's report, you can read about our predictions for 2021, and observations from our 24x7 Security Operations Center The report includes articles written by our security experts about and topics: di|To top li|Security predictions 2021 2020: observations and statistics from the mnemonic SOC Lessons learned from COVID-19 Building an Enterprise Security Architecture Reducing the risk of insider threats Unsanctioned remote and third-party access New paradigms for security threats in modern cloud applications Third-party dependencies in development st|Get your copy today! h1|Security Report 2021 sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|We provide the best suitable security products with the best possible maintenance and support services. Our high standing with our technology partners provides our customers with the attention needed to quickly resolve issues. We have more than 15 years experience in supplying the right technology and products within IT and information security to best suit our customers' needs. All security products need maintenance and care to perform at their best in ever-changing, complex environments. We provide you with the help you need to get the most out of your investments. When incidents occur due to problems in security products, our experienced and certified team are available 24x7 to help you resolve any issues and get back to business. Manager Products and Support di|To top h1|Products and Support h2|Security products and Support Life Cycle Management Premium Support Want to know more about our professional services? Technology Partners sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Read more about the event Read more about the event Read more about the event +47 2320 4700 pa|As a company processing personal data about European citizens, mnemonic complies to the provisions of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"). This Privacy Notice governs Personal Information mnemonic collect from our For more information, contact our DPO. mnemonic has focused on implementing fair information practices that are designed to protect your privacy. mnemonic takes precautions to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. mnemonic has implemented appropriate technical and organizational measures to protect the information systems on which your personal information is stored. mnemonic require our suppliers and service providers to protect your personal information by contractual means. . Your personal data is stored in data centers in Norway. mnemonic will not retain the personal data for a longer period than is necessary to achieve the purpose for which the data was collected. mnemonic may disclose your personal information to: For more specific disclosures, please click on the specific activities above. In the event mnemonic goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users' personal information will, in most instances, be part of the assets transferred. According to GDPR, the data subject has the right to: i. obtain from mnemonic confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data; ii. obtain from mnemonic the rectification of inaccurate personal data concerning you; iii. obtain from mnemonic the erasure of your personal data; iv. obtain from mnemonic restriction of processing regarding your personal data; v. obtain from mnemonic a copy of personal data concerning you, which you actively provided, in a structured, commonly used and machine-readable format and to request from mnemonic that we transmit those data to another recipient selected by you; vi. object, on grounds relating to your particular situation, to processing of personal data concerning you; vii. withdraw your consent to the processing at any time; and viii. lodge a complaint with a supervisory authority (in Norway: Datatilsynet). Should you require to exercise one or more of the above rights, please contact our Data Protection Officer (as described below) outlining your request and requirements. The consequence if you don't provide us with the necessary information, or require that such information is deleted, is that mnemonic may not be able to provide its services to you. mnemonic has no direct relationship with the data subjects whose personal information may be processed by our managed security services. Data subjects who are in contract with our customers may exercise their rights by following their company/employer specific routines. For information regarding cookies on our website, please see our mnemonic reserves the right to change this Privacy Notice at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. Please check this page periodically for changes. Your continued use of the services following the posting of changes to this policy will mean you accept those changes. If you have any questions or other reasons for contacting mnemonic in regards to your data privacy, please contact our Data Protection Officer at di|To top li|Public authorities, if mnemonic is required to do so i.e. by applicable court order or law; or Any recipient, with your consent, such as for employment verification or background check; or Any recipient when reasonably necessary such as in the event of a life-threatening emergency. st|Roles and scope Marketing Our vendors and service providers Securing your information Storing your information and retention period Disclosing your information Exercising your privacy rights Cookies Changes to the policy How can you contact us h1|Privacy Notice sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search customers. It also governs information provided directly by online visitors on our website, as well as information automatically collected from cookies. In this notice, you will find information about the different activities where mnemonic may process personal data. Personal data in this context means data that relates to an individual and that identifies that individual, either directly or indirectly, such as your name or your contact information. mnemonic as (‘’mnemonic’’) is considered the data controller for the processes Marketing (including our website), Recruitment and Security Services. However, mnemonic is considered as data processor when delivering Managed Security Services. For more details on how and why we process personal data for a specific process, see the following notices: mnemonic uses vendors for some of our processes. For more information on which, who, and why, please click on the specific notices above. Information collected from visitors on our website for marketing and recruitment purposes, will be destroyed in accordance with mnemonic's data retention policies for those processes. Please see the specific notices above for more information. +47 2320 4700 em|If your company/employer uses mnemonic services pa|Vi har kontorer i Oslo, Stavanger, Stockholm, Haag, London og Palo Alto. mnemonic as Henrik Ibsens gate 100 0255 Oslo Norge Telefon (+47) 2320 4700 E-post Besøksadresse: mnemonic ab Borgarfjordsgatan 6c Kista Sverige Postadresse: mnemonic ab Box 1073 164 25 Kista Sverige Telefon (+46) 08 444 8990 E-post WTC Business Center Prinses Margrietplantsoen 33 2595 AM The Hague The Netherlands E-post mnemonic Cybersecurity Level 39 One Canada Square, Canary Wharf London E14 5AB UK Telefon (+44) 203 973 0036 E-post mnemonic 470 Ramona Street Palo Alto, CA, 94301 USA Email store virksomheter i Norge benytter mnemonic av sikkerhetsvarslene er bekreftet korrekte hendelser blir prosessert daglig di|Til toppen h1|Kontakt oss h2|Hovedkontor Stockholm Haag London Palo Alto av prosent milliarder sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk SE-164 55 5 7 98 +29 +47 2320 4700 pa|We are looking for senior consultant for our technical team mnemonic is the Nordic region’s leading IT and information security company, offering a unique combination of services and solutions. mnemonic currently has more than 200 employees, and we are rapidly growing both in Norway and internationally. For the eight consecutive year, we are ranked as one of Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! We are working side by side some of Europe’s most important organisations in the fight against cyber attacks, and we are actively participating in reputable research programs both in Europe and globally. mnemonic is also a trusted source of threat intelligence information to Europol and other international law enforcement agencies. Technical Risk Services is a consulting department assisting customers in understanding the technical risks and the vulnerabilities in their IT portfolios. Among other things, we do penetration and security testing, technical audits, and source code analysis on existing solutions, and establish architecture, processes, and tools to help defend new solutions. We are looking for experienced candidates who combine technical expertise and academic dedication with business understanding and communication skills. You have worked for a while with security or within related disciplines, and want to develop your professional profile further and become a trusted advisor within the security profession. Maybe you have already worked with security for a number of years? You can also be a developer who is passionate about creating more secure solutions and building your own testing tools, a sysadmin with experience from complex IT environments, a technical architect who has worked with security in major development projects, or a security analyst that solves "Capture the Flag" competitions as a hobby. Anyways, you understand how technology works, you pick things apart and put them back together afterwards, and work hands-on to solve demanding problems in creative ways. As a Senior Consultant working with Application Security in TRS, you will get the opportunity to work with a wide range of tasks, for example: We are looking for someone that: If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. If you have publications or other works that you think represents your technical skills or ability to communicate in Norwegian or English, please attach or refer to these as well. Email us at and write “TRS-SecDevOps” in the subject field. Add a text about why you are right for the job, and your CV. We use Semac AS for background checks in our recruitment process. It is an advantage if you qualify for a Norwegian security clearance. di|To top li|Perform vulnerability analyses and penetration tests of web applications, API and mobile apps. Perform code revision and analyse code for zero-days. Establish processes and create technical tools for secure development and DevSecOps. Establish processes and create technical tools for security testing and handling vulnerabilities. Be a part of the development team as a “Security Champion”. Give advice on security architecture and solution design. Assist in procurement processes and outsourcing. Assist with the establishment of cloud solutions and migration, and establish routines for secure operation. Establish and development internal test and automation tools. Has relevant certifications from infosec and pentesting. Enjoys working hands-on with technology, picking things apart to understand how they work. Has experience with security related work within agile development, DevOps/DevSecOps, Cloud, microservices, serverless computing, automation, and relevant technologies. Works structurally and independently, and takes responsibility for his or her own deliveries. Has experience implementing, assessing, operating, or developing in a DevOps environment. Has experience with modern DevOps tooling and technologies, including but not limited to: Kubernetes Gitlab, Azure devOps, AWS devOps ecosystem, etc. Public Cloud(AWS or Azure) Infrastructure as code (IaC) Developing in cloud environments Has knowledge or experience securing DevOps pipeline infrastructure. Has experience building a DevOps pipeline from the ground up. Has experience using or implementing common security tools in DevOps pipelines, including but not limited to: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Image scanning Dependency scanning Interactive application security testing (IAST) Wants to further develop their security skills and become an expert in his or her field. Has the ability to clearly communicate complex technical information, verbally and in writing. Has consultancy experience. Offensive Security Certified Professional (OSCP) GIAC Web Application Penetration Tester (GWAPT) Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK) General project and method certifications (ITIL, ISTQB, PRINCE2, Scrum, etc.) CISSP, CISA An environment focusing on professional development and continuous learning, training and gaining new certifications. A unique and experienced workplace with more than 200 security specialists working on some of the most challenging and exciting problems within information security. Competitive terms including a collective bonus scheme for all employees. A solid and profitable corporate economy providing resources for development and innovation. For the past eight years, mnemonic has been ranked among Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! st|About mnemonic About Technical Risk Services (TRS) Who are we looking for? Tasks and responsibilities Expectations and qualifications Relevant certifications What we can offer How do I apply? Background check h1|Senior Consultant, SecDevOps sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|We are looking for Senior Consultants for our Governance, Risk & Compliance department mnemonic is the Nordic region’s leading IT and information security company, offering a unique combination of services and solutions. mnemonic currently has more than 200 employees, and we are rapidly growing both in Norway and internationally. For the eight consecutive year, we are ranked as one of Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! We are working side by side some of Europe’s most important organisations in the fight against cyber attacks, and we are actively participating in reputable research programs both in Europe and globally. mnemonic is also a trusted source of threat intelligence information to Europol and other international law enforcement agencies. In GRC, we work with our customers on the management of digital processes, security management, risk management and strategy, as well as compliance with privacy and security requirements. Working in GRC means you get to be close to decision makers, and you will be considered a reliable sparring partner in strategic decisions. In the GRC department you get the opportunity to work on projects and services across all disciplines in mnemonic. As a security consultant in GRC, you will get the opportunity to work with a wide range of tasks, for example: We are looking for someone that: If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. If you have publications or other works that you think represents your technical skills or ability to communicate in Norwegian or English, please attach or refer to these as well. Email us at and write “GRC-Cloud” in the subject field. Add a text about why you are right for the job, and your CV. We use Semac AS for background checks in our recruitment process. It is an advantage if you qualify for a Norwegian security clearance. di|To top li|Establish and develop security architecture. Perform risk assessments in mitigation projects. Work as a project leader for large security implementation projects. Has experience with information security related risk, management and / or compliance. Is analytical and able to find pragmatic solutions to complex problems. Wants to create value for the many organisations you work with. Understands how security issues affect an organisation holistically. Is able to familiarise themselves with and communicate complex issues to non-technical people. Is self-driven and result-oriented. Wants to maintain and further develop their professional skills. Certificate of Cloud Security Knowledge (CCSK) Certified Cloud Security Professional (CCSP) SABSA Security Architect related certifications e.g. SCF AWS security related certifications Azure security related certifications A work environment focusing on professional development and continuous learning, training and gaining new certifications. A unique and experienced workplace with more than 200 security specialists working on some of the most challenging and exciting problems within information security. Competitive terms including a collective bonus scheme for all employees. A solid and profitable corporate economy providing resources for development and innovation. For the past eight years, mnemonic has been ranked among Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! st|About mnemonic About Governance, Risk & Compliance (GRC) Tasks and responsibilities Experience and qualifications Relevant certifications What we can offer How do I apply? Background check h1|Security Consultant, Cloud sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Denne gruppen jobber med logganalyseløsninger for å avdekke eksterne trusler og internt misbruk av data. Dette stiller store krav til løsningene som samler inn og analyserer logger. Vi ser etter flere dyktige konsulenter som kan hjelpe våre kunder å designe og forvalte løsninger som effektivt understøtter sikkerhetsmonitorering og hendelseshåndtering. di|Til toppen h1|Logganalyse h2|Stillingsannonser: sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Here you can find our whitepapers where our security experts share from their experiences How the COVID-19 outbreak may impact your overall security posture and eight steps to reduce the risk di|To top h1|Whitepapers sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Do you want to offer 24/7 (MDR) services to your customers? The market is growing fast and Gartner projects that by 2024, 40% of midsize enterprises will use MDR as their only managed security service. The Argus Partner Program is designed to enable partners to quickly enter this growing market with a high-quality, proven service offering without the hefty investments in R&D, technology and people. As an Argus Partner, you will enjoy a straightforward and flexible program, backed by a team who has been delivering these advanced services for over a decade. Grow predictable, long-term recurring revenue with minimal operational investment Argus Partners can immediately enter the rapidly growing MDR market with a mature, proven and competitive service Our partnership is supported with lead generation activities and co-funded collaboration on marketing activities Enjoy full protection on registered opportunities – first come first served Receive commercial and technical training for your team and sales support to jointly turn prospects into customers Engage in new opportunities, expand your presence at existing customers and strengthen client relationships Partner Account Manager di|To top li|Protect your customers and expand your service offering with MDR services Complement your security portfolio with vendor agnostic MDR services Build a recurring revenue stream and help your customers detect and respond to threats 24/7 Enhance managed security services with flexible and adaptable MDR services st|Increase recurring revenue: Immediately go-to-market: Co-marketing opportunities: Deal protection: Training and sales support: Complement your portfolio: MSPs and hosting providers: System integrators: Professional service providers: MSSPs: h1|Partner Program h2|Why become an Argus Partner? Who should become an Argus Partner? Want to become an Argus partner? Argus partners sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 di|Til toppen Daglig leder og gründer Økonomidirektør Avdelingsleder, mnemonic Security Services (MSS) Avdelingsleder, Governance, Risk & Compliance (GRC) Leder, Risk Services Leder, Infrastruktur Leder, mnemonic System Integration (MSI) Leder, Busines Development & Contracts Salgssjef Markedssjef h1|Ledelse h2|Tønnes Ingebrigtsen Line Kloster Erik Alexander Løkken Gjermund Vidhammer Andreas Furuseth Lars Are Aschim Jon-Finngard Moe Kåre Magne Almåsbakk Richard Jensen Andrew Facchini sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Vi fører de mest avanserte og best tilpassede sikkerhetsproduktene på markedet, og kombinerer dem med erfaring, kunnskap og ekspertise i våre vedlikehold- og supporttjenester. Vår høye partnerstatus hos våre teknologipartnere gir våre kunder umiddelbar oppmerksomhet som gjør at problemer løses fort. Vi har betydelig erfaring i å formidle sikkerhetsteknologi innen IT- og informasjonssikkerhet. Over tid har vi bygget en omfattende portfolio av produkter vi tilbyr. Våre erfarne konsulenter kan hjelpe deg når uforutsette hendelser oppstår med bakgrunn i sikkerhetsprodukter. Alle produkter trenger oppfølging og vedlikehold for å gjøre jobben den er satt til å gjøre i et miljø i stadig utvikling. Dette krever tid og kompetanse, noe våre erfarne konsulenter kan tilby. Våre erfarne konsulenter kan hjelpe deg når uforutsette hendelser oppstår med bakgrunn i sikkerhetsprodukter. Gruppeleder Produkt og support di|Til toppen h1|Produkt og Support h2|Sikkerhetsprodukter og support Life Cycle Management Premium Support Vil du vite mer om våre konsulenttjenester? sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet +47 2320 4700 pa|mnemonic is a cloud provider to our customers and our infrastructure supports our own and our customers' needs for a stable and secure operating platform with high quality, performance and uptime in all aspects of the delivery. mnemonic's network of IDS sensors, log sources and listening points is the largest in the Nordic region. As part of Infrastructure, you are responsible for ensuring that this sensor network is operational at all times. At the time we do not have any vacancies, but feel free to send us an . di|To top h1|Infrastruktur sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Operations is known for quick response and skillful handling of all customer enquiries. We work with operations, support, and lifecycle management on cyber security products. This can be stand-alone solutions for larger customers, or as part of a larger service delivery. We also operate a network operations center (NOC). Everyone in our group has extensive product knowledge and has undergone training in order to assist with incident response. If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. Operations is also looking for part-time employees, read more . di|To top h1|Operations h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Vi søker forskere til mulighet i vår avdeling for Forskning og utvikling mnemonic er Nordens ledende selskap innen IT- og informasjonssikkerhet med en unik sammensetning av tjenester og løsninger. Selskapet er i dag over 200 ansatte, og vi vokser raskt i Norge og internasjonalt. I tillegg har vi år etter år blitt rangert som en av Norges og Europas beste arbeidsplasser av Great Place to Work. De siste to årene har vi gått av med seieren i vår kategori i Norge! mnemonic jobber daglig med skarpe hendelser, side om side med Europas viktigste organisasjoner i kampen mot cyberangrep. Vi deltar aktivt i anerkjente forskningsprosjekter og er en betrodd kilde til Europol og andre globale politimyndigheter. MSS-avdelingen leverer mnemonics markedsledende tjeneste for sikkerhetsmonitorering, basert på vår egenutviklede plattform, Argus. Vårt nettverk av IDS-sensorer, andre loggkilder og lyttepunkter er det største i Norden. Ved å sammenstille informasjon fra dette nettverket med flere eksterne informasjonskilder har vi en unik forståelse av det lokale og globale trussellandskapet. Du vil jobbe i MSS’ gruppe for forskning og utvikling. Denne gruppen jobber med forskning og utvikling i MSS. R&D koordinerer og leder mnemonics deltagelse i eksterne forsknings- og innovasjonsprosjekter, og utvikler nye metoder og verktøy til bruk i mnemonic. Dersom du føler du innehar mange av kvalifikasjonene vi etterspør, men føler at profilen i seg selv er spisset, er du velkommen til å sende en åpen søknad til vår forskningsgruppe. I R&D-gruppen vil du få muligheten til å jobbe med en rekke varierte arbeidsoppgaver, for eksempel: Vi ser etter noen som kjenner seg igjen i flere av følgende punkter: Dersom du føler du innehar mange av kvalifikasjonene vi etterspør, men føler at profilen i seg selv er for spisset, er du velkommen til å sende en åpen søknad. Et unikt og erfarent miljø, med over 200+ sikkerhetsspesialister som daglig jobber med noen av de mest utfordrende og spennende faglige problemstillingene innen informasjonssikkerhet. De siste åtte årene har mnemonic ligget i toppen av kåringen av Norges og Europas beste arbeidsplasser i regi av Great Place to Work. De siste årene har vi vunnet vår kategori i Norge! Vi benytter oss av Semac AS til bakgrunnssjekk i vår rekrutteringsprosess og stillingen krever politiattest med god vandel. Det er en fordel om du kan sikkerhetsklareres etter sikkerhetsloven til HEMMELIG. Send en søknad til og inkluder taggen "MSS-RD" i emnet på e-posten. Legg ved en beskrivelse av hvorfor nettopp du passer for jobben, samt CV. Dersom du har publikasjoner eller andre verker du mener representerer dine faglige kunnskaper, eller evner til å kommunisere skriftlig på norsk eller engelsk, kan du gjerne legge ved eller henvise til disse i tillegg. Søknader vil bli behandlet forløpende. di|Til toppen li|Arbeide i forsknings- og innovasjonsprosjekter. Designe og utvikle nye metoder og verktøy til støtte for analyse og håndtering av sikkerhetshendelser. Presentere forskningsresultater på konferanser og workshops. Bidra med ideer til forbedring av eksisterende tjenester. Bidra med ideer til og utvikling av nye tjenester og forretningsområder. Bidra med artikler og innspill innen eget fagfelt. Delta i operative oppdrag, for eksempel hendelseshåndtering. Sterke analytiske evner. Selvstendig og selvdreven. Kreativ, evne til å finne nye løsninger på problemer. Kritisk, evne til å finne svake punkter i eksisterende og foreslåtte løsninger. Bred erfaring innen informasjonssikkerhet, spesielt deteksjon, analyse, hendelseshåndtering og trusseletterretning. Erfaring fra utvikling av skalerbare systemer. Erfaring fra analyse av store datamengder. Evne til å oversette abstrakte resultater til konkret kode. Erfaring fra forsknings- og innovasjonsprosjekter. Fokus på faglig utvikling, kontinuerlig opplæring, kursing og sertifiseringer. Konkurransedyktige betingelser med kollektiv bonus til alle ansatte. En solid og lønnsom selskapsøkonomi som gir ressurser til utvikling og innovasjon. Fokus på trivsel og sosiale arrangementer. st|Om mnemonic Om mnemonic Security Services (MSS) Om Forskning og Utvikling (R&D) Arbeidsoppgaver Ønsket erfaring og kvalifikasjoner Hva kan vi tilby? Bakgrunnssjekk Hvordan søker jeg? h1|Forsker sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Threat intelligence-based ethical red-teaming (TIBER) is a testing framework created by the European Central Bank in 2018, which provides guidance on conducting realistic simulated cyberattacks to test the cyber resilience of critical infrastructure. The framework was primarily created with the financial sector in mind, but is also appropriate for other critical sectors. It describes how authorities, organisations, threat intelligence providers, and red-team providers can work together to run an assessment, and obtain actionable information about the strengths and weaknesses of the target organisation. The TIBER framework is both provided as a general European standard (TIBER-EU), as well as national implementations (e.g. TIBER-DK, TIBER-NO). It is also closely related to the CBEST framework in the UK. Although a TIBER test contains elements of a Red Team assessment, it differentiates itself by having a separate phase where a dedicated threat intelligence provider performs an assessment on the target organisation, in order to create customised realistic attack scenarios that the Red Team will carry out. These attack scenarios may dictate the Red Team to simulate known threat actors, and adopt all their known techniques, tactics, and procedures (TTPs). The three phases of a TIBER test are similar to that of a standard Red Team assessment, but are then further split into six sub-parts. These sub-parts are there to provide standardised and measurable approaches that can be audited by a governing organisation. For more information about TIBER-EU, we refer to the European Central Bank's mnemonic has the capability to deliver both the threat intelligence and Red Team services required for a TIBER assessment. These capabilities are performed by different departments internally, and can be made to cooperate or work independently without communications, depending on the needs of the assessment. The detailed approach will depend on the specific TIBER framework applicable. For example, the Norwegian Financial Supervisory Authority, together with the Norwegian Central Bank, are currently in the process of establishing a TIBER-NO framework, but this is not yet in place. Conversely, TIBER-DK is in place and initial assessments are being carried out within this framework. As mnemonic has conducted security and penetration tests ever since the company was founded in 2000, we have some of the most experienced and knowledgeable consultants in the Nordics in this area. Several of the consultants have experience from TIBER or similar threat intelligence based redteaming engagements, for large multinational enterprises. Throughout a TIBER test, mnemonic will draw on a diverse team with broad technical expertise, in order to provide realistic adversary simulation of the capabilities of known threat actors and APT groups. mnemonic has a mature Threat Intelligence practice, which is organised in a separate department of more than 15 FTE's, and has experience providing threat intelligence to multiple customers. As part of a TIBER test, their role is to prepare a Targeted Threat Intelligence Report which details attack scenarios and other inputs to the Red Team. The Targeted Threat Intelligence Report will be based on the generic threat landscape as well as multiple additional information sources. A typical Threat Intelligence team will consist of 3 consultants, an engagement lead, an OSINT specialist, and a technical specialist. Leder Risk Services di|Til toppen h1|Threat Intelligence-Based Ethical Red-teaming (TIBER) h2|TIBER versus Red Team exercise How mnemonic can assist your TIBER test mnemonic as Red Team provider mnemonic as Threat Intelligence provider Contact me for more information h3|Need more information? sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|This group is working on the development of mnemonic's proprietary platform Argus, which forms the basis of our service delivery. Argus is tailored to deliver our services and is the tool both our analysts and customers use on a daily basis. We are integrating more and more of our products and services into the platform, and are constantly working to improve the platform's capabilities. If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an di|To top h1|Development h2|Vacancies sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|We are looking for security consultants for our Governance, Risk & Compliance department mnemonic is the Nordic region’s leading IT and information security company, offering a unique combination of services and solutions. mnemonic currently has more than 200 employees, and we are rapidly growing both in Norway and internationally. For the eight consecutive year, we are ranked as one of Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! We are working side by side some of Europe’s most important organisations in the fight against cyber attacks, and we are actively participating in reputable research programs both in Europe and globally. mnemonic is also a trusted source of threat intelligence information to Europol and other international law enforcement agencies. In GRC, we work with our customers on the management of digital processes, security management, risk management and strategy, as well as compliance with privacy and security requirements. Working in GRC means you get to be close to decision makers, and you will be considered a reliable sparring partner in strategic decisions. In the GRC department you get the opportunity to work on projects and services across all disciplines in mnemonic. As a Security Consultant in GRC, you will get the opportunity to work with a wide range of tasks, for example: We are looking for someone that: If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. If you have publications or other works that you think represents your technical skills or ability to communicate in Norwegian or English, please attach or refer to these as well. Email us at and write “GRC-Privacy” in the subject field. Add a text about why you are right for the job, and your CV. We use Semac AS for background checks in our recruitment process. It is an advantage if you qualify for a Norwegian security clearance. di|To top li|Give advise related to GDPR in compliance projects. Evaluate breach of privacy consequences (Data Protection Impact Assessment - DPIA). Help our customers understand and comply with the requirement of built-in privacy in practice. Has experience with information security related risk, management and / or compliance. Is analytical and able to find pragmatic solutions to complex problems. Wants to create value for the many organisations you work with. Understands how Is able to familiarise themselves with and communicate complex issues to non-technical people. Is self-driven and result-oriented. Wants to maintain and further develop their professional skills. Certified Information Privacy Professional/Europe (CIPP/E) Certified Information Privacy Manager (CIPM) Certified Information Privacy Technologist (CIPT) A work environment focusing on professional development and continuous learning, training and gaining new certifications. A unique and experienced workplace with more than 200 security specialists working on some of the most challenging and exciting problems within information security. Competitive terms including a collective bonus scheme for all employees. A solid and profitable corporate economy providing resources for development and innovation. For the past eight years, mnemonic has been ranked among Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! st|About mnemonic About Governance, Risk & Compliance (GRC) Tasks and responsibilities Experience and qualifications Relevant certifications What we can offer How do I apply? Background check h1|Security Consultant, Privacy sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. How the security features in state-of-the-art TLS inspection solutions can be exploited for covert data exfiltration This blog post describes how we discovered a new stealthy method of data exfiltration that specifically bypasses network security solutions such as web proxies, next generation firewalls (NGFW), and dedicated solutions for TLS interception and inspection. Our testing validates that this is a widespread issue that affects different types of security solutions as well as solutions from a variety of vendors. We successfully tested our technique against products from F5 Networks, Palo Alto Networks and Fortinet, and speculate that many other vendors also are susceptible. By using our exfiltration method , we found that we can bypass a security solution performing TLS inspection, even when the Command & Control (C2) domain we use is blocked by common reputation and threat prevention features built into the security solutions themselves. In short, we found that solutions designed to protect users, introduced them to a new vulnerability. We have also developed mitigation techniques, including signatures available for download, as described below. For many years both of us have designed security architecture around network man-in-the-middle devices such as web proxies, firewalls and load balancers. This playground often piques our curiosity, and this time it made us want to look at a few solutions from an attacker’s perspective. We decided to investigate how network security solutions handled the TLS’ Server Name Indication (SNI) field for categorising and blocking bad URLs/hostnames (more on the SNI field later). Our initial goal was to simply test if we could bypass these security solutions by inserting a legitimate hostname in the SNI field and sending the traffic to a domain categorised as a bad domain. However, this didn’t pan out as all the security solutions we tested verified that the subject-cn of the server certificate matched the value in the SNI sent by the client. If it didn’t match, the traffic was blocked. It was worth trying, at least. This initial experiment made us aware that the TLS Client Hello packet always reached the destination server, even if it was categorised as a bad URL/domain by the security solution. The solution only blocked the session the TLS handshake had been completed, but not earlier. We then decided to play with the idea that we could leverage this unidirectional stream to exfiltrate data and bypass network security features, and therefore be able to send data to a known bad domain/host. Modern network security solutions that perform TLS inspection often have a functionality called . Basically, the security solution can forward a copy of the decrypted traffic to a mirror port, which is commonly connected to an IDS that can now inspect the once encrypted traffic. This is all well and good from a security monitoring perspective. However, we discovered that devices connected to the mirror port do not receive the TLS handshake at all, opening up a new way of performing stealthy exfiltration utilising the TLS Client Hello. Because of the way the security solutions described above behaved, we realised that we could exfiltrate data utilising extensions of the Client Hello of the TLS protocol. We chose the SNI field as an exfiltration container because it was the one extension that was never manipulated or changed by any of the in-line security solutions. During the handshake process, the SNI is populated by a value provided by the client and instructs the server which hostname the client is trying to connect to, and what certificate it should present to the client. When utilising a security solution to actively allow or deny traffic based on what domain/URL the client is connecting to, this is usually how it works: We then conducted a quick proof of concept which proved we could misuse this field by injecting arbitrary data and successfully employing this once legitimate extension as a “smuggling container” through the security solutions, without the traffic being copied to a decryption mirror port. So far so good. We had demonstrated how we could send data out from a client. The next step was to find a way to control the client using a RAT (Remote Access Trojan) that could, in turn, leverage this new communication channel. As mentioned earlier, at this stage of testing the channel was only working one-way since every tested solution was blocking the returning traffic coming back from the server and that was obviously not an optimal scenario. We were stuck, and in need of a new way of letting the control server’s data pass back through the security solution. To overcome this hurdle, we built an interim out of band C2 based on Instagram, which employed embedded C2 control commands inside Instagram’s own comments section. This was enough to get a working demo which proved our theory correct, functional and hopefully extensible: we were able to remotely control the compromised host and selectively exfiltrate data. This result encouraged us to continue testing. Our next goal was to replace the Instagram component since social media websites are easily and often blocked by internal security policies, which would have interfered with our C2 communication. We continued pursuing an in-band alternative of establishing an end-to-end communication between the agent and the Command & Control server. After some more tinkering, we discovered a common denominator in every solution we tested. As long as the server presents a valid and trusted certificate during the TLS handshake, the security solution will always present an emulated version of that certificate to the client, signed by the solution’s built-in CA. This behaviour occurs even if the domain used is blacklisted by a reputation database (URL/domain categorisation). In addition, by serving a self-signed certificate from a server, the security solution either presents the client with an emulated self-signed certificate, or a simple TCP reset. On a very primitive communication channel, a basic response would only require a binary YES/NO capability, and we now have it: a valid, trusted certificate gives us a “YES”, and an untrusted, self-signed certificate gives us “NO”. We implemented this logic into our SNIcat tool. SNIcat comprises of two separate but interdependent components: The passive agent is equipped with various commands, including the ability to exfiltrate (i.e. upload) files to the server. It constantly loops between all the available commands and waits for the C2 server to select the desired one by leveraging the binary YES/NO capability mentioned earlier. With SNIcat, we extended this logic so that we could provide a minimal but effective standalone Command Line Interface (CLI). The CLI can offer basic file system navigation commands such as jumping between folders, listing files and, obviously, exfiltration. Here is the C2 CLI in action, where we use some of the built-in commands to navigate the file system and exfiltrate a file from the agent to the C2 server: While developing this offensive tool, we also worked on developing different ways to mitigate and detect this kind of attack, both from the endpoint and the security perimeter solution. We have had a good dialogue with the vendors whose products we tested, and the following suggestions have been shared with them. As a result, a few of the vendors have provided their own security advisory with their suggested work-arounds and/or fixes. Links to the advisories can be found in our reference section below. We also developed a very early-stage proof of concept of a ‘passiveSNI’ detection tool, conceptually similar to the well-known PassiveDNS application. It works by constantly monitoring and logging every TLS/Hello packet sent through any network socket interface. These generated logs can be gathered and analysed through a SIEM solution against any well-known signature or behavioural analytics. We speculate that more vendors than those mentioned in this blog post are susceptible to our SNIcat approach. Even though it would have been interesting to test every network security solution on the market, we had limited resources and scope this time around. We therefore advise vendors to test if their products are vulnerable to SNIcat. In addition, end users and enterprises may find it helpful to test their solutions with our PoC code that you can find on . Responsible disclosure procedures were followed per vendor policy. 25/2/2020 Disclosed to Palo Alto Networks Followed disclosure procedures per 26/2/2020 F5 Networks confirmed they received our report 27/2/2020 Palo Alto Networks confirmed they received our report 3/4/2020 Disclosed to Fortinet Followed disclosure procedures per 8/4/2020 Fortinet confirmed they received our report 16/4/2020 Received suggested work-around from F5 Networks Received a working iRule from F5 Networks, in order to mitigate SNIcat when used with known bad domains. 17/6/2020 Informed all vendors of the date we intended to publish. 12/8/2020 Published GitHub repo and blog post SNIcat was successfully able to bypass the following products and their respective software versions: Security advisory can be found here Security advisory can be found here The vulnerability will be fixed in 6.4.3 GA, with a tentative release in September. An advisory will be published by FortiGuard Labs after the release. Fortinet has made us aware that they are unable to push the fix in 6.4.3. We are awaiting more information Check Point has published signatures for detecting and blocking SNIcat in both their EDR solution and their NGFW: Sandblast Agent Threat Emulation ( CVE-2020-2035 CVE-2020-15936 di|To top td|Date Event Comments 24/2/2020 Disclosed to F5 Networks Followed disclosure procedures per li|A passive agent that should be dropped on the target and already compromised host. Its only goal is to connect back to the C2 and execute the provided commands. A C2 server which controls the agent from anywhere on the Internet. An Intrusion Detection System (IDS) could detect the anomalous SNI payload by redirecting the original TLS handshake, along with the decrypted traffic or as a separate stream, to any device configured to receive decrypted traffic (often called ). Performing heuristics on the Client Hello’s SNI: We have successfully used custom logic to perform an entropy check on the SNI field, and detect SNIcat by utilising this method. As long as the vulnerable products can log the SNI of every handshake, send it to a SIEM, or send the handshake itself to an IDS, one can detect SNIcat with good accuracy. Another mitigation we suggest is to reuse existing exfiltration signatures, such as DNS-signatures, on the SNI field. Also, by checking the length of the SNI field, one could check that it’s almost always 254 bytes during our misuse attacks (this is the maximum we were able to send per Client Hello, due to the limitations of a domain name character length). An alert could be generated when this value is matched. Before completing the server side’s TLS handshake, we recommend changing the blocked URL categories’ logic to match the SNI field and thus block/allow any session in case of a match occurring. This way the data in the malicious SNI will not be passed to the C2 if the site is already restricted by a URL category or if it is not matching an explicit whitelist. F5 BIG-IP running TMOS 14.1.2, with SSL Orchestrator 5.5.8 Palo Alto NGFW running PAN-OS 9.1.1 Fortigate NGFW running FortiOS 6.2.3 Trojan.Win.Snicat.A Trojan.Win.Snicat.B Trojan.Wins.Snicat.C Trojan.Wins.Snicat.D st|TL;DR Auditing the guardians after Decryption mirrors or Funhouse mirrors? 'I don't know why you say goodbye, I say Hello' - A digression on the TLS Hello packet Commands, but who controls them? Putting it all together – enter SNIcat What about mitigations? Conclusions Disclosure Timeline PRODUCTS SUCCESSFULLY BYPASSED WITH SNICAT References PoC code: F5 Networks: Palo Alto Networks: Fortinet: Check Point: CVE h1|mnemonic Labs SNIcat: Circumventing the guardians sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 em|Written by Morten Marstrander and Matteo Malvica, Security Researchers, mnemonic Update 08.10.2020: After publishing, the researchers have been invited to present these findings at Black Hat Europe, read more . SNIcat decryption mirroring Detection in the security perimeter decryption mirroring blocked Detection on the Endpoint (Updated 27.10.2020). Updated 30.11.2020). pa|In this year's report, you can read about our predictions for 2021, and observations from our 24x7 Security Operations Center The report includes articles written by our security experts about and topics: di|Til toppen li|Security predictions 2021 2020: observations and statistics from the mnemonic SOC Lessons learned from COVID-19 Building an Enterprise Security Architecture Reducing the risk of insider threats Unsanctioned remote and third-party access New paradigms for security threats in modern cloud applications Third-party dependencies in development st|Get your copy today! h1|Security Report 2021 sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|As a company processing personal data about European citizens, mnemonic complies to the provisions of the European Union General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"). This Privacy Notice governs Personal Information mnemonic collect from our For more information, contact our DPO. mnemonic has focused on implementing fair information practices that are designed to protect your privacy. mnemonic takes precautions to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. mnemonic has implemented appropriate technical and organizational measures to protect the information systems on which your personal information is stored. mnemonic require our suppliers and service providers to protect your personal information by contractual means. . Your personal data is stored in data centers in Norway. mnemonic will not retain the personal data for a longer period than is necessary to achieve the purpose for which the data was collected. mnemonic may disclose your personal information to: For more specific disclosures, please click on the specific activities above. In the event mnemonic goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, users' personal information will, in most instances, be part of the assets transferred. According to GDPR, the data subject has the right to: i. obtain from mnemonic confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data; ii. obtain from mnemonic the rectification of inaccurate personal data concerning you; iii. obtain from mnemonic the erasure of your personal data; iv. obtain from mnemonic restriction of processing regarding your personal data; v. obtain from mnemonic a copy of personal data concerning you, which you actively provided, in a structured, commonly used and machine-readable format and to request from mnemonic that we transmit those data to another recipient selected by you; vi. object, on grounds relating to your particular situation, to processing of personal data concerning you; vii. withdraw your consent to the processing at any time; and viii. lodge a complaint with a supervisory authority (in Norway: Datatilsynet). Should you require to exercise one or more of the above rights, please contact our Data Protection Officer (as described below) outlining your request and requirements. The consequence if you don't provide us with the necessary information, or require that such information is deleted, is that mnemonic may not be able to provide its services to you. mnemonic has no direct relationship with the data subjects whose personal information may be processed by our managed security services. Data subjects who are in contract with our customers may exercise their rights by following their company/employer specific routines. For information regarding cookies on our website, please see our mnemonic reserves the right to change this Privacy Notice at any time to reflect changes in the law, our data collection and use practices, the features of our services, or advances in technology. Please check this page periodically for changes. Your continued use of the services following the posting of changes to this policy will mean you accept those changes. If you have any questions or other reasons for contacting mnemonic in regards to your data privacy, please contact our Data Protection Officer at di|Til toppen li|Public authorities, if mnemonic is required to do so i.e. by applicable court order or law; or Any recipient, with your consent, such as for employment verification or background check; or Any recipient when reasonably necessary such as in the event of a life-threatening emergency. st|Roles and scope Marketing Our vendors and service providers Securing your information Storing your information and retention period Disclosing your information Exercising your privacy rights Cookies Changes to the policy How can you contact us h1|Privacy Notice sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk customers. It also governs information provided directly by online visitors on our website, as well as information automatically collected from cookies. In this notice, you will find information about the different activities where mnemonic may process personal data. Personal data in this context means data that relates to an individual and that identifies that individual, either directly or indirectly, such as your name or your contact information. mnemonic as (‘’mnemonic’’) is considered the data controller for the processes Marketing (including our website), Recruitment and Security Services. However, mnemonic is considered as data processor when delivering Managed Security Services. For more details on how and why we process personal data for a specific process, see the following notices: mnemonic uses vendors for some of our processes. For more information on which, who, and why, please click on the specific notices above. Information collected from visitors on our website for marketing and recruitment purposes, will be destroyed in accordance with mnemonic's data retention policies for those processes. Please see the specific notices above for more information. +47 2320 4700 em|If your company/employer uses mnemonic services pa|Interested in ? Do you want to become part of information security environment? Do you like the idea of ​​securing customers, both public and private? Do you like to pick things apart? ? Do you enjoy losing yourself in analytical work? Do you want to work with incident response? Analys data traffic? Have you worked with infrastructure? Implementation? Architecture? Are you ? Privacy? Risk? Project Management? Want to do research? Using machine learning on large datasets to do work? Have you done log analysis before? Heard of Splunk? IDS? IPS? Been part of a CERT? CSIRT? ? Does threat intelligence sound exciting? Experience with reverse engineering? ? Security monitoring and analysis? Send an application to and include the tag "Open application" in the subject field. Include a description of why YOU are a great fit for mnemonic, as well as you CV. Head of Recruitment di|To top st|information security Europe's most exciting Finding errors passionate about frameworks groundbreaking IRT Forensics h1|Open application h2|Any questions regarding a career in mnemonic? sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Interessert i ? Vil du bli en del av Europas mest spennende infossikkerhetsmiljø? Vil du jobbe med ? Liker du tanken av å trygge kunder, både statlige og private, for at alle skal få ? Liker du å plukke ting fra hverandre? ? Trives du med å fortape deg i ? Vil du lede ? Analysere datatrafikk? Har du jobbet med infrastruktur? Implementasjon? ? Brenner du for rammeverk? ? ? Prosjektledelse? Vil du ? ? Bruke på store datasett for å gjøre banebrytende arbeid? Har du gjort logganalyser før? Hørt om ? ? ? Vært del av et ? ? ? Høres spennende ut? Erfaring med ? ? Verktøyutvikling? Sikkerhetsmonitorering og analyse? Eller, er du rett og slett en på området? Send en søknad til og inkluder taggen «Åpen søknad» i emnet på e-posten. Legg ved en beskrivelse av hvorfor nettopp DU passer for jobben, samt CV. di|Til toppen st|informasjonssikkerhet skarpe saker en bedre hverdag Finne feil analytisk arbeid hendelseshåndtering Arkitektur Personvern Risikoanalyser forske Utvikle maskinlæring Splunk IDS IPS CERT CSIRT IRT trusseletterretning reverse engineering Forensics ringrev h1|Åpen søknad sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Vår presales-gruppe tilhører avdelingen som leverer tjenestene (MDR)/ Managed Security Services (MSS). Som en del av denne gruppen vil du ta del i presale-caser både i Norge og i Europa. Vi ser alltid etter topp talent. Hvis du har solide kjennskaper til det tekniske aspektet ved en MDR-løsning og trives med presale, send oss en di|Til toppen h1|Presale sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic is committed to building technology solutions and services to combat cybercrime. Since 2003, we have cooperated with academia, government and industry to drive cybersecurity innovation and adapt to the evolving threat landscape. With more than 10% of our total man-hours invested into R&D, we are devoted to progressing cybersecurity and protecting the digital world. The industry is losing terrain against the cybercriminals and we need a game changer. The main goal for the ACT project is to develop a platform for digital threat intelligence to predict and uncover targeted cyberattacks, electronic espionage and sabotage. In the overwhelming majority of identified security incidents, there is no understanding of who the threat actor is, why they attack or how they operate. Most threat actors are never identified or held responsible for their actions, and promotes criminal behaviour that continues with little or no consequence. To help break this cycle and get ahead of our adversaries, we need digital threat intelligence that is structured, leverages automated analysis and is shared. This observation provides the motivation for sponsoring a Ph.D. candidate and their research on Threat Ontologies for Cybersecurity Analytics (TOCSA). Oslo Analytics develops advanced analytical methods based on big data analysis, subjective logic and Bayesian modelling to gain a deep situational awareness and understanding of security incidents. Headed by the Center for Cyber and Information Security (CCIS), Ars Forensica is a global research effort between the academia, the IT security industry and law enforcement focused on improving the investigation and prosecution of cybercrime. Among the partners are mnemonic, the United Nations, Europol, Norwegian National Criminal Investigation Services (Kripos), the Norwegian Police University College, and universities throughout the United States, Japan and the Netherlands. The industry is losing terrain against the cybercriminals and we need a game changer. The main goal for the ACT project is to develop a platform for digital threat intelligence to predict and uncover targeted cyberattacks, electronic espionage and sabotage. di|To top h1|Research and Development h2|Semi-Automated Cyber Threat Intelligence Threat Ontologies for Cybersecurity Analytics (TOCSA) Oslo Analytics ArsForensica Passive DNS Secure DNS Semi-Automated Cyber Threat Intelligence Threat Intelligence Newsletter Research Partners sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event +47 2320 4700 pa|Here you can find our whitepapers where our security experts share from their experiences How the COVID-19 outbreak may impact your overall security posture and eight steps to reduce the risk di|Til toppen h1|Whitepapers sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 di|Til toppen mnemonic has been ISO 9001 certified since January 2013 mnemonic has been ISO/IEC 27001 certified since 2005 Being among the best places to work in Europe requires commitment. Our employees are by far our most valuable asset. We are proud to have created a culture and working environment that attracts highly skilled people. mnemonic is certified according to the certification scheme Eco-Lighthouse. h1|Sertifiseringer h2|ISO 9001 certified ISO IEC 27001 certified Great Place To Work Eco-lighthouse sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Do you want to offer 24/7 (MDR) services to your customers? The market is growing fast and Gartner projects that by 2024, 40% of midsize enterprises will use MDR as their only managed security service. The Argus Partner Program is designed to enable partners to quickly enter this growing market with a high-quality, proven service offering without the hefty investments in R&D, technology and people. As an Argus Partner, you will enjoy a straightforward and flexible program, backed by a team who has been delivering these advanced services for over a decade. Grow predictable, long-term recurring revenue with minimal operational investment Argus Partners can immediately enter the rapidly growing MDR market with a mature, proven and competitive service Our partnership is supported with lead generation activities and co-funded collaboration on marketing activities Enjoy full protection on registered opportunities – first come first served Receive commercial and technical training for your team and sales support to jointly turn prospects into customers Engage in new opportunities, expand your presence at existing customers and strengthen client relationships Partneransvarlig di|Til toppen li|Protect your customers and expand your service offering with MDR services Complement your security portfolio with vendor agnostic MDR services Build a recurring revenue stream and help your customers detect and respond to threats 24/7 Enhance managed security services with flexible and adaptable MDR services st|Increase recurring revenue: Immediately go-to-market: Co-marketing opportunities: Deal protection: Training and sales support: Complement your portfolio: MSPs and hosting providers: System integrators: Professional service providers: MSSPs: h1|Partner Program h2|Why become an Argus Partner? Who should become an Argus Partner? Ønsker du å bli en Argus partner? Argus Partnere sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|As part of an ongoing collaboration with the digital consumer rights team at the Norwegian Consumer Council, two researchers from mnemonic have carried out an in-depth investigation into how mobile applications share data with third parties for advertising purposes. The results show that personal data is shared widely within the advertising ecosystem. mnemonic has carried out an in-depth investigation of 10 well-known and widely used mobile apps on the Android platform, which were selected for analysis by the Norwegian Consumer Council. The apps cover several highly personal topics, such as dating, religion, and health. The research has aimed to document current practices and increase the understanding of how user data is collected and shared within the mobile advertising industry. There are significant differences between mobile ads and traditional web advertising due to the way that apps are built and run, and the availability of sensors such as GPS. The use of a specific app, including how often and for how long it is used, can in itself give significant information about the end user. Our test results document that a significant amount of user data is being shared by the apps with third parties in the advertising industry. Key findings include: The extensive data collection documented, in combination with the use of persistent identifiers, enables the creation of comprehensive profiles on individual consumers. In many cases, the information shared by the apps can be used to infer attributes such as sexual orientation and religious belief. “The purpose of the testing has been to increase our understanding of the mobile advertising ecosystem. In particular, we have aimed to identify some of the main actors collecting user data from our sample set of apps, understand the type and frequency of data flows, and examine the specific information that is being transmitted”, says Andreas Claesson, lead researcher on the project. “We were quite surprised by the amount of data sharing occurring”, his project partner Tor E. Bjørstad adds. “A key motivation for this project has been that data collection, sharing, and processing within the advertising industry on mobile platforms is poorly understood. We hope that this work documenting the current industry practices will help start a debate on how user data is collected and used for mobile advertising”. For questions or media requests, please contact Read more about “Out of control” here: di|To top li|The ten apps were observed communicating with at least 135 distinct third-party companies involved in advertising and/or behavioural profiling The Android advertising ID, which allows advertisers to track a specific device across different services, was transferred to at least 45 different third parties involved in advertising and/or behavioural profiling. All of the apps shared the advertising ID with multiple third parties, and all except one shared additional data. Additional data sharing included elements such as exact GPS location, IP address, device information, and personal attributes including gender and age. Amongst the apps tested, Grindr and Perfect365 particularly stood out for sharing significant amounts of data with a large number of advertising partners. h1|“Out of control”: Advertisers receive large amounts of personal data from popular mobile apps sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 di|To top SNIcat: when security features in TLS inspection devices introduce new vulnerabilites The new office in The Hague will serve customers throughout the Benelux region Great Place to Work® ranks mnemonic as a Best Workplace on European listing Joining forces to strengthen cybersecurity in the Netherlands with mnemonic’s proprietary (MDR) service Argus mnemonic wins first place for second year in a row! mnemonic is closely monitoring the development of the COVID-19 virus. We have contingency plans in place covering this type of scenario, and we test these plans annually to ensure our routines and processes function optimally. As part of an ongoing collaboration with the digital consumer rights team at the Norwegian Consumer Council, two researchers from mnemonic have carried out an in-depth investigation into how mobile applications share data with third parties for advertising purposes. The results show that personal data is shared widely within the advertising ecosystem. h1|2020 h2|mnemonic presenting at Black Hat Europe mnemonic continues expansion: opens office in the Netherlands mnemonic named one of the Best Workplaces in Europe mnemonic and EYE announce partnership mnemonic joins Amazon Web Services for launch of AWS Marketplace in Norway mnemonic named as best workplace in Norway by Great Place to Work Information on COVID-19 “Out of control”: Advertisers receive large amounts of personal data from popular mobile apps sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 di|Til toppen SNIcat: when security features in TLS inspection devices introduce new vulnerabilites The new office in The Hague will serve customers throughout the Benelux region Great Place to Work® ranks mnemonic as a Best Workplace on European listing Joining forces to strengthen cybersecurity in the Netherlands with mnemonic’s proprietary (MDR) service Argus mnemonic wins first place for second year in a row! mnemonic is closely monitoring the development of the COVID-19 virus. We have contingency plans in place covering this type of scenario, and we test these plans annually to ensure our routines and processes function optimally. As part of an ongoing collaboration with the digital consumer rights team at the Norwegian Consumer Council, two researchers from mnemonic have carried out an in-depth investigation into how mobile applications share data with third parties for advertising purposes. The results show that personal data is shared widely within the advertising ecosystem. h1|2020 h2|mnemonic presenting at Black Hat Europe mnemonic continues expansion: opens office in the Netherlands mnemonic named one of the Best Workplaces in Europe mnemonic and EYE announce partnership mnemonic joins Amazon Web Services for launch of AWS Marketplace in Norway mnemonic named as best workplace in Norway by Great Place to Work Information on COVID-19 “Out of control”: Advertisers receive large amounts of personal data from popular mobile apps sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Director of Sales Richard has been with mnemonic since 2010 and holds the position Director of Sales. He has a Master in Marketing from BI Norwegian School of Management. Before joining mnemonic, Richard has held positions within IT sales and management. di|To top h1|Richard Jensen sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Does your organisation have the capabilities to detect and stop real-life threat actors from compromising your network? Conducting a Red Team assessment from mnemonic will let you find out. Modern threat actors are constantly developing new methods of attacking and compromising organisations. Red Team exercises are specifically performed with this in mind, with the end goal of simulating a real-life attack to assess the detection and response capabilities of an organisation as a whole. This approach does not only include targeting vulnerabilities and misconfigurations found in technical solutions, but also the people and processes that govern them. To achieve this, the exercise is made as realistic as possible by having few scope limitations and a wide timeframe so that the Red Team operators will have the potential to go undetected by the defenders or Blue Team. Further, there will only be a handful of people in the organisation, known as the White Team, that have knowledge of the exercise. The White Team will be in close dialogue with the Red Team, so that the learnings of the exercise are maximised, in addition to making sure that organisations daily operations are not impacted. Every mnemonic Red Team exercise is different and tailored after the client’s organisation and underlying critical infrastructure. The methodology of a mnemonic Red Team engagement is outlined by the following six phases: *occurs continuously in parallel In the event that the Red Team’s operations are not detected, and are able to exfiltrate the pre-defined target information without being noticed by the Blue team, the operators can purposely increase the “noise” and set off alarms in order to invoke the organisations incident response routines. At the end of the engagement, the client is given a detailed report describing observations made during each stage of the exercise, while also outlining the complete attack chain and how to break it. Throughout the engagement, mnemonic maintains detailed logs of the actions performed, with the goal of making the whole exercise repeatable in case of a re-test or workshop with the client’s Blue Team. Such a workshop may also be expanded into a "Purple Team" exercise, where the Red Team works in close collaboration with Blue Team in order to do a real time demonstration of the attacks, with the goal of learning how to detect, prevent, and respond to attacks, and develop the client’s monitoring capabilities. A Red Team assessment is a supplement to, rather than a substitute for regular penetration testing. Organisations who request Red Team assignments usually have penetration tests performed regularly both on internal and external infrastructure, as well as more in-depth security test on specific software systems that they run. An alternative to a Red Team engagement are Threat intelligence-based ethical red-teaming (TIBER) assessments, which increases the realism further by building more heavily on threat intelligence and adversarial simulation. Manager Risk Services di|To top li|Initial reconnaissance Initial compromise Establishing persistence* Internal Reconnaissance* Lateral movement and privilege escalation* Compromise pre-defined targets and exfiltration of information Wider scope, evaluating the organisation’s security posture and resilience Aims for realism and demonstration of impact, rather than quality assurance and verification Tests the organisations ability to detect and respond to attacks May allow the organisation to practice incident response procedures and capabilities Relies more heavily on custom tools developed at mnemonic h1|Red teaming h2|How a Red Team engagement differs from a regular penetration test Contact me for more information h3|Need more information? sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Learn more about mnemonic's services by reading our solution briefs Gain visibility into your exposures and secure your digital assets Detect and respond to threats targeting your endpoints and servers Empower your users to prevent email threats Let the trusted expert team operate your core security systems di|To top h1|Solution briefs sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about. Listen on other podcast platforms here: We’re continuing our new miniseries about privacy with cyber security researcher Hanna Linderstål. Hanna is the Founder and CEO of Earhart Business Protection Agency, a company providing research for governments and organisations on disinformation and online threats. Do you know what your favourite apps are doing with your data? And who exactly are these entities that are capitalising on selling this kind of information? We’re kicking off our new miniseries about privacy with investigative journalist Martin Gundersen. We’re continuing our Operational Technology (OT) miniseries where we look into the security challenges in the OT space.This time, Robby is joined by Nicholas Burnet and Guido Villacis from EDF Energy, Europe’s largest nuclear provider di|To top st|Episodes h1|mnemonic security podcast sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search We’re continuing our miniseries about privacy with Edwin Doyle, Delegate & Constituent for the World Economic Forum Taskforce on Data Intermediaries, and Global Security Strategist at Check Point. Read more For this episode, Robby has invited Korstiaan Stam, Digital Forensics & Incident Response Manager in PwC Netherlands, to pick his brain about Business Email Compromise (BEC). Read more Read more Read more This episode, Robby welcomes John Todd, Executive Director of the non--profit organisation Quad9. Quad9 is a free, recursive DNS solution that partners with threat intelligence providers from all over the world to block websites that try to harm our computers (through things like malware, spyware, botnets, phising sites, etc.). Read more . Read more We're kicking off 2021 with a timely conversation about software security, this time with two individuals that are more than qualified for the job - Dr. Daniela S. Cruzes and Espen Johansen. Read more For our last episode in 2020, Robby is joined by Mitchell Impey, ICS Security Analyst at the Danish Energy and Telecommunications company Norlys. Read more Ready to time travel through the last 20 years of security monitoring? To guide us we have Dr. Anton Chuvakin, recognized security expert and the man behind EDR! Read more For podcast guest this week is a veteran in the IT space in the financial sector, and has extensive experience communicating security postue to stakeholders. Erik Blomberg, CISO in the Swedish Handelsbanken, chats with Robby about what management really is wondering about, and how to communicate the value your security team is delivering to the organization. Read more For this episode, Robby welcomes Morten Weea from mnemonic’s Threat Intelligence team. Morten is a PhD candidate researching decision-making in incident response and an experienced Incident Handler that often works with advanced persistent threats (APTs). Read more For this episode, we're happy to have Sebastian Takle from the DNB Financial Cyber Crime Center (FC3) with us to share how one of the largest banks in the Nordics work with Threat Intelligence. Read more For this episode, Robby has invited a veteran to the software security game. Nick Murison, Security Practice Lead at Miles. Read more . We're continuing our Operational Technology (OT) miniseries where we look at the security challenges in the OT space. This time around, Robby's invited a fellow security podcaster and former Head of Forensics at Volvo, Rikard Bodforss. Read more In this episode, Robby talk to the former Director of the national communications and secure agency in the Netherlands, Job Kuijpers, and his colleague and trusted advisor for Threat Intelligence. You'll hear about the most common misconceptions about threat intelligence and how much and what should be automated in threat intelligence - and what shouldn't. Read more This time, Robby has invited his most recent online friendship and the uncrowned king of open source, Simon Simonsen, to the podcast. Simon also happens to have a lot of experience developing and utilising security architecture defense strategies, or as he calls it; utilising your home court advantage. Read more . How can we prove cybersecurity effectiveness? With USD 124 billion being spent worldwide on IT security last year alone, it's no wonder this is a question many would like the answer to. However, finding a quantitative metric to evaluate security investments, outside of positive effects like diminishing risks and reducing the amount of bad things happening, is not straight forward. Read more . For this Norwegian episode of the mnemonic security podcast, Robby and co-host for the day, Manager of Governance, Risk & Compliance at mnemonic, Gjermund Vidhammer, are joined by two major actors in the Norwegian cyber landscape: Robin Bakke, Specialist Director for Cyber Security at the Ministry of Justice & Public Security, and Bente Hoff, Director National Cyber Security Center (NCSC) at the Norwegian National Security Authority (NSM). Read more In this episode, Robby is joined by Jeff Barto. He is Chief Security Officer at a large hedge fund in the US, has worked in security for over 20 years and has a lot of experience asking himself the question "how much data is enough?". Read more In this episode, Robby chats with someone that's had a lot to do with KPIs, both in his position as former Head of government CERT in Denmark (GovCERT), as well as a SOC analyst for more than 10 years. Read more Who better to continue our Operational Technology (OT) miniseries with than KraftCERT, the Norwegian Energy and Control System CERT. Read more For this episode, Robby has invited two experts that see privileged access management (PAM) from two different viewpoints. Read more In this episode, we continue our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This time, Robby chats with PhD Andrea Carcano on the importance of visibility in OT environments. Read more In this episode, Robby chats with Erlend Gjære, CO-founder and CEO of Secure Practice, on how to turn an organisation's users into its last line of defense against email threats. Read more In this episode, Robby wants to know how a CISO handles the challenge of securing both IT and OT environments. Read more In this episode, Robby chats with two people from mnemonic that are highly passionate about microservices; security researcher Andreas Claesson and Head of Development of our Argus security platform, Joakim von Brandis. Read more In the second part of our mini series about SOAR, Robby chats with a gentleman that was referred to as The Godfather of SOAR in the first episode of the series. Read more In this episode, we chat with Tibor Földesi, Security Automation Analyst in Norlys, one of the largest Telco & Energy companies in Denmark. At Norlys, his main motivation is to get more time to enjoy his coffee, which directly correlates with his ability to automate what can be automated. Read more In this episode, we chat with people in charge of the healthcare and sensitive data collected in what is amongst the world's largest COVID-19 studies to date. Read more . In this episode, we chat with our friends in SailPoint, Equinor and the University of Copenhagen to hear their thoughts about the state of the market regarding Idenitity, Access and Governance. Read more . In this episode, we speak with a security expert that is actually willing to pay money to "hackers" - the Product Security Director in Visma, Espen Johansen. Read more . In this episode, we chat with the former Head of the SOC at the Norwegian National CERT, and current member of mnemonic’s Threat Intelligence team. She also happens to have a personal interest in the "Internet of Things" and medical devices. Read more . In this episode we chat with the CISO of consumer goods conglomerate Orkla - Antonio Martiradonna. Read more . In this episode we pick the brain of a Senior Vice President and CISO for a multinational insurance enterprise – Bjørn Watne of Storebrand. Read more . In this episode we chat with two of the main contributors to the #OutofControl report, Finn Myrstad, Digital Policy Director for the Norwegian Consumer Council and Tor Bjørstad, Application Security Lead in mnemonic. Read more . In this episode we chat with a cyber insurance underwriter for one of the largest insurance enterprises in the Nordics - Erlend Hjelle from Gjensidige. Read more . In this episode we chat with a hacker for hire aka pentester for mnemonic - Harrison Sand. Read more . In this episode we interview one of the founding fathers of the Argus platform - Joakim von Brandis. Read more . In this episode we chat with Angel Alonso, a CISO for hire and team lead for the Governance, Risk and Compliance department in mnemonic. Read more . In this interview we interview the boss of the SOC - Stig Nordby in mnemonic. Read more . In this episode we chat with PhD candidate, and former CISO for mnemonic - Siri Bromander. Read more . +47 2320 4700 pa|mnemonic hjelper virksomheter med å administrere og håndtere sine sikkerhetsrisikoer, beskytte sine data og forsvare seg mot trusler fra Internett. Vårt ekspertteam av sikkerhetskonsulenter, produktspesialister, trusseletterforskere, team av hendelseshåndterere og etiske hackere, kombinert med vår Argus sikkerhetsplattform sikrer at vi ligger i forkant av avanserte angrep fra Internett og beskytter våre kunder fra nye trusler. Gartner framhever mnemonic som en leverandør av Managed Security Services, og særlig trusseletterretning og tjenester for deteksjon av avanserte målrettede angrep. Vi er en av de største IT-sikkerhetstjenesteleverandøren i Europa, den foretrukne sikkerhetspartner av regionens største selskaper og en betrodd kilde til Europol og andre politimyndigheter globalt av informasjon fra vårt trusseletterretningsarbeid. Med våre innovative og smarte løsninger, 200+ sikkerhetseksperter og partnerskap med ledende sikkerhetsleverandører, gjør mnemonic det mulig for bedrifter å forbli sikret, og å overholde sine egne og eksterne sikkerhetskrav samtidig som de reduserer kostnadene. di|Til toppen h1|Hvem er mnemonic sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic, a leading provider of cybersecurity services, and AWS Marketplace announce mnemonic as one of the first AWS Marketplace Consulting Partners in Norway. The announcement coincides with AWS Marketplace officially enabling independent software vendors (ISVs) and consulting partners in Norway to transact with global customers. AWS Marketplace is a curated digital catalog where organisations can find, buy, deploy, and manage third-party software, data and services, and includes thousands of software listings from categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. mnemonic is the first Norwegian channel partner enabled to resell software from ISVs to customers via AWS Marketplace. By participating in this launch, mnemonic will also offer customers related services like support and implementation. mnemonic’s CEO Tønnes Ingebrigtsen welcomes the new launch and views it as a testament to AWS’ dedication to securing the cloud: “mnemonic is thrilled to participate in the launch of local ISVs and consulting partners in AWS Marketplace. mnemonic has a long history of securing our customers’ journey to the cloud, increasingly so through AWS. It only makes sense to streamline our processes further through AWS Marketplace.” He continues stating that the launch will be beneficial for customers in the Norwegian market: “As organisations continue to embrace the cloud, we are seeing a demand for consolidation of services. AWS and mnemonic customers will find that their processes from procurement to deployment are not only simplified, the platform is also already familiar to many, and will mean more flexibility for our customers.” Read more about the announcement . mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats. Our expert team of security consultants, product specialists, threat researchers, incident responders and ethical hackers, combined with our Argus security platform ensures we stay ahead of advanced cyberattacks and protect our customers from evolving threats. Acknowledged by Gartner as a notable vendor in delivering (MDR) services, threat intelligence and advanced targeted attack detection, we are among the largest IT security service providers in Europe, the preferred security partner of the region’s top companies and a trusted source of threat intelligence to Europol and other law enforcement agencies globally. With intelligence-driven managed security services, 200+ security experts and partnerships with leading security vendors, mnemonic enables businesses to stay secure and compliant while reducing costs. For 14 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 175 fully featured services for compute, storage, databases, networking, analytics, robotics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 76 Availability Zones (AZs) within 24 geographic regions, with announced plans for nine more Availability Zones and three more AWS Regions in Indonesia, Japan, and Spain. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs. To learn more about AWS, visit aws.amazon.com. di|To top st|Oslo, Norway – June 17 – About mnemonic About Amazon Web Services h1|mnemonic joins Amazon Web Services for launch of AWS Marketplace in Norway sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Denne gruppen jobber med utviklingen av mnemonics Argus-plattform som ligger til grunn for våre tjenesteleveranser. Argus er skreddersydd for å levere våre tjenester, og er det daglige arbeidsverktøyet til både våre analytikere og kunder. Vi integrerer stadig flere av våre produkter og tjenester med plattformen, og jobber kontinuerlig med å forbedre plattformens kapasiteter. di|Til toppen h1|Utvikling h2|STILLINGSANNONSER: sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Infrastruktur leverer IT-systemene som understøtter mnemonics markedsledende tjeneste for sikkerhetsmonitorering, basert på vår egenutviklede plattform Argus. mnemonic er en skyleverandør til våre kunder og vår infrastruktur skal understøtte våre egne og kunders behov for en stabil og sikker driftsplattform med høy kvalitet, ytelse og oppetid i alle ledd av leveransen. Dette betyr at vi har et bredt spekter av arbeidsoppgaver fordelt på alle lagene i OSI-modellen, fra drift og vedlikehold av serverrom, rigging, oppsett og feilsøking av hardware, design, konfigurering og drift av nettverk, operativsystemer og applikasjoner. Vi benytter i stor grad automatisering av arbeidsoppgaver for å oppnå stordriftsfordeler. Avdelingen drifter også en 24/7 bakvaktsordning. mnemonics nettverk av IDS-sensorer, loggkilder og lyttepunkter er det største i Norden. Som en del av Infrastruktur er du ansvarlig for at dette sensornettverket er operativt til enhver tid. Vi har for tiden ingen ledige stillinger, men send oss gjerne en . di|Til toppen h1|Infrastruktur sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|MSI-DEV jobber med utvikling av løsninger som krever tilpassing eller lignende fordi produktet rett ut av boksen ikke er nok til å dekke behovet til kunden. Gjennom inngående kunnskap om teknologi og produkt, samt erfaring fra MSIs arbeid, leverer denne gruppen kode i form av script og programmer som integrerer tredjepartssystemer og mnemonics Argus-løsning på en sømløs måte. MSI-DEV er en fleksibel gruppe som bistår kunden med rask levering, hurtig tilpasning av produkter og nye teknologier. Vi jobber med alt fra design av nye systemer, til front- og backend-utvikling, og alle andre stegen i utviklingsfasene. Dette gir varierte arbeidsdager. I tillegg til utvikling jobber denne gruppen med produkter og løsninger de andre gruppene i MSI er involvert i. Ledig stilling: di|Til toppen h1|Utvikling sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|We are looking for senior consultant for our technical team mnemonic is the Nordic region’s leading IT and information security company, offering a unique combination of services and solutions. mnemonic currently has more than 200 employees, and we are rapidly growing both in Norway and internationally. For the eight consecutive year, we are ranked as one of Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! We are working side by side some of Europe’s most important organisations in the fight against cyber attacks, and we are actively participating in reputable research programs both in Europe and globally. mnemonic is also a trusted source of threat intelligence information to Europol and other international law enforcement agencies. Technical Risk Services is a consulting department assisting customers in understanding the technical risks and the vulnerabilities in their IT portfolios. Among other things, we do penetration and security testing, technical audits, and source code analysis on existing solutions, and establish architecture, processes, and tools to help defend new solutions. We are looking for experienced candidates who combine technical expertise and academic dedication with business understanding and communication skills. You have worked for a while with security or within related disciplines, and want to develop your professional profile further and become a trusted advisor within the security profession. Maybe you have already worked with security for a number of years? You can also be a developer who is passionate about creating more secure solutions and building your own testing tools, a sysadmin with experience from complex IT environments, a technical architect who has worked with security in major development projects, or a security analyst that solves "Capture the Flag" competitions as a hobby. Anyways, you understand how technology works, you pick things apart and put them back together afterwards, and work hands-on to solve demanding problems in creative ways. As a Senior Consultant working with Application Security in TRS, you will get the opportunity to work with a wide range of tasks, for example: We are looking for someone that: If you have many of the qualifications we ask for, but feel that our current vacancies are too specific, you are welcome to submit an open application. If you have publications or other works that you think represents your technical skills or ability to communicate in Norwegian or English, please attach or refer to these as well. Email us at and write “TRS-SecDevOps” in the subject field. Add a text about why you are right for the job, and your CV. We use Semac AS for background checks in our recruitment process. It is an advantage if you qualify for a Norwegian security clearance. di|Til toppen li|Perform vulnerability analyses and penetration tests of web applications, API and mobile apps. Perform code revision and analyse code for zero-days. Establish processes and create technical tools for secure development and DevSecOps. Establish processes and create technical tools for security testing and handling vulnerabilities. Be a part of the development team as a “Security Champion”. Give advice on security architecture and solution design. Assist in procurement processes and outsourcing. Assist with the establishment of cloud solutions and migration, and establish routines for secure operation. Establish and development internal test and automation tools. Has relevant certifications from infosec and pentesting. Enjoys working hands-on with technology, picking things apart to understand how they work. Has experience with security related work within agile development, DevOps/DevSecOps, Cloud, microservices, serverless computing, automation, and relevant technologies. Works structurally and independently, and takes responsibility for his or her own deliveries. Has experience implementing, assessing, operating, or developing in a DevOps environment. Has experience with modern DevOps tooling and technologies, including but not limited to: Kubernetes Gitlab, Azure devOps, AWS devOps ecosystem, etc. Public Cloud(AWS or Azure) Infrastructure as code (IaC) Developing in cloud environments Has knowledge or experience securing DevOps pipeline infrastructure. Has experience building a DevOps pipeline from the ground up. Has experience using or implementing common security tools in DevOps pipelines, including but not limited to: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Image scanning Dependency scanning Interactive application security testing (IAST) Wants to further develop their security skills and become an expert in his or her field. Has the ability to clearly communicate complex technical information, verbally and in writing. Has consultancy experience. Offensive Security Certified Professional (OSCP) GIAC Web Application Penetration Tester (GWAPT) Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK) General project and method certifications (ITIL, ISTQB, PRINCE2, Scrum, etc.) CISSP, CISA An environment focusing on professional development and continuous learning, training and gaining new certifications. A unique and experienced workplace with more than 200 security specialists working on some of the most challenging and exciting problems within information security. Competitive terms including a collective bonus scheme for all employees. A solid and profitable corporate economy providing resources for development and innovation. For the past eight years, mnemonic has been ranked among Norway’s and Europe’s best workplaces by Great Place to Work. The last two years we’ve won our category! st|About mnemonic About Technical Risk Services (TRS) Who are we looking for? Tasks and responsibilities Expectations and qualifications Relevant certifications What we can offer How do I apply? Background check h1|Senior Consultant, SecDevOps sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Vi søker flere sikkerhetskonsulenter til Governance, Risk & Compliance mnemonic er Nordens ledende selskap innen IT- og informasjonssikkerhet med en unik sammensetning av tjenester og løsninger. Selskapet er i dag over 200 ansatte, og vi vokser raskt i Norge og internasjonalt. I tillegg har vi år etter år blitt rangert som en av Norges og Europas beste arbeidsplasser av Great Place to Work. De siste to årene har vi gått av med seieren i vår kategori i Norge! mnemonic jobber daglig med skarpe hendelser, side om side med Europas viktigste organisasjoner i kampen mot cyberangrep. Vi deltar aktivt i anerkjente forskningsprosjekter og er en betrodd kilde til Europol og andre globale politimyndigheter. I GRC jobber vi med utfordringer innen styring av digitale prosesser, sikkerhetsledelse, risikostyring og –strategi, samt etterlevelse av personvern- og sikkerhetskrav. Hos oss kommer man svært tett på beslutningstakerne, og man blir ansett som en pålitelig sparringspartner i strategiske beslutninger. I GRC-avdelingen får du mulighet til å levere prosjekter og tjenester på tvers av alle fagområder i mnemonic. Som sikkerhetskonsulent, Cloud i mnemonics GRC-avdeling vil du få muligheten til å jobbe med en rekke varierte arbeidsoppgaver: Dersom du føler du innehar mange av kvalifikasjonene vi etterspør, men føler at profilen i seg selv er for spisset, er du velkommen til å sende en . Et unikt og erfarent miljø, med over 200+ sikkerhetsspesialister som daglig jobber med noen av de mest utfordrende og spennende faglige problemstillingene innen informasjonssikkerhet. De siste åtte årene har mnemonic ligget i toppen av kåringen av Norges og Europas beste arbeidsplasser i regi av Great Place to Work. De siste årene har vi vunnet vår kategori i Norge! Vi benytter oss av Semac AS til bakgrunnssjekk i vår rekrutteringsprosess. Det er en fordel om du kan sikkerhetsklareres etter sikkerhetsloven til HEMMELIG. Send en søknad til og inkluder taggen «GRC-Cloud» i emnet på e-posten. Legg ved en beskrivelse av hvorfor nettopp du passer for jobben, samt CV. Dersom du har publikasjoner eller andre verker du mener representerer dine faglige kunnskaper, eller evner til å kommunisere skriftlig på norsk eller engelsk, kan du gjerne legge ved eller henvise til disse i tillegg. Søknader vil bli behandlet forløpende. di|Til toppen li|Etablere og utvikle sikkerhetsarkitektur. Gjøre risikovurderinger i migreringsprosjekter. Jobbe som prosjektleder for større sikkerhets-implementeringsprosjekter. Utdanning eller erfaring innen informasjonssikkerhet relatert til ett eller flere av fagområdene i stillingen (risk, governance og/eller compliance). Analytisk anlagt og evner å finne pragmatiske løsninger på komplekse problemer. Sterk kundeorientering og fokus på å skape verdi for organisasjonene du jobber med. God forståelse for hvordan sikkerhetsproblemstillinger påvirker en organisasjon helhetlig. I stand til å sette seg inn i, og formidle komplekse problemstillinger til personer med og uten sikkerhetsfaglig bakgrunn. Selvdrevet og resultatorientert, og motiveres av å jobbe med stor frihet og et sterkt fagmiljø i ryggen. Trives i en variert arbeidshverdag, og verdsetter egen faglig og personlig utvikling. Certificate of Cloud Security Knowledge (CCSK) Certified Cloud Security Professional (CCSP) SABSA Security Architect related certifications e.g. SCF AWS security related certifications Azure security related certifications Fokus på faglig utvikling, kontinuerlig opplæring, kursing og sertifiseringer. Konkurransedyktige betingelser med kollektiv bonus til alle ansatte. En solid og lønnsom selskapsøkonomi som gir ressurser til utvikling og innovasjon. Fokus på trivsel og sosiale arrangementer. st|Om mnemonic Om Governance, Risk & Compliance (GRC) Bakgrunnssjekk Hvordan søker jeg? h1|Sikkerhetskonsulent, Cloud h2|Arbeidsoppgaver Ønsket erfaring og kvalifikasjoner Relevante sertifiseringer Hva kan vi tilby? sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Download mnemonic's annual security reports where we share trends observed from our SOC, our predictions for the year ahead and analyses from our experts Are you looking for older reports? Contact us at di|To top st|Security Report 2021 h1|Security report sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|In this year's report we share our predictions for 2020, and the trends we observed from our 24x7 Security Operations Center. In mnemonic's annual Security Report we share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2020 also includes the guest article: * All fields are required di|To top li|Security predictions 2020 2019: A view from mnemonic's SOC Strategic Software Security Security Risk Management in Supply Chains: How to Avoid Unacceptable Risks Internet of Things and Its Firmware: A Tale of Memory Corruption Bugs The Last Piece of the Puzzle: Incident Readiness The Value of Outsourcing Detection and Response: Making Informed Security Decisions Integrating Security Controls within a DevOps Pipeline The NIS Directive: A Step in the Right Direction The Missing Link in Email Security by Erlend Andreas Gjære st|Download your complimentary copy today! h1|Security Report 2020 Download the Security Report 2020 sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter av valid e-mail address Please enter a valid entry. Minimum 2, max 40 characters. +47 2320 4700 pa|In this year's report we share our predictions for 2019, and the trends we observed from our 24x7 Security Operations Center. In mnemonic's annual Security Report we share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2019 also includes the guest articles: * All fields are required di|To top li|Security predictions: 2019 and beyond 2018: A view from mnemonic's SOC Security Gatekeeping in a DevOps World How EU is Getting Serious About Securing Critical Infrastructure Making an Agile Security Strategy The Semi-Automated Cyber Threat Intelligence (ACT) project Serverless Security On Cyber Defence - a study in failure by CISSP Jeffrey Barto Modern Crime: Expectations & Challenges by PhD Researcher Stig Andersen st|Download your complimentary copy today! h1|Security Report 2019 Download the Security Report 2019 sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter av valid e-mail address Please enter a valid entry. Minimum 2, max 40 characters. +47 2320 4700 pa|In this year's report we share our predictions for 2018, and the trends we observed from our 24x7 Security Operations Center. mnemonic releases our Security Report to share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2018 also includes the guest article: *All fields are required di|To top li|Security predictions: 2018 and beyond 2017: A view from mnemonic's SOC What is the (real) value of information security? The firewall in the new world of IT Securing your web applications in the cloud Turning GDPR into an opportunity Email fraud - how can we protect ourselves? Identity - is it the new security ? WatchOut! Consumer in the Internet of Things by Finn Myrstad at the Norwegian Consumer Council st|Download your complimentary copy today! h1|Security Report 2018 Download Security Report 2018 sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search perimeter challenges Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter av valid e-mail address Please enter a valid entry. Minimum 2, max 40 characters. +47 2320 4700 pa|In this year's report we share the trends we observed from our 24x7 Security Operations Center, and articles from industry-leading security experts. Each year mnemonic releases our Security Report to share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2017 also includes two guest articles: * All fields are required di|To top li|This year, organisations should expect in your company Users are statistically than any other day of the week against infrastructure occur Security predictions: 2017 and beyond 2016: A view from mnemonic's SOC The CISO's dilemma: responsibility cannot be outsourced Semi-automated Cyber Threat Intelligence (ACT) The human element of cyber attackers The rise of ransomware in 2016 Preventing the inevitable: the need for rapid detection and response Making your move: booting a persistent adversary off your network, , Head of Incident Response & Security Analystics, Telenor Personal data compliance management under the new GDPR, st|one confirmed security incident for every four users more likely to be involved in a malware related incident on a Tuesday or Wednesday 33% of attacks outside of regular office hours Download your complimentary copy today! h1|Security Report 2017 now available! Download the Security Report 2017 sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter a valid entry. Minimum 2, max 30 characters. Letters only. Please enter av valid e-mail address Please enter a valid entry. Minimum 2, max 40 characters. +47 2320 4700 bo|Findings include: pa|In this year's report we share our predictions for 2020, and the trends we observed from our 24x7 Security Operations Center. In mnemonic's annual Security Report we share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2020 also includes the guest article: * Alle felt er påkrevd di|Til toppen li|Security predictions 2020 2019: A view from mnemonic's SOC Strategic Software Security Supply Chain Security Risk Management: How to Avoid Unacceptable Risks Internet of Things and Its Firmware: A Tale of Memory Corruption Bugs The Last Piece of the Puzzle: Incident Readiness The Value of Outsourcing Detection and Response: Making Informed Security Decisions Integrating Security Controls within a DevOps Pipeline The NIS Directive: A Step in the Right Direction The Missing Link in Email Security by Erlend Andreas Gjære st|Download your complimentary copy today! h1|Security Report 2020 Last ned Security Report 2020 sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Vennligst fyll ut. Minimum 2, maks 30 tegn. Kun bokstaver. Vennligst fyll ut. Minimum 2, maks 30 tegn. Kun bokstaver. Vennligst skriv inn en gyldig e-postadresse Vennligst fyll ut. Minimum 2, maks 40 tegn. +47 2320 4700 pa|In this year's report we share our predictions for 2019, and the trends we observed from our 24x7 Security Operations Center. In mnemonic's annual Security Report we share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2019 also includes the guest articles: * Alle felt er påkrevd di|Til toppen li|Security predictions: 2019 and beyond 2018: A view from mnemonic's SOC Security Gatekeeping in a DevOps World How EU is Getting Serious About Securing Critical Infrastructure Making an Agile Security Strategy The Semi-Automated Cyber Threat Intelligence (ACT) project Serverless Security On Cyber Defence - a study in failure by CISSP Jeffrey Barto Modern Crime: Expectations & Challenges by PhD Researcher Stig Andersen st|Download your complimentary copy today! h1|Security Report 2019 Last ned Security Report 2019 sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Vennligst fyll ut. Minimum 2, maks 30 tegn. Kun bokstaver. Vennligst fyll ut. Minimum 2, maks 30 tegn. Kun bokstaver. Vennligst skriv inn en gyldig e-postadresse Vennligst fyll ut. Minimum 2, maks 40 tegn. +47 2320 4700 pa|In this year's report we share our predictions for 2018, and the trends we observed from our 24x7 Security Operations Center. mnemonic releases our Security Report to share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2018 also includes the guest article: di|Til toppen li|Security predictions: 2018 and beyond 2017: A view from mnemonic's SOC What is the (real) value of information security? The firewall in the new world of IT Securing your web applications in the cloud Turning GDPR into an opportunity Email fraud - how can we protect ourselves? Identity - is it the new security ? WatchOut! Consumer in the Internet of Things by Finn Myrstad at the Norwegian Consumer Council st|Download your complimentary copy today! h1|Security Report 2018 sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk perimeter challenges +47 2320 4700 pa|In this year's report we share the trends we observed from our 24x7 Security Operations Center, and articles from industry-leading security experts. Each year mnemonic releases our Security Report to share insight from our team of security experts and Security Operations Center. Topics from this year's report include: Security Report 2017 also includes two guest articles: * All fields are required di|Til toppen li|This year, organisations should expect in your company Users are statistically than any other day of the week against infrastructure occur Security predictions: 2017 and beyond 2016: A view from mnemonic's SOC The CISO's dilemma: responsibility cannot be outsourced Semi-automated Cyber Threat Intelligence (ACT) The human element of cyber attackers The rise of ransomware in 2016 Preventing the inevitable: the need for rapid detection and response Making your move: booting a persistent adversary off your network, , Head of Incident Response & Security Analystics, Telenor Personal data compliance management under the new GDPR, st|one confirmed security incident for every four users more likely to be involved in a malware related incident on a Tuesday or Wednesday 33% of attacks outside of regular office hours Download your complimentary copy today! h1|Security Report 2017 now available! Download the Security Report 2017 sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Vennligst fyll ut. Minimum 2, maks 30 tegn. Kun bokstaver. Vennligst fyll ut. Minimum 2, maks 30 tegn. Kun bokstaver. Vennligst skriv inn en gyldig e-postadresse Vennligst fyll ut. Minimum 2, maks 40 tegn. +47 2320 4700 bo|Findings include: pa|SECURITY REPORT WEBINARApplication development for public cloud infrastructure is the new norm. Whether this is because of the speed of development and the lack of infrastructure maintenance, the native automation capabilities in cloud environments, or a variety of other factors, it is safe to say that application development in the cloud is here to stay. This leads to the question: what new security considerations are there for cloud-native applications? In his recently published Security Report article , Cody Burkard explores this question in detail. Join us in our 6-part wherepresent some of the major findings from our recently published . The topics include; from building an Enterprise Security Architecture, to unsanctioned remote and third-party access and security threats in modern cloud applications. Cody Burkard, Senior Cloud Security Consultant, mnemonic In this webinar, Cody will explore in technical detail how cloud-based threats impact application security in the cloud and how to model cloud-based threats against applications. He will also give hands-on recommendations on how to navigate this for security professionals from both the offense and defence side. : English : 4/5 Interested in some of our other webinars? Read more about and sign up for the other Security Report webinars . Get your copy of our Security Report ! Timezone: CET (GMT +1) di|To top st|Cloud is not just somebody else’s computer Join us for our webinar Thursday the 6th of May at 09:00-09:40 CET. Are you looking for this webinar in a US timezone? You can find registration and more details . Security Report webinar series webinar series Security Report 2021 Language Technical level here here h1|New paradigms for security threats in modern cloud applications h2|Agenda sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. How the security features in state-of-the-art TLS inspection solutions can be exploited for covert data exfiltration This blog post describes how we discovered a new stealthy method of data exfiltration that specifically bypasses network security solutions such as web proxies, next generation firewalls (NGFW), and dedicated solutions for TLS interception and inspection. Our testing validates that this is a widespread issue that affects different types of security solutions as well as solutions from a variety of vendors. We successfully tested our technique against products from F5 Networks, Palo Alto Networks and Fortinet, and speculate that many other vendors also are susceptible. By using our exfiltration method , we found that we can bypass a security solution performing TLS inspection, even when the Command & Control (C2) domain we use is blocked by common reputation and threat prevention features built into the security solutions themselves. In short, we found that solutions designed to protect users, introduced them to a new vulnerability. We have also developed mitigation techniques, including signatures available for download, as described below. For many years both of us have designed security architecture around network man-in-the-middle devices such as web proxies, firewalls and load balancers. This playground often piques our curiosity, and this time it made us want to look at a few solutions from an attacker’s perspective. We decided to investigate how network security solutions handled the TLS’ Server Name Indication (SNI) field for categorising and blocking bad URLs/hostnames (more on the SNI field later). Our initial goal was to simply test if we could bypass these security solutions by inserting a legitimate hostname in the SNI field and sending the traffic to a domain categorised as a bad domain. However, this didn’t pan out as all the security solutions we tested verified that the subject-cn of the server certificate matched the value in the SNI sent by the client. If it didn’t match, the traffic was blocked. It was worth trying, at least. This initial experiment made us aware that the TLS Client Hello packet always reached the destination server, even if it was categorised as a bad URL/domain by the security solution. The solution only blocked the session the TLS handshake had been completed, but not earlier. We then decided to play with the idea that we could leverage this unidirectional stream to exfiltrate data and bypass network security features, and therefore be able to send data to a known bad domain/host. Modern network security solutions that perform TLS inspection often have a functionality called . Basically, the security solution can forward a copy of the decrypted traffic to a mirror port, which is commonly connected to an IDS that can now inspect the once encrypted traffic. This is all well and good from a security monitoring perspective. However, we discovered that devices connected to the mirror port do not receive the TLS handshake at all, opening up a new way of performing stealthy exfiltration utilising the TLS Client Hello. Because of the way the security solutions described above behaved, we realised that we could exfiltrate data utilising extensions of the Client Hello of the TLS protocol. We chose the SNI field as an exfiltration container because it was the one extension that was never manipulated or changed by any of the in-line security solutions. During the handshake process, the SNI is populated by a value provided by the client and instructs the server which hostname the client is trying to connect to, and what certificate it should present to the client. When utilising a security solution to actively allow or deny traffic based on what domain/URL the client is connecting to, this is usually how it works: We then conducted a quick proof of concept which proved we could misuse this field by injecting arbitrary data and successfully employing this once legitimate extension as a “smuggling container” through the security solutions, without the traffic being copied to a decryption mirror port. So far so good. We had demonstrated how we could send data out from a client. The next step was to find a way to control the client using a RAT (Remote Access Trojan) that could, in turn, leverage this new communication channel. As mentioned earlier, at this stage of testing the channel was only working one-way since every tested solution was blocking the returning traffic coming back from the server and that was obviously not an optimal scenario. We were stuck, and in need of a new way of letting the control server’s data pass back through the security solution. To overcome this hurdle, we built an interim out of band C2 based on Instagram, which employed embedded C2 control commands inside Instagram’s own comments section. This was enough to get a working demo which proved our theory correct, functional and hopefully extensible: we were able to remotely control the compromised host and selectively exfiltrate data. This result encouraged us to continue testing. Our next goal was to replace the Instagram component since social media websites are easily and often blocked by internal security policies, which would have interfered with our C2 communication. We continued pursuing an in-band alternative of establishing an end-to-end communication between the agent and the Command & Control server. After some more tinkering, we discovered a common denominator in every solution we tested. As long as the server presents a valid and trusted certificate during the TLS handshake, the security solution will always present an emulated version of that certificate to the client, signed by the solution’s built-in CA. This behaviour occurs even if the domain used is blacklisted by a reputation database (URL/domain categorisation). In addition, by serving a self-signed certificate from a server, the security solution either presents the client with an emulated self-signed certificate, or a simple TCP reset. On a very primitive communication channel, a basic response would only require a binary YES/NO capability, and we now have it: a valid, trusted certificate gives us a “YES”, and an untrusted, self-signed certificate gives us “NO”. We implemented this logic into our SNIcat tool. SNIcat comprises of two separate but interdependent components: The passive agent is equipped with various commands, including the ability to exfiltrate (i.e. upload) files to the server. It constantly loops between all the available commands and waits for the C2 server to select the desired one by leveraging the binary YES/NO capability mentioned earlier. With SNIcat, we extended this logic so that we could provide a minimal but effective standalone Command Line Interface (CLI). The CLI can offer basic file system navigation commands such as jumping between folders, listing files and, obviously, exfiltration. Here is the C2 CLI in action, where we use some of the built-in commands to navigate the file system and exfiltrate a file from the agent to the C2 server: While developing this offensive tool, we also worked on developing different ways to mitigate and detect this kind of attack, both from the endpoint and the security perimeter solution. We have had a good dialogue with the vendors whose products we tested, and the following suggestions have been shared with them. As a result, a few of the vendors have provided their own security advisory with their suggested work-arounds and/or fixes. Links to the advisories can be found in our reference section below. We also developed a very early-stage proof of concept of a ‘passiveSNI’ detection tool, conceptually similar to the well-known PassiveDNS application. It works by constantly monitoring and logging every TLS/Hello packet sent through any network socket interface. These generated logs can be gathered and analysed through a SIEM solution against any well-known signature or behavioural analytics. We speculate that more vendors than those mentioned in this blog post are susceptible to our SNIcat approach. Even though it would have been interesting to test every network security solution on the market, we had limited resources and scope this time around. We therefore advise vendors to test if their products are vulnerable to SNIcat. In addition, end users and enterprises may find it helpful to test their solutions with our PoC code that you can find on . Responsible disclosure procedures were followed per vendor policy. 25/2/2020 Disclosed to Palo Alto Networks Followed disclosure procedures per 26/2/2020 F5 Networks confirmed they received our report 27/2/2020 Palo Alto Networks confirmed they received our report 3/4/2020 Disclosed to Fortinet Followed disclosure procedures per 8/4/2020 Fortinet confirmed they received our report 16/4/2020 Received suggested work-around from F5 Networks Received a working iRule from F5 Networks, in order to mitigate SNIcat when used with known bad domains. 17/6/2020 Informed all vendors of the date we intended to publish. 12/8/2020 Published GitHub repo and blog post SNIcat was successfully able to bypass the following products and their respective software versions: Security advisory can be found here Security advisory can be found here The vulnerability will be fixed in 6.4.3 GA, with a tentative release in September. An advisory will be published by FortiGuard Labs after the release. Fortinet has made us aware that they are unable to push the fix in 6.4.3. We are awaiting more information Check Point has published signatures for detecting and blocking SNIcat in both their EDR solution and their NGFW: Sandblast Agent Threat Emulation ( CVE-2020-2035 CVE-2020-15936 di|Til toppen td|Date Event Comments 24/2/2020 Disclosed to F5 Networks Followed disclosure procedures per li|A passive agent that should be dropped on the target and already compromised host. Its only goal is to connect back to the C2 and execute the provided commands. A C2 server which controls the agent from anywhere on the Internet. An Intrusion Detection System (IDS) could detect the anomalous SNI payload by redirecting the original TLS handshake, along with the decrypted traffic or as a separate stream, to any device configured to receive decrypted traffic (often called ). Performing heuristics on the Client Hello’s SNI: We have successfully used custom logic to perform an entropy check on the SNI field, and detect SNIcat by utilising this method. As long as the vulnerable products can log the SNI of every handshake, send it to a SIEM, or send the handshake itself to an IDS, one can detect SNIcat with good accuracy. Another mitigation we suggest is to reuse existing exfiltration signatures, such as DNS-signatures, on the SNI field. Also, by checking the length of the SNI field, one could check that it’s almost always 254 bytes during our misuse attacks (this is the maximum we were able to send per Client Hello, due to the limitations of a domain name character length). An alert could be generated when this value is matched. Before completing the server side’s TLS handshake, we recommend changing the blocked URL categories’ logic to match the SNI field and thus block/allow any session in case of a match occurring. This way the data in the malicious SNI will not be passed to the C2 if the site is already restricted by a URL category or if it is not matching an explicit whitelist. F5 BIG-IP running TMOS 14.1.2, with SSL Orchestrator 5.5.8 Palo Alto NGFW running PAN-OS 9.1.1 Fortigate NGFW running FortiOS 6.2.3 Trojan.Win.Snicat.A Trojan.Win.Snicat.B Trojan.Wins.Snicat.C Trojan.Wins.Snicat.D st|TL;DR Auditing the guardians after Decryption mirrors or Funhouse mirrors? 'I don't know why you say goodbye, I say Hello' - A digression on the TLS Hello packet Commands, but who controls them? Putting it all together – enter SNIcat What about mitigations? Conclusions Disclosure Timeline PRODUCTS SUCCESSFULLY BYPASSED WITH SNICAT References PoC code: F5 Networks: Palo Alto Networks: Fortinet: Check Point: CVE h1|mnemonic Labs SNIcat: Circumventing the guardians sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 em|Written by Morten Marstrander and Matteo Malvica, Security Researchers, mnemonic Update 08.10.2020: After publishing, the researchers have been invited to present these findings at Black Hat Europe, read more . SNIcat decryption mirroring Detection in the security perimeter decryption mirroring blocked Detection on the Endpoint (Updated 27.10.2020). Updated 30.11.2020). pa|Don't see any relevant active vacancies in our Sales, Marketing and Administration departments? We are always on the lookout for brilliant minds - send us an ! di|To top h1|Sales/Marketing/Admin sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Denne gruppen jobber med drift, support og lifecycle management av cybersikkerhetsprodukter. Dette kan være frittstående løsninger for kunder, eller som en del av en større leveranse. Vi opererer et NOC (Network Operations Centre) åpent i vanlig arbeidstid, og flere rullerende vakter 24/7. Alle i gruppen vår har omfattende produktkunnskap, samt fullført et løp for å kunne bistå i forbindelse med hendelseshåndtering av sikkerhetshendelser. Operations ansetter også til deltidsstillinger, les mer . di|Til toppen h1|Operations h2|Stillingsannonser: sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Planning, building and maintaining a robust security program requires a combination of business acumen, technological know-how and the expertise to execute. The skillsets required in any security organisation will change throughout the security program’s lifecycle, and evolve over time. Finding and retaining these resources is challenging and expensive. With mnemonic’s Virtual Security Organisation, our resources are your resources. Whether you need a CISO, security manager, or technical expertise, our experts are available to assist when you need them without the costs or challenges of retaining discipline specialists in-house. Benefits: di|To top li|Establish a visible head of information security in the organisation Gain access to highly specialised team without personnel maintenance costs Scalable to meet your needs are requirements change Predictable costs h1|CISO for hire sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic is committed to building technology solutions and services to combat cybercrime. Since 2003, we have cooperated with academia, government and industry to drive cybersecurity innovation and adapt to the evolving threat landscape. With more than 10% of our total man-hours invested into R&D, we are devoted to progressing cybersecurity and protecting the digital world. The industry is losing terrain against the cybercriminals and we need a game changer. The main goal for the ACT project is to develop a platform for digital threat intelligence to predict and uncover targeted cyberattacks, electronic espionage and sabotage. In the overwhelming majority of identified security incidents, there is no understanding of who the threat actor is, why they attack or how they operate. Most threat actors are never identified or held responsible for their actions, and promotes criminal behaviour that continues with little or no consequence. To help break this cycle and get ahead of our adversaries, we need digital threat intelligence that is structured, leverages automated analysis and is shared. This observation provides the motivation for sponsoring a Ph.D. candidate and their research on Threat Ontologies for Cybersecurity Analytics (TOCSA). Oslo Analytics develops advanced analytical methods based on big data analysis, subjective logic and Bayesian modelling to gain a deep situational awareness and understanding of security incidents. Headed by the Center for Cyber and Information Security (CCIS), Ars Forensica is a global research effort between the academia, the IT security industry and law enforcement focused on improving the investigation and prosecution of cybercrime. Among the partners are mnemonic, the United Nations, Europol, Norwegian National Criminal Investigation Services (Kripos), the Norwegian Police University College, and universities throughout the United States, Japan and the Netherlands. The industry is losing terrain against the cybercriminals and we need a game changer. The main goal for the ACT project is to develop a platform for digital threat intelligence to predict and uncover targeted cyberattacks, electronic espionage and sabotage. di|Til toppen h1|Research and Development h2|Semi-Automated Cyber Threat Intelligence Threat Ontologies for Cybersecurity Analytics (TOCSA) Oslo Analytics ArsForensica Passive DNS Secure DNS Semi-Automated Cyber Threat Intelligence Threat Intelligence nyhetsbrev Research Partners sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet +47 2320 4700 pa|Vi søker flere sikkerhetskonsulenter til Governance, Risk & Compliance mnemonic er Nordens ledende selskap innen IT- og informasjonssikkerhet med en unik sammensetning av tjenester og løsninger. Selskapet er i dag over 200 ansatte, og vi vokser raskt i Norge og internasjonalt. I tillegg har vi år etter år blitt rangert som en av Norges og Europas beste arbeidsplasser av Great Place to Work. De siste to årene har vi gått av med seieren i vår kategori i Norge! mnemonic jobber daglig med skarpe hendelser, side om side med Europas viktigste organisasjoner i kampen mot cyberangrep. Vi deltar aktivt i anerkjente forskningsprosjekter og er en betrodd kilde til Europol og andre globale politimyndigheter. I GRC jobber vi med utfordringer innen styring av digitale prosesser, sikkerhetsledelse, risikostyring og –strategi, samt etterlevelse av personvern- og sikkerhetskrav. Hos oss kommer man svært tett på beslutningstakerne, og man blir ansett som en pålitelig sparringspartner i strategiske beslutninger. I GRC-avdelingen du får mulighet til å levere prosjekter og tjenester på tvers av alle fagområder i mnemonic. Som sikkerhetskonsulent, Privacy i mnemonics GRC-avdeling vil du få muligheten til å jobbe med en rekke varierte arbeidsoppgaver: Dersom du føler du innehar mange av kvalifikasjonene vi etterspør, men føler at profilen i seg selv er for spisset, er du velkommen til å sende en . Et unikt og erfarent miljø, med over 200+ sikkerhetsspesialister som daglig jobber med noen av de mest utfordrende og spennende faglige problemstillingene innen informasjonssikkerhet. De siste åtte årene har mnemonic ligget i toppen av kåringen av Norges og Europas beste arbeidsplasser i regi av Great Place to Work. De siste årene har vi vunnet vår kategori i Norge! Vi benytter oss av Semac AS til bakgrunnssjekk i vår rekrutteringsprosess. Det er en fordel om du kan sikkerhetsklareres etter sikkerhetsloven til HEMMELIG. Send en søknad til og inkluder taggen "GRC-Privacy" i emnet på e-posten. Legg ved en beskrivelse av hvorfor nettopp du passer for jobben, samt CV. Dersom du har publikasjoner eller andre verker du mener representerer dine faglige kunnskaper, eller evner til å kommunisere skriftlig på norsk eller engelsk, kan du gjerne legge ved eller henvise til disse i tillegg. Søknader vil bli behandlet forløpende. di|Til toppen li|Rådgiver i compliance-prosjekter relatert til GDPR. Gjennomføre vurdering av personvernkonsekvenser (Data Protection Impact Assessment - DPIA). Hjelpe våre kunder med å forstå og etterleve kravet om innebygd personvern i praksis. Utdanning eller erfaring innen informasjonssikkerhet relatert til ett eller flere av fagområdene i stillingen (risk, governance og/eller compliance). Analytisk anlagt og evner å finne pragmatiske løsninger på komplekse problemer. Sterk kundeorientering og fokus på å skape verdi for organisasjonene du jobber med. God forståelse for hvordan sikkerhetsproblemstillinger påvirker en organisasjon helhetlig. I stand til å sette seg inn i, og formidle komplekse problemstillinger til personer med og uten sikkerhetsfaglig bakgrunn. Selvdrevet og resultatorientert, og motiveres av å jobbe med stor frihet og et sterkt fagmiljø i ryggen. Trives i en variert arbeidshverdag, og verdsetter egen faglig og personlig utvikling. Certified Information Privacy Professional/Europe (CIPP/E) Certified Information Privacy Manager (CIPM) Certified Information Privacy Technologist (CIPT) Fokus på faglig utvikling, kontinuerlig opplæring, kursing og sertifiseringer. Konkurransedyktige betingelser med kollektiv bonus til alle ansatte. En solid og lønnsom selskapsøkonomi som gir ressurser til utvikling og innovasjon. Fokus på trivsel og sosiale arrangementer. st|OM MNEMONIC OM GOVERNANCE, RISK & COMPLIANCE (GRC) BAKGRUNNSSJEKK HVORDAN SØKER JEG? h1|Sikkerhetskonsulent, Privacy h2|ARBEIDSOPPGAVER ØNSKET ERFARING OG KVALIFIKASJONER RELEVANTE SERTIFISERINGER HVA KAN VI TILBY? sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Does your organisation have the capabilities to detect and stop real-life threat actors from compromising your network? Conducting a Red Team assessment from mnemonic will let you find out. Modern threat actors are constantly developing new methods of attacking and compromising organisations. Red Team exercises are specifically performed with this in mind, with the end goal of simulating a real-life attack to assess the detection and response capabilities of an organisation as a whole. This approach does not only include targeting vulnerabilities and misconfigurations found in technical solutions, but also the people and processes that govern them. To achieve this, the exercise is made as realistic as possible by having few scope limitations and a wide timeframe so that the Red Team operators will have the potential to go undetected by the defenders or Blue Team. Further, there will only be a handful of people in the organisation, known as the White Team, that have knowledge of the exercise. The White Team will be in close dialogue with the Red Team, so that the learnings of the exercise are maximised, in addition to making sure that organisations daily operations are not impacted. Every mnemonic Red Team exercise is different and tailored after the client’s organisation and underlying critical infrastructure. The methodology of a mnemonic Red Team engagement is outlined by the following six phases: *occurs continuously in parallel In the event that the Red Team’s operations are not detected, and are able to exfiltrate the pre-defined target information without being noticed by the Blue team, the operators can purposely increase the “noise” and set off alarms in order to invoke the organisations incident response routines. At the end of the engagement, the client is given a detailed report describing observations made during each stage of the exercise, while also outlining the complete attack chain and how to break it. Throughout the engagement, mnemonic maintains detailed logs of the actions performed, with the goal of making the whole exercise repeatable in case of a re-test or workshop with the client’s Blue Team. Such a workshop may also be expanded into a "Purple Team" exercise, where the Red Team works in close collaboration with Blue Team in order to do a real time demonstration of the attacks, with the goal of learning how to detect, prevent, and respond to attacks, and develop the client’s monitoring capabilities. A Red Team assessment is a supplement to, rather than a substitute for regular penetration testing. Organisations who request Red Team assignments usually have penetration tests performed regularly both on internal and external infrastructure, as well as more in-depth security test on specific software systems that they run. An alternative to a Red Team engagement are Threat intelligence-based ethical red-teaming (TIBER) assessments, which increases the realism further by building more heavily on threat intelligence and adversarial simulation. Leder Risk Services di|Til toppen li|Initial reconnaissance Initial compromise Establishing persistence* Internal Reconnaissance* Lateral movement and privilege escalation* Compromise pre-defined targets and exfiltration of information Wider scope, evaluating the organisation’s security posture and resilience Aims for realism and demonstration of impact, rather than quality assurance and verification Tests the organisations ability to detect and respond to attacks May allow the organisation to practice incident response procedures and capabilities Relies more heavily on custom tools developed at mnemonic h1|Red teaming h2|How a Red Team engagement differs from a regular penetration test Contact me for more information h3|Need more information? sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Learn more about mnemonic's services by reading our solution briefs Gain visibility into your exposures and secure your digital assets Detect and respond to threats targeting your endpoints and servers Empower your users to prevent email threats Let the trusted expert team operate your core security systems di|Til toppen h1|Solution briefs sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about. Listen on other podcast platforms here: We’re continuing our new miniseries about privacy with cyber security researcher Hanna Linderstål. Hanna is the Founder and CEO of Earhart Business Protection Agency, a company providing research for governments and organisations on disinformation and online threats. Do you know what your favourite apps are doing with your data? And who exactly are these entities that are capitalising on selling this kind of information? We’re kicking off our new miniseries about privacy with investigative journalist Martin Gundersen. We’re continuing our Operational Technology (OT) miniseries where we look into the security challenges in the OT space.This time, Robby is joined by Nicholas Burnet and Guido Villacis from EDF Energy, Europe’s largest nuclear provider di|Til toppen st|Episodes h1|mnemonic security podcast sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk We’re continuing our miniseries about privacy with Edwin Doyle, Delegate & Constituent for the World Economic Forum Taskforce on Data Intermediaries, and Global Security Strategist at Check Point. Read more For this episode, Robby has invited Korstiaan Stam, Digital Forensics & Incident Response Manager in PwC Netherlands, to pick his brain about Business Email Compromise (BEC). Read more Read more Read more This episode, Robby welcomes John Todd, Executive Director of the non--profit organisation Quad9. Quad9 is a free, recursive DNS solution that partners with threat intelligence providers from all over the world to block websites that try to harm our computers (through things like malware, spyware, botnets, phising sites, etc.). Read more . Read more We're kicking off 2021 with a timely conversation about software security, this time with two individuals that are more than qualified for the job - Dr. Daniela S. Cruzes and Espen Johansen. Read more For our last episode in 2020, Robby is joined by Mitchell Impey, ICS Security Analyst at the Danish Energy and Telecommunications company Norlys. Read more Ready to time travel through the last 20 years of security monitoring? To guide us we have Dr. Anton Chuvakin, recognized security expert and the man behind EDR! Read more For podcast guest this week is a veteran in the IT space in the financial sector, and has extensive experience communicating security postue to stakeholders. Erik Blomberg, CISO in the Swedish Handelsbanken, chats with Robby about what management really is wondering about, and how to communicate the value your security team is delivering to the organization. Read more For this episode, Robby welcomes Morten Weea from mnemonic’s Threat Intelligence team. Morten is a PhD candidate researching decision-making in incident response and an experienced Incident Handler that often works with advanced persistent threats (APTs). Read more For this episode, we're happy to have Sebastian Takle from the DNB Financial Cyber Crime Center (FC3) with us to share how one of the largest banks in the Nordics work with Threat Intelligence. Read more For this episode, Robby has invited a veteran to the software security game. Nick Murison, Security Practice Lead at Miles. Read more . We're continuing our Operational Technology (OT) miniseries where we look at the security challenges in the OT space. This time around, Robby's invited a fellow security podcaster and former Head of Forensics at Volvo, Rikard Bodforss. Read more In this episode, Robby talk to the former Director of the national communications and secure agency in the Netherlands, Job Kuijpers, and his colleague and trusted advisor for Threat Intelligence. You'll hear about the most common misconceptions about threat intelligence and how much and what should be automated in threat intelligence - and what shouldn't. Read more This time, Robby has invited his most recent online friendship and the uncrowned king of open source, Simon Simonsen, to the podcast. Simon also happens to have a lot of experience developing and utilising security architecture defense strategies, or as he calls it; utilising your home court advantage. Read more . How can we prove cybersecurity effectiveness? With USD 124 billion being spent worldwide on IT security last year alone, it's no wonder this is a question many would like the answer to. However, finding a quantitative metric to evaluate security investments, outside of positive effects like diminishing risks and reducing the amount of bad things happening, is not straight forward. Read more . For this Norwegian episode of the mnemonic security podcast, Robby and co-host for the day, Manager of Governance, Risk & Compliance at mnemonic, Gjermund Vidhammer, are joined by two major actors in the Norwegian cyber landscape: Robin Bakke, Specialist Director for Cyber Security at the Ministry of Justice & Public Security, and Bente Hoff, Director National Cyber Security Center (NCSC) at the Norwegian National Security Authority (NSM). Read more In this episode, Robby is joined by Jeff Barto. He is Chief Security Officer at a large hedge fund in the US, has worked in security for over 20 years and has a lot of experience asking himself the question "how much data is enough?". Read more In this episode, Robby chats with someone that's had a lot to do with KPIs, both in his position as former Head of government CERT in Denmark (GovCERT), as well as a SOC analyst for more than 10 years. Read more Who better to continue our Operational Technology (OT) miniseries with than KraftCERT, the Norwegian Energy and Control System CERT. Read more For this episode, Robby has invited two experts that see privileged access management (PAM) from two different viewpoints. Read more In this episode, we continue our Operational Technology (OT) miniseries where we look into the security challenges in the OT space. This time, Robby chats with PhD Andrea Carcano on the importance of visibility in OT environments. Read more In this episode, Robby chats with Erlend Gjære, CO-founder and CEO of Secure Practice, on how to turn an organisation's users into its last line of defense against email threats. Read more In this episode, Robby wants to know how a CISO handles the challenge of securing both IT and OT environments. Read more In this episode, Robby chats with two people from mnemonic that are highly passionate about microservices; security researcher Andreas Claesson and Head of Development of our Argus security platform, Joakim von Brandis. Read more In the second part of our mini series about SOAR, Robby chats with a gentleman that was referred to as The Godfather of SOAR in the first episode of the series. Read more In this episode, we chat with Tibor Földesi, Security Automation Analyst in Norlys, one of the largest Telco & Energy companies in Denmark. At Norlys, his main motivation is to get more time to enjoy his coffee, which directly correlates with his ability to automate what can be automated. Read more In this episode, we chat with people in charge of the healthcare and sensitive data collected in what is amongst the world's largest COVID-19 studies to date. Read more . In this episode, we chat with our friends in SailPoint, Equinor and the University of Copenhagen to hear their thoughts about the state of the market regarding Idenitity, Access and Governance. Read more . In this episode, we speak with a security expert that is actually willing to pay money to "hackers" - the Product Security Director in Visma, Espen Johansen. Read more . In this episode, we chat with the former Head of the SOC at the Norwegian National CERT, and current member of mnemonic’s Threat Intelligence team. She also happens to have a personal interest in the "Internet of Things" and medical devices. Read more . In this episode we chat with the CISO of consumer goods conglomerate Orkla - Antonio Martiradonna. Read more . In this episode we pick the brain of a Senior Vice President and CISO for a multinational insurance enterprise – Bjørn Watne of Storebrand. Read more . In this episode we chat with two of the main contributors to the #OutofControl report, Finn Myrstad, Digital Policy Director for the Norwegian Consumer Council and Tor Bjørstad, Application Security Lead in mnemonic. Read more . In this episode we chat with a cyber insurance underwriter for one of the largest insurance enterprises in the Nordics - Erlend Hjelle from Gjensidige. Read more . In this episode we chat with a hacker for hire aka pentester for mnemonic - Harrison Sand. Read more . In this episode we interview one of the founding fathers of the Argus platform - Joakim von Brandis. Read more . In this episode we chat with Angel Alonso, a CISO for hire and team lead for the Governance, Risk and Compliance department in mnemonic. Read more . In this interview we interview the boss of the SOC - Stig Nordby in mnemonic. Read more . In this episode we chat with PhD candidate, and former CISO for mnemonic - Siri Bromander. Read more . +47 2320 4700 pa|SECURITY REPORT WEBINARMore often than not, development in large projects means using third-party libraries. According to , this applies to as much as 85% of the code in a typical application. The complexity of modern projects requires developers to use libraries that are convenient and prevent them from having to reinventing the wheel. However, there are some considerations from a security point of view that need to be taken into account. In his recently published Security Report article , Andreas Claesson explores this topic and presents several suggestions for actions and tools that can help navigate these security challenges. Join us in our 6-part wherepresent some of the major findings from our recently published . The topics include; from building an Enterprise Security Architecture, to unsanctioned remote and third-party access and security threats in modern cloud applications. Andreas Claesson, Senior Technical Security Consultant, mnemonic In this webinar, Andreas will present the major security challenges and pitfalls concerning use of third-party libraries in development, and give hands on recommendations for how to best avoid them. : English : 2/5 Interested in some of our other webinars? Read more about and sign up for the other Security Report webinars . Get your copy of our Security Report ! Timezone: CET (GMT +1) di|To top st|Didn't make it to the webinar? Watch the recording here: industry estimates Securing third-party dependencies in development Join us for our webinar Thursday the 8th of April at 09:00-09:40 CET. Are you looking for this webinar in a US timezone? You can find registration and more details . Security Report webinar series webinar series Security Report 2021 Language Technical level here here h1|Securing third-party dependencies in development h2|Agenda sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|SECURITY REPORT WEBINARThis is a quote from the Netflix series The Spy. The series is based on the life of the Israeli spy Eli Cohen, portrayed by Sasha Baron Cohen. The quote is an accurate reflection of how we typically picture insiders; intelligent moles or spies working undercover. However, real insiders might look quite different from how we’re used to seeing them depicted. In their recently published article , GRC Advisors Anne Aune and Kristian Haga explore how this Hollywood stereotype might actually get in the way of companies and organisations managing real insider threats. Join us in our 6-part wherepresent some of the major findings from our recently published . The topics include; from building an Enterprise Security Architecture, to unsanctioned remote and third-party access and security threats in modern cloud applications. Kristian Haga, GRC Advisor, mnemonic Insider threats can be tricky to define, difficult to discuss, and represent a complex risk scenario that can be challenging to address. To gain better insight into how organisations are actually approaching the challenge, we decided to interview C-level executives from several organisations classified as being at a particularly high risk for insider threats. During this presentation Kristian will delve deeper into some of these challenges, share the interview findings, and offer some of the recommended actions companies, organisations and authorities take in order to better navigate this risk. : English : 1/5 Interested in some of our other webinars? Read more about and sign up for the other Security Report webinars . Get your copy of our Security Report ! Timezone: CET (GMT +1) di|To top st|Didn't make it to the webinar? Watch the recording here: We need to talk about insider threats Join us for our webinar Tuesday the 9th of March at 09:00-09:40 CET. Are you looking for this webinar in a US timezone? You can find registration and more details . Security Report webinar series webinar series Security Report 2021 Language Technical level here here h1|We need to talk about insider threats h2|Agenda sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 em|A true agent has instinct, and that cannot be taught. He either has it or he doesn't. pa|Cybersecurity is an exercise in risk management. The ability to identify, assess, and manage these risks helps remove their uncertainty and transforms technology from a liability into a business enabler. Risks are an expected and inherent part of all business. However with rapid innovations in technology, the evolving threat landscape, and a modern dependence on digitalisation, identifying and understanding your risk exposure is simultaneously becoming more critical and complex. A Risk Assessment helps identify the risks you’re currently facing, and can remove the uncertainty with adopting new strategies. You will gain perspective on the potential business impact, and be in a position to make informed decisions on how to address these risks. Every activity undertaken by a business involves a risk. How each risk should be managed depends on how they are defined. Quantified risks with an accurate definition of the consequences and causes become manageable. Unfortunately risks within information security are usually unquantified or poorly defined, and perceived as uncertain due to a lack of facts. This causes unmanageable risks. Fact-based and analytical risk management means that risks within information security can also be quantified, and we can make rational decisions on how they can be managed. A company's senior management will always be responsible for information security, which requires the formulation of a strategy and principles for risk management. Responsibility for following those principles will lie with the employees. To ensure they are followed and turned into action requires a security culture in which everyone knows their responsibilities and how to fulfil them correctly. We help businesses to apply risk management to their own circumstances. We have wide-ranging specialities within information security, which enables our consultants to specialize within different industry segments and technologies. This means a unique combination of industry experience and technical specialization. We work with IT risk management and perform risk assessments for several of the largest companies in the Nordic Region, including some of the world's largest providers of IT outsourcing. Our service deliverables for risk management are based on industry best practice and years of experience, which include: Manager Governance, Risk & Compliance di|To top li|Establishing Risk Management Framework Risk Assessments Virtual Security Organization GRC Solutions ISMS Implementation Third Party Vendor Risk Management h1|Risk Assessment h2|Who is responsible for risk management? Knowing your industry and technical specialities Services available Contact me for more information h3|Need more information? sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|SECURITY REPORT WEBINARHow can we secure access to our systems and ensure compliance when our most critical machines and software are opened to external sub-contractors? Finding a secure way to provide third-party access for organisations with a control system environment is not a new challenge, and there have been many attempts at solving this in the past. In their recently published Security Report article , Adrian Helle and Konrad Halnum explore this topic, and presents a modern, security-focused and user centric approach to providing remote access to third-party vendors that may be suitable for many organisations. Join us in our 6-part wherepresent some of the major findings from our recently published . The topics include; from building an Enterprise Security Architecture, to reducing the risk of insider threats and security threats in modern cloud applications. Adrian Helle and Konrad Halnum, Security Infrastructure Specialists, mnemonic In this webinar, Adrian and Konrad will explore the most common pitfalls in traditional approaches providing third-party access, and discuss how to find the correct balance between security and convenience when providing third-party vendors access to your most critical systems. They will also go into detail about how their approach to solving this challenge works, and how it can be leveraged by other organisations. : English : 3/5 Interested in some of our other webinars? Read more about and sign up for the other Security Report webinars . Get your copy of our Security Report ! Timezone: CET (GMT +1) di|To top st|Gatekeeping Join us for our webinar Tuesday the 20th of April at 09:00-09:40 CET. Are you looking for this webinar in a US timezone? You can find registration and more details . Security Report webinar series webinar series Security Report 2021 Language Technical level here here h1|Shining a light on unsanctioned remote and third-party access practices h2|Agenda sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Download mnemonic's annual security reports where we share trends observed from our SOC, our predictions for the year ahead and analyses from our experts Are you looking for older reports? Contact us at di|Til toppen st|Security Report 2021 h1|Security report sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|For å møte dagens sikkerhetsutfordringer må man se forbi de tradisjonelle operasjonssentrenes kapasiteter. En Managed Detection and Response-tjeneste tilrettelegger for at organisasjoner kan beskytte seg mot moderne cybertrusler. En majoritet av dagens sikkerhetsbrudd blir fortsatt oppdaget lenge etter at de faktisk oppstod. Med dagens globalisering med mobile bruker, multi-sourcing kontrakter, skytjenester med mer, kan sikkerhetshendelser treffe en fra de mest utenkelige kilder. For å møte denne utfordringen må man planlegge for fremtiden og etablere avanserte løsninger for deteksjon og respons. Trusselbildet endres kontinuerlig. For å beskytte seg mot dagens trusler er det avgjørende å ha oppdatert, presis og relevant kunnskap om datakriminelle, deres verktøy og mål. Vårt dedikerte trusseletterretningsteam sikrer at våre sikkerhetsanalytikere til enhver tid har oppdatert og relevante kunnskap om endringer i trusselbildet samt at våre systemer er oppdatert med ferske analyser. Vårt team av profesjonelle hendelseshåndterere har hjulpet virksomheter i opplæring av egne ansatte samt etablering av ulike CERT for håndtering av sikkerhetshendelser. Gjennom mange års arbeid med digital gransking av sikkerhetshendelser innen ulike kategorier, har vi etablert kapasitet og erfaring til å håndtere selv de mest ressurskrevende sikkerhetshendelser. Et foruroligende antall sikkerhetsbrudd er resultatet av feilkonfigurasjon av enheter og dårlig oppdateringspraksis. Kombinert med oppgaven med å håndtere en svimlende mengde logger, forsvinner disponibel tid for IT-sikkerhetsansatte fort. mnemonics team av eksperter kan hjelpe deg å lette byrden, holde dere i tråd med best practice og få mest mulig ut av dine investeringer - 24x7. Et vellykket dataangrep mot industrielle kontrollsystemer kan få store konsekvenser og vil være alvorlig, ødeleggende og kan i ytterste konsekvens være en trussel mot alle aspekter av helse, miljø og sikkerhet (HMS). Beskyttelse av viktige industrielle kontrollsystemer mot avanserte dataangrep krever sikringstiltak med tilsvarende kvaliteter. Let the trusted expert team operate your core security systems Gain visibility into your exposures and secure your digital assets di|Til toppen h1|Managed Detection and Response h2|Argus Managed Defence Trusseletterretning Hendelseshåndtering Enhets- og loggbehandling Avansert trusselbeskyttelse for Industrielle kontrollsystemer (ICS) Security Operations Argus Continuous Vulnerability Monitoring sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet Les mer om arrangementet +47 2320 4700 pa|SECURITY REPORT WEBINARApplication development for public cloud infrastructure is the new norm. Whether this is because of the speed of development and the lack of infrastructure maintenance, the native automation capabilities in cloud environments, or a variety of other factors, it is safe to say that application development in the cloud is here to stay. This leads to the question: what new security considerations are there for cloud-native applications? In his recently published Security Report article , Cody Burkard explores this question in detail. Join us in our 6-part wherepresent some of the major findings from our recently published . The topics include; from building an Enterprise Security Architecture, to unsanctioned remote and third-party access and security threats in modern cloud applications. Cody Burkard, Senior Cloud Security Consultant, mnemonic In this webinar, Cody will explore in technical detail how cloud-based threats impact application security in the cloud and how to model cloud-based threats against applications. He will also give hands-on recommendations on how to navigate this for security professionals from both the offense and defence side. : English : 4/5 Interested in some of our other webinars? Read more about and sign up for the other Security Report webinars . Get your copy of our Security Report ! Timezone: CET (GMT +1) di|Til toppen st|Cloud is not just somebody else’s computer Join us for our webinar Thursday the 6th of May at 09:00-09:40 CET. Are you looking for this webinar in a US timezone? You can find registration and more details . Security Report webinar series webinar series Security Report 2021 Language Technical level here here h1|New paradigms for security threats in modern cloud applications h2|Program sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|SECURITY REPORT WEBINARApplication development for public cloud infrastructure is the new norm. Whether this is because of the speed of development and the lack of infrastructure maintenance, the native automation capabilities in cloud environments, or a variety of other factors, it is safe to say that application development in the cloud is here to stay. This leads to the question: what new security considerations are there for cloud-native applications? In his recently published Security Report article , Cody Burkard explores this question in detail. Join us in our 6-part wherepresent some of the major findings from our recently published . The topics include; from building an Enterprise Security Architecture, to unsanctioned remote and third-party access and security threats in modern cloud applications. Cody Burkard, Senior Cloud Security Consultant, mnemonic In this webinar, Cody will explore in technical detail how cloud-based threats impact application security in the cloud and how to model cloud-based threats against applications. He will also give hands-on recommendations on how to navigate this for security professionals from both the offense and defence side. : English : 4/5 Interested in some of our other webinars? Read more about and sign up for the other Security Report webinars . Get your copy of our Security Report ! Timezone: 9am PST / 11am CST / 12pm (noon) EST di|To top st|Cloud is not just somebody else’s computer Join us for our webinar Thursday the 6th of May at 9 am PST / 11am CST / 12pm (noon) EST. Are you looking for this webinar in a European timezone? You can find registration and more details . Security Report webinar series webinar series Security Report 2021 Language Technical level here here h1|New paradigms for security threats in modern cloud applications | US webinar h2|Agenda sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|WEBINAR | THE NETHERLANDS Organisations are faced with a complex and ever-evolving list of risks and threats, constantly demanding time, manpower and updated know-how. How can we approach this challenge in an efficient way, while at the same time making sure we continue to stay ahead of our adversaries? When defending against tomorrow’s cyberthreats, you have to look beyond the capabilities of traditional Security Operation Centers (SOC). You need to be equipped with efficient and accurate monitoring, detection and response capabilities. Join us to learn about services, how to navigate the complex market of managed security services, and discover if MDR services are right for your organisation. Anne Karine Hafkamp, Sales Director Benelux, mnemonic The market for MDR services is fast growing. Among others, Gartner predicts that in the next four years, 50% of all organisations globally will be using MDR services. In her presentation, Anne Karine will be going into some of the benefits of MDR, the most relevant use-cases for MDR services in the Dutch market, and how mnemonic can help. Alexander van Geelen, Cyber Vision Consultancy These days, when setting up and implementing a modern SOC you are faced with a lot more options than you were previously. Finding the right SOC setup for your organisation can be challenging – it’s daunting even to know where to start. Alexander is an independent senior security consultant with extensive experience helping Dutch business with exactly this. He will share hands-on advice and best practices from implementing SOC and MDR services in the Dutch market. Lex Crielaars, Pre-sales lead Benelux, mnemonic Lex will present mnemonic’s proprietary service, Argus. The presentation will show real customer use-cases, and how Argus can help protect your organisation. Timezone: CET (GMT +1) di|To top st|Technical level: 2/5 Language: Dutch Technical level: 2/5 Language: Dutch Technical level: 3/5 Language: Dutch h1|Combat modern cyber threats with | Dutch webinar h2|Agenda h3|Welcome and introduction to mnemonic MDR A SOC is not just a SOC The Argus MDR platform Questions and answers sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|SECURITY REPORT WEBINAROrganisations are challenged in using a limited set of resources and budget to mitigate an evolving list of risks and threats. Building robust security architecture requires the ability to make informed, business-driven decisions on security investments to address the identified risks – a task easier said than done. So where do you start? Based on 20 years of experience, we have developed an framework that consolidates industry frameworks, methodologies and best practices across enterprise risk management, threat intelligence, security architecture and operations to create a single framework that bridges the gap between a business’ goals and how you can protect them. First developed for internal use, we are sharing this adaptable framework to assist our customers in making sound security investments and binding business goals to technical controls, available technology, threat scenarios, and established frameworks. Read more about the mnemonic Enterprise Security Architecture framework in our . Join us in our 6-part wherepresent some of the major findings from our recently published Security Report 2021. The topics include; from building an Enterprise Security Architecture, to unsanctioned remote and third-party access and security threats in modern cloud applications. Angel Alonso and Mark Totton, Governance, Risk and Compliance, mnemonic In this webinar, two of the members of our Enterprise Security Architecture group will present why they saw the need for establishing our mnemonic Enterprise Security Architecture framework, and how their interactions with customers made it clear this was addressing an external need as well. During the session they will go into detail on how the framework is structured, and how organisations can leverage it to make sound security investments that protect the business and its goals. : English : 2/5 Interested in some of our other webinars? Read more about and sign up for the other Security Report webinars . Get your copy of our Security Report ! Timezone: CET (GMT +1) di|To top st|Didn't make it to the webinar? Watch the recording here: Enterprise Security Architecture Security Report 2021 Join us for our webinar Thursday the 18th of March at 09:00-09:40 CET. Are you looking for this webinar in a US timezone? You can find registration and more details . Security Report webinar series webinar series Language Technical level here here h1|Enterprise Security Architecture: optimise your security investments h2|Agenda sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 di|Til toppen st|Governance, Risk & Compliance (GRC) Technical Risk Services (TRS) mnemonic System Integration (MSI) mnemonic Security Services (MSS) Infrastruktur Salg/ Markedsføring/ Administrasjon h1|Ledige stillinger sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|Chief Financial Officer (CFO) Line has been with mnemonic since 2000 and held the position as CFO since then. She holds an MBA from BI Norwegian School of Management. Before joining mnemonic she served as a business controller at Cinet. di|To top h1|Line Kloster sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Manager, mnemonic System Integration (MSI) Jon-Finngard has been with mnemonic since 2005 and started as a SOC analyst. He is now Manager for the mnemonic System Integration (MSI) department. He holds a Master of Science from NTNU, specializing in Information Security. Jon-Finngard possesses up-to-date technical knowledge, and has broad experience with security products and trends. di|To top h1|Jon-Finngard Moe sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Information about the most recent Gartner guides mentioning mnemonic's services di|To top li|mnemonic is the only European vendor recognised five years in a row in the mnemonic is recognised as a representative vendor in Gartner's Security Pure-Play category in the mnemonic mentioned as representative vendor for Incident Response Services in the latest from 2019 st|Managed Security Services Incident Response Services h1|Industry Recognition Gartner sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|To meet today's security challenges, you have to look beyond the capabilities of traditional Security Operation Centers. A service enables your business to combat modern cyberthreats. The majority of security breaches are still discovered far too long after they’ve occurred. With today’s globalised environments of mobile users, multi-sourcing contracts, cloud services and more, security threats can be triggered from the most unexpected sources. To meet these challenges, you have to look beyond the traditional managed security service provider. The threat landscape is complex, dynamic and evolving. To defend against modern threats, it is vital to maintain accurate and up-to-date knowledge of your adversaries, their tools and their targets – a task that is costly and requires significant resources. The mnemonic Threat Intelligence Team tracks new threat developments as they unfold globally and ensures your business is prepared to defend against evolving threats. The mnemonic Incident Response Team (mIRT) helps organizations to investigate, respond and recover from security breaches. With years of experience handling all types of security incidents, our team also helps organizations in building their own response capabilities and establishing CSIRT frameworks. An alarming number of security breaches are the result of device misconfigurations and poor patch management practices. Combined with the task of managing a staggering amount of logs, IT security teams are being stretched thin. mnemonic’s team of experts can help you ease the burden, stay compliant and get the most out of your investments – 24x7. The consequences of a successful cyberattack on Industrial Control Systems (ICS) are severe, disruptive, and potentially life threatening. In a world where downtime is simply not an option, protecting these mission-critical systems against modern threats requires an equally Advanced Threat Defence strategy. Let the trusted expert team operate your core security systems Gain visibility into your exposures and secure your digital assets Manager MSS di|To top h1|Managed Detection and Response h2|Argus Managed Defence Applied Threat Intelligence Incident Response Device and Log Management Advanced threat defence for Industrial Control Systems Security Operations Argus Continuous Vulnerability Monitoring Contact me for more information Argus partners sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event Read more about the event +47 2320 4700 pa|IT-sikkerhet er en øvelse i riskoledelse. Evnen til å identifisere, vurdere og administrere risiko innen IT gjør det lettere å håndtere dem. God risikostyring er avgjørende for å kunne lykkes med digitalisering av tjenester. Vi gjør IT-risiko styring og utfører risikovurderinger for mange av de største virksomhetene i Norden samt enkelte av verdens største outsourcings-leverandører. Enhver aktivitet av betydning involverer en eller annen form for risiko. Hvordan disse skal håndteres avhenger av hvordan de er definert. Det er vår erfaring at risiko innen informasjonssikkerhet ofte er vanskelig å beregne, dårlig definert og oppfattet som usikker på grunn av manglende fakta. For å håndtere risikoer innen informasjonssikkerhet har vi et system for å tallfeste de forskjellige risikoene. Dette er basert på fakta og analyse, og hjelper deg å ta rasjonelle beslutninger. Ledelsen vil alltid ha det overordnede ansvaret for informasjonssikkerhet i en virksomhet. Dette fordrer at man har en strategi og klare mål for risikostyringen. Ansvaret for å følge disse opp ligger hos den enkelte. For å sikre at strategien og målene blir oppnådd må man etablere en sikkerhetskultur der alle kjenner sitt ansvar og vet hvordan man oppnår målene. Vi hjelper private og offentlige virksomheter med å etablere risikostyring som passer deres krav. Våre konsulenter er spesialister innen informasjonssikkerhet og har i tillegg dybdekunnskap om ulike industrier. Dette gir en unik kombinasjon av kompetanse med både industriekspertise og dybdekunnskap innen informasjonssikkerhet. Tilgjengelige tjenester Vi leverer en rekke tjenester innen område og de er alle tilpasset de respektive kunders krav. Her er noen av de: Avdelingsleder Governance, Risk & Compliance di|Til toppen li|Etablering av rammeverk for risikohåndtering Risikovurderinger Virtuell sikkerhetsorganisasjon GRC løsninger Etablering av styringssystem for informasjonssikkerhet (ISMS) Risikostyring av tredjeparts leverandører h1|Risikovurdering h2|Hvem er ansvarlig for risikostyringen? Virksomhetsspesifikke krav og tekniske spissfindigheter Kontakt meg for mer informasjon h3|Ønsker du mer informasjon sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk Beregning av risiko når konsekvens og årsak er kjent er enkelt. +47 2320 4700 pa|Planlegging, etablering og utvikling av et robust sikkerhetsprogram krever en kombinasjon av forretningsforståelse, teknologisk know-how og kompetanse til å utføre. Den kompetansen som kreves i enhver sikkerhetsorganisasjon vil utvikle og endre seg over tid. Å finne og beholde ressurser som besitter slik kompetanse er utfordrende og dyrt. Med mnemonic sin virtuelle sikkerhetsorganisasjon, er våre ressurser dine ressurser. Enten du trenger en CISO, sikkerhetssjef, eller har behov for teknisk kompetanse, er våre eksperter tilgjengelig for å hjelpe når du trenger dem uten de kostnadene eller utfordringene det gjerne er om du selv skal ha mye sikkerhetsfaglig ekspertise i egen organisasjoner Fordeler: di|Til toppen li|Etablere en synlig leder for informasjonssikkerhet i organisasjonen Få tilgang til høyt spesialisert kompetanse uten personal og vedlikeholdskostnader Skalerbarhet til å møte dine behov ved endringer Forutsigbare kostnader h1|CISO for hire sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. On August 11, 2020, Microsoft patched a privilege escalation vulnerability in Microsoft Netlogon Remote Protocol (MS-NRPC). The vulnerability allows an attacker to impersonate the machine account of any domain joined computer, and set a known or empty password for the machine account. The vulnerability is particularly severe as it may be used to obtain full domain administrator privileges by spoofing the machine account of a Domain Controller. This enables the attacker to access the specific Domain Controller and extract all user password hashes, including hashes for domain administrators and kerberos service user (krbtgt), which can further be used to create golden tickets. Effectively providing an attacker full domain administrator privileges. Multiple examples of proof-of-concept code are publicly available. Our Technical Risk Services department have successfully verified the exploit. This vulnerability should be mitigated AS-SOON-AS-POSSIBLE. In order to fully mitigate, you need to install the August 11 update and enable "enforcement mode" by modifying a registry key. Installing the patch alone does NOT fully mitigate the vulnerability. Microsoft is deploying mitigation in two phases. An initial deployment phase (2020-08-11) and an Enforcement Phase (2021-02-09). Microsoft is taking precautions in order to allow organisations time to rectify any non-compliant devices using MS-NRPC. First phase will provide new Event IDs to identify non-compliant devices and introduce a registry key to enable enforcement mode early. Second phase will enable enforcement mode regardless of registry setting. In the deployment phase (2020-08-11), Microsoft introduces a series of changes: All modern Windows operating systems are using secure RPC by default and are therefore not affected by these changes. In order to force a modern Windows operating systems to use insecure RPC one would have to deliberately disable default security policies in Windows operating systems. But non-Windows devices that are domain joined or trusted Active Directory domains forests might be using insecure RPC. In the Enforcement phase (2021-02-09), Microsoft will enforce secure RPC on all domain controllers, forcing all devices, Windows or non-Windows, to use secure RPC. The only exception are devices exempted using group policy settings as introduced by the August 11th 2020 update. In this phase, the Event ID 5829 will also be removed as all non-secure RPC connections become denied and logged as Event ID 5827. In their conclusion, Secura observed that the August patch broke their implementation of the exploit, possibly due to the ClientCredential field starting with too many zeroes. At the time of writing, it is unknown if the vulnerability still can be used, after the patch, either with brute-forcing, for man-in-the-middle or as a vector for Denial of Service (through disconnecting AD machine accounts). It should also be noted that according to Microsoft MVP Ryan Newington, the August patch does not disable non-secure RPC, it will still be available to use for devices but they are now logged under the new Event ID 5829 to allow identification. In an Active Directory environment with domain trust to other domains one would have to consider if the trusted party rely on using non-secure RPC. Identification of any devices in remote domains which use non-secure RPC is done in the same manner as domain local devices by analysing Event ID 5829. Allowing trusted domain to use non-secure RPC can be achieved by adding trust accounts to the exempted devices using group policy. Doing so is however strongly discouraged. Proof-of-concept code for the exploit is widely available. The exploit is currently being implemented in commonly used attack frameworks and tools. It has already been included in the popular tool "mimikatz". The wide availability and fairly high stability of the proof-of-concept code we have seen makes it certain that this exploit will be used by a wide range of threat actors ranging from Nation-state actors, crime-syndicates, criminals and opportunists. The only attacker drawback being that a password reset of a machine account in effect disconnects that machine from the domain (at least before an attacker can restore connection), making the exploit somewhat "noisy". If not mitigated, it will provide an attacker with an initial foothold means to perform privilege escalation from unauthenticated user to full domain administrator privileges. If partially mitigated with the just the patch there is a risk that someone will circumvent the obstacle preventing the current PoC code from working. Microsoft's recommendation is to install the patch and monitor for Event ID 5829, to see if you have non-Windows devices that uses insecure RPC, "mitigate these" and then enable enforcement mode. mnemonic's recommendation: Install the patch and enable enforcement mode AS-SOON-AS-POSSIBLE. If it is not possible to immediately enforce secure RPC, you should only allow a small window of time to identify non-compliant devices. These devices must by patched, upgraded or removed. If you cannot remove them for the time being, you should use the GPO to add explicit exceptions, and then turn on enforcement mode (note that we do not recommend to leave machine accounts with exceptions, as this is a potential backdoor for future privilege escalations, but it is better to have a few known systems, with insecure RPC enabled, than all systems). Network based signatures have already been deployed, and our threat researchers are working on improving these further. Initial signatures from some of our vendors had issues with large amounts of false positives. Network coverage is dependent on network sensors being deployed in a fashion that allows for inspection of traffic between computers/servers and the Domain Controllers. Our threat researchers are also working on log based detection for both scenarios with patched and vulnerable Domain Controllers. Thanks to the Windows Event IDs 5827, 5828 and 5829 we are confident we will be able to build content for patched Domain Controllers. We are still investigating if robust detection can be deployed for vulnerable servers. Detection through log analysis requires collection and analysis of Security Event Logs from domain controller as a part of the Argus service. For EDR based detection, it is unlikely that the EDR tools themselves will be able to inspect and analyse Microsoft Netlogon Remote Protocol. We are working with our vendors to get feedback on this issue. It is highly likely that EDR detection will be based on detecting the specific implementation of the exploit (detection of the tool being used) instead of detecting the actual RPC exploit. We are expecting vendors to deploy signatures to more tailored solutions (such as Azure ATP and SmartVision), and we are following up the vendors in our portfolio to get positive confirmation of working signatures. All Argus CVM customers with registered unpatched vulnerabilities have been notified explicitly. CVM requires authenticated scans to successfully register vulnerable servers. Our CVM team is currently investigating if a safe network based unauthenticated scan can be utilised. For further inquiries regarding Argus service, and coverage, please contact your Technical Account Manager (TAM) or create a ticket in the Argus portal. di|To top li|Enforcement of secure RPC for Machine accounts on Windows based devices, trust accounts, all Windows and non-Windows DCs. A new GPO to allow non-compliant devices (using insecure RPC) to communicate with the DCs, even if they are configured in enforcement mode. A new registry key to enable early enforcement mode on DC for all machine accounts (enforcement of secure RPC). New event IDs which log when accounts are denied, or would be denied in enforcement mode (Event ID 5827, 5828 and 5829). st|Background Summary Description Intelligence assessment Consequences Recommendations References More information Do you want to be updated on mnemonic’s Threat Advisories? Sign up to our email list h1|mnemonic Labs Threat Advisory: Zerologon - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) h2|Detection coverage for Argus customers and Argus Continuous Vulnerability Monitoring coverage (CVM) sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Internships available for 2021 Would you like an internship with one of the leading IT security providers in Europe? Here you can read more about our currently availiable internship positions: Learn more about the intern experience . We also offer trainee positions, read more about our SOC Trainee Program . Head of Recruitment di|To top li|mnemonic is the leading IT and information security company in the Nordics, and a significant actor in the European security landscape. We have some of the most exciting assignments in Norway: eight out of the ten largest companies in Norway are on our client list, in addition to a large variety of public organisations. mnemonic's service portfolio covers a broad range of the IT and information security field, an exciting field growing in importance and range. st|WHY MNEMONIC? h1|mInternship Program h2|Any questions regarding a career in mnemonic? sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Are you looking for a relevant part-time job while you are studying? Our SOC Trainee Program offers exciting Security Analyst positions. As an SOC trainee, you get to work on tasks from real data sets, sessions and use a variety of tools and systems. You will always work together with experienced analysts who can provide guidance during your work. We can promise the work will be challenging and that this is an exciting experience that will leave you with a unique expertise. Many of our former SOC trainees have move into full-time positions with us over time, in expert roles in disciplines such as security analysis, threat intelligence, incident management, risk analysis, penetration testing, security architecture and development. The position works well as a part-time job in combination with studies. Find out more about the position and trainee requirements . di|To top h1|SOC Trainee Program sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Are you looking for a relevant part-time job while you are studying? Our NOC Trainee Program offers exciting security operator and developer positions. As a NOC trainee, you get to work with real security solutions, securing services vital to our society. During your time with us, you will get to learn to use a variety of tools and systems, both on-premise and cloud based. And work together with experienced operators always available to provide guidance. We can promise the tasks will be challenging, and if you’re up for it, it’s an exciting experience that will leave you with a unique expertise. Many of our former NOC trainees have moved to full-time positions within mnemonic, in expert roles in disciplines such as system integration, threat intelligence, blue team defenders, security architects, product experts, incident managers and developers. The position works well as a part-time job combined with studies. We offer two types of trainee positions: di|To top li|Focusing on deployment, management of cyber security solutions. Developing tools, integrations, dashboards, services, parsers etc. related to our services. This role is project based. h1|NOC Trainee Program sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|As part of an ongoing collaboration with the digital consumer rights team at the Norwegian Consumer Council, two researchers from mnemonic have carried out an in-depth investigation into how mobile applications share data with third parties for advertising purposes. The results show that personal data is shared widely within the advertising ecosystem. mnemonic has carried out an in-depth investigation of 10 well-known and widely used mobile apps on the Android platform, which were selected for analysis by the Norwegian Consumer Council. The apps cover several highly personal topics, such as dating, religion, and health. The research has aimed to document current practices and increase the understanding of how user data is collected and shared within the mobile advertising industry. There are significant differences between mobile ads and traditional web advertising due to the way that apps are built and run, and the availability of sensors such as GPS. The use of a specific app, including how often and for how long it is used, can in itself give significant information about the end user. Our test results document that a significant amount of user data is being shared by the apps with third parties in the advertising industry. Key findings include: The extensive data collection documented, in combination with the use of persistent identifiers, enables the creation of comprehensive profiles on individual consumers. In many cases, the information shared by the apps can be used to infer attributes such as sexual orientation and religious belief. “The purpose of the testing has been to increase our understanding of the mobile advertising ecosystem. In particular, we have aimed to identify some of the main actors collecting user data from our sample set of apps, understand the type and frequency of data flows, and examine the specific information that is being transmitted”, says Andreas Claesson, lead researcher on the project. “We were quite surprised by the amount of data sharing occurring”, his project partner Tor E. Bjørstad adds. “A key motivation for this project has been that data collection, sharing, and processing within the advertising industry on mobile platforms is poorly understood. We hope that this work documenting the current industry practices will help start a debate on how user data is collected and used for mobile advertising”. For questions or media requests, please contact Read more about “Out of control” here: di|Til toppen li|The ten apps were observed communicating with at least 135 distinct third-party companies involved in advertising and/or behavioural profiling The Android advertising ID, which allows advertisers to track a specific device across different services, was transferred to at least 45 different third parties involved in advertising and/or behavioural profiling. All of the apps shared the advertising ID with multiple third parties, and all except one shared additional data. Additional data sharing included elements such as exact GPS location, IP address, device information, and personal attributes including gender and age. Amongst the apps tested, Grindr and Perfect365 particularly stood out for sharing significant amounts of data with a large number of advertising partners. h1|“Out of control”: Advertisers receive large amounts of personal data from popular mobile apps sp|no Meny Deteksjon og respons Vurdering og testing Rådgivning Close Forskningsprosjekter Free tools & apps Close Close Om mnemonic Close Search Søk +47 2320 4700 pa|For a security strategy to be successful, it must align with the business’ goals and demonstrate an ability to protect the orgainsation while containing costs. mnemonic helps organizations define a holistic security program that is aligned with the business, ensuring that the security organization both protects the organization’s assets and is a business-enabler. Using the organization’s corporate strategy, operational risks, the overall threat landscape and relevant technology trends as starting points, we help define and execute the strategy required to achieve the business’ ambitions. di|To top h1|Security strategy sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|Our organizational certifications document our accreditations and commitment to quality. di|To top mnemonic has been ISO 9001 certified since January 2013 mnemonic has been ISO/IEC 27001 certified since 2005 Being among the best places to work in Europe requires commitment. Our employees are by far our most valuable asset. We are proud to have created a culture and working environment that attracts highly skilled people. mnemonic is certified according to the certification scheme Eco-Lighthouse. h1|Certifications and awards h2|ISO 9001 certified ISO IEC 27001 certified Great Place To Work Eco-lighthouse sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 pa|mnemonic's experts share their views and news on all things Security. On 2020-12-13, FireEye published about their recent Red Team tools compromise, linking the attack vector to a larger software supply chain compromise of the Orion network monitoring product from SolarWinds. The initial intrusion into SolarWinds is not described, but after the threat actor gained access to their production systems they successfully trojanised SolarWinds Orion’s software updates to distribute malware consisting of backdoor code embedded in a legitimate SolarWinds software library. FireEye has named this malware . Microsoft has named it . On 2021-01-11 SolarWinds released where they describe new findings from their investigation, giving an updated overview of the timeline of the attack. Their forensics team has found evidence of the threat actor gaining access to their systems in September 2019. Threat actor code was injected in their Orion product software release in October 2019 for what appears to be testing purposes, followed by the malicious backdoor code injection now known as SUNBURST in the following releases starting 2020-02-20. The threat actor remained undetected, but seems to have stopped injecting the malicious code to SolarWinds Orion software updates in June 2020. SolarWinds did not detect the breach until they were notified on 2020-12-12. This is a global threat to all SolarWinds Orion platform customers, not only the media described intrusions at FireEye and several US government organisations. SolarWinds has confirmed that as many as 18.000 customers may have downloaded and installed the . The US CISA issued an on 2020-12-13 instructing all US government agencies to disconnect all affected SolarWinds Orion products from the network, citing that the active exploitation carries an unacceptable risk that requires emergency action. CISA has also that they have evidence of the threat actor using additional access vectors, other than the SolarWinds Orion platform. In an updated version of CISA's advisory they claims to have evidence that the actor are abusing SAML tokens in other incidents where SolarWinds was not the initial access vector. Microsoft has further described they observed from an Identity perspective, which includes SAML- and API-observations and how the patterns can be detected. ( The threat actor operates with high operational security, obfuscating the command and control mechanisms and making use of anti-forensics techniques. Our assessment is that the stealthy and highly sophisticated nature of this breach suggests this is the work of a nation-state threat actor. This assessment is backed by available threat intelligence from our partners. FireEye did not attribute the threat actor, but described it as an unknown threat actor they track as UNC2452. Volexity tracks this threat actor under the name . In a by US cyber security and intelligence agencies FBI, CISA, ODNI and NSA, the threat actor is attributed to be an advanced persistent threat actor of Russian origin, and the cyber intrusion campaign is assessed to be part of an ongoing intelligence gathering effort. ( ) Kaspersky has where they describe technical similarities between the SUNBURST malware and a previously identified .NET backdoor malware known as Kazuar. Kazuar was first by Palo Alto in 2017, where it was linked to the Turla threat actor group (also known as Uroburos and Snake). FireEye has published a where they describe how the threat actor has been using their initial access through SolarWinds (and other intrusion vectors such as password spraying) to move laterally from on-premise networks to gain unauthorised access to the victim's Microsoft 365 environment. For lateral movement and persistence the following techniques have been described: Additional information about the threat actor was discussed by FireEye in webcast. The techniques described show that the threat actor is extremely stealthy. The threat actor has detailed knowledge about corporate systems and leverages their understanding of how SOC employees might detect and investigate malicious activity. The threat actor is using costly dedicated infrastructure and a large number of personnel, possibly spread over multiple teams in a long running campaign. The exfiltrated information is of interest to a state-sponsored threat actor, and has little monetary value (no financial data or PII data). No disruptive activity has been discovered. This points to a state-sponsored threat actor carrying out a very targeted campaign with espionage as their main motivation. In addition to the SUNBURST malware, another malware is discovered in the SolarWinds platform known as SUPERNOVA. This malware seems to be related to another threat actor than UNC2452/Dark Halo according to Microsoft and FireEye. This malware serves a webshell in the SolarWinds HTTP API which receives C# script from web request and compile and execute it on the fly. It is not digitally signed and is found in the dll named App_Web_logoimagehandler.ashx.b6031896.dll (md5: 56ceb6d0011d87b6e4d7023d7ef85676). Further technical details can be found ( ) Crowdstrike has been assisting SolarWinds in their investigation, and has published of a malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion product. They have named this malware SUNSPOT. SUNSPOT monitors and hijacks processes involved in the compilation of code and replaces one of the source files with a malicious source file containing the SUNBURST backdoor. Several safeguards were added to ensure that software builds did not fail, making it less likely that SolarWinds developers detected the injected code in the software update packages. The threat actor carried out a highly targeted campaign where only a select few of the victims, that installed the backdoor code via SolarWinds software, were further infected by a second stage malware in the form of Cobalt Strike implants. The second stage malware was installed via a loader, named by FireEye, and a variant named by Symantec. Microsoft gives a detailed description in this of how the threat actor activated the SUNBURST backdoor for installing the second stage malware in a very stealthy operation using hands-on keyboard activity, scripts and malware loaders customised per victim. According to , the following products are affected: The list of trojanised SolarWinds.Orion.Core.BusinessLayer.dll versions can be found . The list is not exhaustive and may be further expanded as the investigation continues. As part of their incident response SolarWinds has decided to revoke the code-signing digital certificate that was affected by SUNBURST, effective from 2021-03-08. Re-installations of the updated versions of the SolarWinds Orion Platform will also install the new digital certificate. The revocation also affects other SolarWinds products, that were not affected by SUNBURST. The complete list of affected products and SolarWinds advisory on patching can be found . (updated mnemonic recommends that you do the following: If you are running the affected versions of SolarWinds, have installed the malicious update and see DNS queries to any sub-domain of avsvmcloud[.]com, you are running the trojanised software containing the backdoor. This does not however confirm that the threat actor has leveraged this backdoor for intrusion into your systems. In order to determine if your systems have been breached we recommend the following: If you find a CNAME record from avcvmcloud[.]com in your historic DNS queries, this is a strong indication that a second stage malware has been installed on your system, and you should consider your SolarWinds Orion server compromised and immediately start incident response activities. It should be noted that the list of IOCs is not exhaustive. This means that even if you do not find concrete evidence of compromise you should not close down your threat hunting activities. We recommend that you take extra precautions according to your established procedures for handling a suspected server compromise, such as disconnecting the server, securing evidence and performing forensics investigations. In your incident response activities and remediation plan you should assume that the threat actor has deployed further persistence mechanisms, such as adding credentials or spoofed authentication tokens for lateral movement and persistence. Additionally, you should treat all hosts monitored by the SolarWinds Orion monitoring software as possibly compromised. identified a related attempt of compromise through a reseller’s Microsoft Azure account, and has released to detect and mitigate this threat. CISA has also released to detect possible compromised accounts in the Microsoft Azure environment. ( ) CISA has published describing how to detect post-compromise threat activity in Microsoft cloud environments. ( ) FireEye has published a free tool called that can be used to detect threat actor activity. mnemonic is not running SolarWinds products in any of our customer products or internal systems. mnemonic is carrying out threat hunting activities for our customers that may be running SolarWinds Orion, and we are alerting all customers where we find signs of activity related to SUNBURST IOCs. We are monitoring the situation and continuously reviewing and updating our detection mechanisms: Need to get in contact with mnemonic’s Incident Response Team? You can find our contact information . Do you want to be updated on mnemonic’s Threat Advisories? Sign up to our email list . di|To top td|Orion Platform 2020.2.1 HF 2 15 Dec 2020 NO Orion Platform 2020.2.1 HF 1 29 Oct 2020 NO Orion Platform 2020.2.1 25 Aug 2020 NO Orion Platform 2020.2 HF 1 24 Jun 2020 YES Orion Platform 2020.2 04 Jun 2020 YES Orion Platform 2019.4 HF 6 14 Dec 2020 NO Orion Platform 2019.4 HF 5 26 Mar 2020 YES Orion Platform 2019.4 HF 4 05 Feb 2020 NO Orion Platform 2019.4 HF 3 09 Jan 2020 NO Orion Platform 2019.4 HF 2 18 Dec 2019 NO Orion Platform 2019.4 HF 1 25 Nov 2019 NO Orion Platform 2019.4 05 Nov 2019 NO Orion Platform 2019.2 HF 3 23 Sep 2019 NO Orion Platform 2019.2 HF 2 31 Jul 2019 NO Orion Platform 2019.2 HF 1 26 Jun 2019 NO Orion Platform 2019.2 06 Jun 2019 NO Orion Platform 2018.4 04 Dec 2018 NO li|"Golden SAML" attack where the threat actor gains access to an on-premise Active Directory Federation Services server, steals a token-signing certificate and uses this to forge tokens for arbitrary users. This will allow the threat actor to bypass normal authentication methods using passwords and multi-factor authentication. Modification or addition of "Trusted Domains" in Microsoft Azure Active Directory. This allows the threat actor to establish an Azure Active Directory backdoor. Compromise of user accounts with Azure Active Directory privileged roles by credential theft. This can be used as fallback access for persistence. Hijacking existing Azure Active Directory Applications by modifying or adding credentials via the browser or PowerShell. This access can be used to read emails, access user calendars, etc. Check if you are, or have been running any of the affected versions of SolarWinds Orion. Review historic DNS queries going back to early spring 2020 to see if there have been DNS queries to hostnames on the domain avsvmcloud[.]com. Check if you have installed the malicious DLL SolarWinds.Orion.Core.BusinessLayer.dll, this can be found by verifying the hash of the file or by running detection rules as described by Investigate if any of the DNS queries to avcvmcloud[.]com returned a CNAME record. Perform threat hunting activities in your network, look for signs of activity backwards in time linked to the available indicators of compromise ( ). Investigate SAML-patterns as outlined by to look for possible 2nd step activities. Implement strong endpoint security and logging, and monitor the logs actively for the known IOCs and techniques. YARA-signatures have been added to our centralised automated malware analysis services. We have deployed available NIDS signatures to our Argus Network Analysers. Signatures for detecting SUNBURST URL patterns have been deployed to Argus Log Analysers. Detection for indicators of SUNBURST have been deployed to the Argus Endpoint Responder service. Signature for detecting unusual child processes of solarwinds.businesslayerhost.exe has been deployed. Argus Continuous Vulnerability Monitoring (CVM) will detect SolarWinds Orion products, and has been able to alert our customers subscribing to this service about the vulnerability since 2020-12-14. Threat hunting activities have been - and are - being performed as the investigation continues. This includes both hypothesis- and indicator-based hunting using historical data. st|Background Threat Intelligence Assessment SUPERNOVA SUNSPOT TEARDROP and RAINDROP Affected Systems Orion Platform Version Release Date Release Notes Known to be Affected? Recommendations Detection coverage for Argus customers Additional References h1|mnemonic Labs Threat Advisory: SolarWinds Supply Chain Compromise sp|en Menu Prevent, Detect & Respond Assessment and testing Consulting Close Research Projects Free tools & apps Close Close About mnemonic Close Search Search +47 2320 4700 em|This blog post will be updated as new information becomes available. Last updated 2021-01-29. (Updated 2021-01-12) Updated 2020-12-23) Updated 2021-01-06 (Updated 2021-01-12) (Updated 2021-01-29) Updated 2020-12-23 (Updated 2021-01-12) (Updated 2021-01-29) (Updated 2020-12-23) 2021-01-29) Updated 2021-01-06 Updated 2021-01-12 (Updated 2021-01-29)