According to recent reports, cyberattacks rose by 75% in the third quarter of 2024 compared to the same period in the previous year and by 15% compared to the second quarter of 2024. This alarming trend clearly shows that companies are more than ever required to protect their intellectual property, customer data, and reputation.

In today’s interview, Frank Oster, Senior Security Advisor at Nextron Systems, explains why a second line of defense is essential and how companies can benefit from it.

How do you define the first and second line of defense in IT security? 

Frank Oster: The threat landscape has changed significantly. Cybercriminals are becoming more sophisticated and increasingly bypass traditional security mechanisms. The first line of defense consists of technologies such as firewalls, antivirus software, and Endpoint Detection and Response (EDR) systems. These solutions block known threats and prevent unauthorized access.
But what happens when attackers gradually and almost imperceptibly overcome these barriers? This is where the second line of defense comes into play. It detects attackers who have already infiltrated a system and may have been active for an extended period. This approach serves as an additional protective measure and does not replace the solutions of the first line of defense.

What measures are part of the second line of defense?

Frank Oster: The second line of defense includes APT scanners, forensic analysis, and intrusion detection systems. The key difference lies in their approach: While the first line is designed to prevent attacks, the second line focuses on detecting and analyzing threats that have already infiltrated the system. It ensures that no attack goes unnoticed and can be contained quickly. In other words, companies gain crucial time to identify and combat even highly specialized, targeted attacks conducted with significant financial resources.

What role do APT scanners play in this context?

Frank Oster: APT-scanners like THOR are key technologies of the second line of defense. Advanced Persistent Threats (APTs) and other sophisticated attacks intentionally evade traditional security mechanisms and remain undetected for long periods.

An APT scanner searches for indicators of such threats—suspicious log files, obfuscation techniques, or hidden malware. It not only detects known threats using Indicators of Compromise (IOCs) but also identifies suspicious behavior based on YARA and Sigma rules, which may indicate deeply embedded attacks.

Are APT scanners specifically designed to detect targeted attacks?

Frank Oster: Exactly. These scanners identify IOCs and use various techniques to make hidden threats visible. They analyze how deeply an attack has already penetrated the system. This is crucial because the longer a threat remains undetected, the harder it becomes to recognize and eliminate.

Would you recommend integrating APT scanners into a company’s security framework?

Frank Oster: Absolutely. These scanners enable targeted and periodic security assessments to determine whether a company has been compromised.

THOR can be seamlessly integrated with SIEMs, Threat Intelligence platforms (e.g., MISP), and the ASGARD Management Center, enabling centralized management and analysis of results.

These systems identify suspicious activities and document them, allowing incident response teams to react quickly. However, it is important to note that THOR does not provide real-time detection or response like EDR solutions. Instead, it facilitates in-depth forensic analysis, making attacks visible and enabling effective investigations.

What is your ideal security approach?

Frank Oster: A multi-layered security approach is ideal. The first line of defense – including antivirus software, firewalls, and EDR solutions – is essential. However, the second line of defense is just as crucial, as it detects what the first line may have missed. As mentioned earlier, it has become more important than ever for companies to detect and contain attacks before they cause significant damage. Last but not least: Employee awareness remains a critical success factor in the fight against cybercrime.

Is the second line of defense also a tool for damage mitigation?

Frank Oster:  Definitely: It functions like an emergency response team that intervenes when an attack has occurred. Technologies like THOR enable incident response teams to systematically search for attack traces and reconstruct the attack chain. This allows for a faster response and more precise countermeasures.

However, THOR does not stop attacks in real-time but provides valuable insights for damage mitigation and post-attack analysis. In today’s threat landscape, this forensic capability is indispensable for developing robust and resilient security strategies.

Thank you for your insights, Frank Oster.

Security Operations Centers (SOCs) face increasing challenges in defending against sophisticated cyber threats, often compounded by resource limitations. Analyzing large volumes of forensic data to detect indicators of compromise (IoCs) can be a labor-intensive task. Nextron’s THOR Cloud transforms forensic analysis through its cloud-hosted, agentless scanning platform, streamlining endpoint scanning and forensic investigations to enable SOC teams to efficiently identify and address threats.

Advanced Endpoint Analysis for Modern SOC Needs

THOR Cloud offers exceptional forensic analysis capabilities for endpoint systems running standard operating systems such as Windows, Linux, and macOS. Its cloud-hosted, agentless architecture empowers SOC teams to perform targeted scans across infrastructures without the need for on-premise systems or agent installations.

Key Features:

• Agentless Deployment: Scans endpoints without the need for pre-installed agents, reducing setup time and minimizing system disruptions.
• Centralized Management: Offers a unified cloud interface to schedule scans, analyze results, and generate actionable forensic reports.
• Comprehensive Platform Support: Ensures compatibility with diverse operating environments.

Actionable Insights for Incident Response:

THOR Cloud equips SOC teams with actionable forensic data to assess and respond to potential threats efficiently. It identifies key compromise indicators, such as:

• Traces of hacking tools and their outputs.
• Misused legitimate tools and configuration backdoors.
• Obfuscated malware designed for stealth.
• Anomalies, including misplaced system files and renamed executables.

Streamlined Workflow for Enhanced Efficiency

Traditional forensic tools can be cumbersome, requiring endpoint agents and resource-intensive configurations. THOR Cloud’s agentless architecture eliminates these challenges by enabling immediate deployment and execution of lightweight scans directly on endpoints, designed to minimize any noticeable impact on system performance, with results seamlessly uploaded to the cloud for analysis.

Benefits of the Agentless Approach:

• Quick Deployment: Avoids delays typically associated with software installations.
• System Stability: Operates with minimal impact on endpoint operations.
• Flexibility: Suits hybrid environments, including cloud-hosted endpoints and traditional infrastructure.

Empowering Detection Through Nextron’s Advanced Rule Sets

• YARA Rules: To identify known threats, unusual behaviors, and anomalies such as uncommon file placements or tool usage.
• Sigma Rules: To detect log-based anomalies and unusual behaviors.

THOR Cloud provides SOC teams with an edge in identifying threats that traditional tools may overlook, particularly in complex or evasive attack scenarios.

Special Offer: Limited-Time Discount

Until December 20, 2024, Nextron is offering a 50% discount on THOR Cloud Professional Scan Packs. This provides an opportunity to integrate a highly effective forensic analysis platform into your SOC toolkit at a competitive rate. Contact us today for a personalized demo and to explore how THOR Cloud can transform your forensic workflows.

Dear Customers,

Due to technical reasons, we need to perform an urgent server migration on August 30th, 2024. This will specifically affect the following servers:

• update1.nextron-systems.com 
• update2.nextron-systems.com

The FQDNs will remain the same, but the underlying IP addresses will change. This migration is part of our ongoing efforts to improve service performance and security. 

What does this mean for you?

If your firewall has access rules that rely on the current IP addresses, these need to be updated to the new IP addresses. If your firewall rules are not dependent on the IP addresses, this change will not affect you, and operations will continue seamlessly. 

List of Update Servers and New IP Addresses

Below is the list of update servers with their respective IP changes. The servers:

• update1.nextron-systems.com 
• update2.nextron-systems.com

will be updated on August 30th, 2024.

The IP address changes for the other update servers will occur later, with a more comfortable deadline to adjust by October 7th, 2024: 

* includes all ASGARD products like ASGARD Management Center or ASGARD Analysis Cockpit.

How can you prepare?

1. Update Your Firewall Rules: Ensure that your network security team is aware of these changes and updates the necessary firewall rules to allow the new IP addresses listed above.
2. Test Connectivity: After updating the firewall rules, we recommend testing your systems to ensure they can connect to the new update servers without any issues.

 What if you need help?

Should you need assistance during this transition, our support team is here to help. For any questions or guidance on updating your firewall rules, please reach out to us at support@nextron-systems.com. 

Last but Not Least

We understand that changes like these can be challenging; However, they are necessary to maintain the security and reliability of our services. We appreciate your cooperation and are here to help you through this process. 

Thank you for your understanding and continued trust in our services.

Best regards,

Your Nextron Systems Support Team

Interview with Marc Hirtz, CEO of the Cybersecurity Provider Nextron Systems

The Network and Information Security (NIS2) Directive of the European Union represents a significant step toward strengthening cybersecurity within the EU. It targets organizations classified as operators of critical infrastructure and sets binding standards to protect their information systems from cyber threats. With the increasing digitalization and dependence on IT infrastructures, ensuring resilience against cyberattacks in essential and important sectors such as energy, health, finance, and transport is crucial for society. NIS2 not only promotes preventive security architecture but also establishes clear reporting obligations for security incidents to ensure effective response capabilities beyond the affected organization. The directive aims to enhance the resilience of critical infrastructures in Europe and thus secure the continuity of essential services for citizens and the economy.

Mr. Hirtz, why do you think the introduction of NIS2 is necessary?

Marc Hirtz: Cybersecurity today affects not just IT security but has direct impacts on the overall functionality of many service providers. IT systems form the backbone for business-critical processes, and deep integration makes us more dependent on their reliability. Particularly in critical sectors such as healthcare, failure is not an option. NIS2 aims to secure these systems and thereby ensure the stability and security of our societal infrastructure. Additionally, NIS2 creates clear guidelines and reporting obligations for security incidents, which enhances transparency and coordination within the EU and improves the response to cyber threats. All organizations can thus benefit from shared experiences.

Who is affected by NIS2, and how can a company best prepare for it, in your opinion?

Marc Hirtz: NIS2 affects organizations within the EU that provide essential and important services, such as internet providers, energy suppliers, banks, and healthcare facilities. Compared to NIS1, NIS2 significantly expands the scope and now covers 35 different sectors, compared to the original 19. Small and medium-sized enterprises (SMEs) with an annual turnover of less than 10 million euros and fewer than 50 employees are exempt from NIS2.

To prepare for the requirements of NIS2, companies should conduct a thorough risk analysis and ensure that their security measures comply with the new guidelines. This includes implementing a robust IT security architecture and integrating best practices such as the NIST Cybersecurity Framework. Most companies can build on already implemented management systems for information security. The requirement catalog is now expanded by NIS2.

You mentioned the globally recognized NIST Cybersecurity Framework, Mr. Hirtz. How can the NIST Cybersecurity Framework help organizations improve their cybersecurity strategy, and what specific advantages does it offer compared to other security standards?

Marc Hirtz: It is important to note that NIS2 is currently only an EU directive and there is no concrete (national) certification directive, so no certification possibility. The directive must be translated into national law, which has not yet been finalized for Germany. ENISA, the European Union Agency for Cybersecurity, refers to both ISO 27001 certification and the NIST framework for NIS2 compliance. The German Federal Office for Information Security (BSI) suggests obtaining ISO 27001 or BSI Basic Protection certifications to prepare for NIS2. I assume that most companies with existing ISO certification already meet 70% of NIS2 requirements. Additional requirements from NIS2 can be identified and addressed internally through the application of the NIST framework but cannot be certified externally.

Through its five core functions, the NIST Cybersecurity Framework provides a structured approach to securing critical infrastructures. With the functions Identify, Protect, Detect, Respond, and Recover, it enables organizations to recognize risks early, implement appropriate protective measures, identify security incidents in a timely manner, respond to them, and restore systems as quickly as possible after an incident. This holistic approach not only enhances resilience against cyberattacks but also supports continuous improvement of security levels by adapting to new threats and technologies. Compared to other standards like ISO/IEC 27001, the NIST Framework is more flexible and practical, facilitating adaptation to the specific needs of various organizations.

How does Nextron Systems position itself within the NIST Cybersecurity Framework, and which specific core functions are supported by your solutions?

Marc Hirtz: Nextron Systems focuses particularly on strengthening the core function of detecting cyberattacks within the NIST Cybersecurity Framework. Our APT scanner THOR detects traces of attacks that AV and EDR systems overlook. THOR provides automated forensic analysis of IT and OT infrastructures for traces of hacker activities, hacking tools, system manipulations, and many other indicators of potential compromises, even if they have occurred in the past and are currently dormant. Our APT scanner thus identifies suspicious activities before they can cause damage.

THOR is the perfect complement to existing security solutions that focus on real-time malware detection but lack in-depth forensic methodology. Combining AV, EDR, and an APT scanner like THOR ensures more comprehensive defense against complex threats and contributes to strengthening the overall security strategy.

How do you see the future development of cybersecurity in the context of the NIS2 directive, and what challenges do you anticipate in the coming years?

Marc Hirtz: The NIS2 directive marks an important step in the right direction, but the threat landscape continues to evolve. In the coming years, we will face even more complex cyberattacks that could exploit new vulnerabilities in our systems. Therefore, it will be crucial for companies to understand NIS2 as an ongoing framework within which they continuously adapt their risk assessments, protective and defensive measures to changing attack vectors. This means always thinking one step ahead, integrating new technologies and approaches to threat detection and defense, and fostering a culture of cybersecurity within the organization.

An important aspect will also be the increased collaboration between various actors – both nationally and internationally. By sharing information about threats and best practices, we can strengthen the collective resilience of our companies and thus our society overall, and respond more quickly to new challenges.

Ultimately, the successful implementation of the NIS2 directive will not only improve the security of critical infrastructures but also strengthen trust in the digital economy and our ability to handle the challenges of the modern world. Companies that prepare early and comprehensively for these new requirements will not only be better protected but also take a leading role in the secure digital transformation.

Mr. Hirtz, thank you for the conversation.

In his short tenure as CRO, Marc Hirtz has reviewed Nextron Systems’ go-to-market strategy and expanded its international marketing and sales functions, strengthening Nextron’s position as a thought leader in the cybersecurity industry. The experienced IT business and development strategist will now take on the role of the new CEO.

It was only January, that Marc Hirtz took on the role as Chief Revenue Officer at Nextron Systems to raise the company’s profile in the cyber security solutions market. His initiatives and those of his team have helped to successfully introduce Nextron’s powerful solutions to new segments, new customers and new partners. In addition, he brought a fresh perspective to the team and efficiently restructured the processes from a start-up to a scale-up company. His success is based on a mix of extensive experience and strategic vision, qualities that have enabled him to sustainably position Nextron in the competitive landscape – not just as a competitor, but as a market leader. This transformative journey under Marc Hirtz’s leadership reflects a deliberate and visionary approach to innovation in cybersecurity.

This makes Marc Hirtz the ideal candidate to succeed the current CEO and co-founder of Nextron Systems, Stephan Kaiser, and continue the successes of recent years. Since founding Nextron Systems in 2017, Stephan Kaiser has worked extensively with the ever-growing Nextron team to build the company. He has positioned Nextron Systems as a leading expert in the field of digital forensics and automated compromise assessment. Stephan Kaiser will remain a shareholder and will join the advisory board of Nextron Systems, ensuring that his expertise and knowledge are retained even after his operational role ends.

Numerous successful stations

Marc Hirtz has a proven track record that underscores his competence as a growth manager. Most recently, from 2020 to 2023, he shaped the expansion and strong growth of the Munich-based scale-up company DataGuard. Additionally, as a board member of abas Software AG in Karlsruhe, he led the development of a robust international partner network, which in 2019 resulted in the successful sale to Forterro and Battery Ventures.

At Pitney Bowes Software, Hirtz was responsible for various business units in Western and Eastern Europe between 2012 and 2017. His previous achievements also include significant contributions to strategy development at Infineon Technologies and leading the corporate strategy at Tenovis under the leadership of KKR, which ultimately led to the sale to Avaya Inc. in 2005. Hirtz is married with two grown-up children, lives near Frankfurt am Main and is an enthusiastic windsurfer, sailor and motorcyclist.

Determined into the future

Nextron Systems is evolving from a hidden champion to a thought leader in the cybersecurity industry. Today, Nextron serves over 500 customers worldwide and has firmly established itself in the global market.

The APT scanner THOR, known for its unique detection rate, covers the gaps left by traditional AV software and EDR agents. In addition to the THOR product family, Nextron’s offering includes the ASGARD Management Center and ASGARD Analysis Cockpit, which provide comprehensive monitoring and analysis of cyber threats. These products are available both on-premises and as cloud solutions and can be used as a managed service to ensure the greatest possible protection.

Under its new leadership, Nextron Systems is committed to addressing the challenges of cybercrime now and in the future. The company is driven to set new standards in digital forensics and make them accessible to oranizations across all industries.

“I am very proud to witness the strategic development of Nextron under the leadership of Marc Hirtz. His clear vision and innovative approach have not only sustained but accelerated our growth. Therefore, I hand over the baton to Marc with great confidence. I look forward to our future collaboration and will fully commit myself in my new role as a board member and shareholder to support Nextron on its journey towards groundbreaking achievements in the cybersecurity industry”, says Stephan Kaiser, former CEO and co-founder of Nextron.

“I am excited to take on the role of CEO at Nextron, a company at the forefront of automated digital forensics. Building on the impressive foundation laid by Stephan Kaiser, my goal is to drive our mission forward and embody our motto ‘We detect hackers’ with every innovative product and solution we develop. My vision for Nextron is to not only continue our legacy of excellence, but to further expand our position as the cybersecurity specialist that sets the standard for proactive threat detection and defense. Together, my team and I will shape a safer digital future.”, says Marc Hirtz, new CEO of Nextron Systems.