Company Profile
Nviso
NVISO is a pure play cybersecurity company. The company now has local presence in Belgium, Germany, Greece and Austria, making it an European player. With an offering covering the whole spectrum (prevent - detect - respond) of cybersecurity functions, NVISO is a full service cybersecurity company.
Key facts
- Headquarters
- Brussels
- Company type
- pure play
- Primary delivery
- consultancy
- Security category
- Multiple
- Independent company
- true
- Owned by
- N/A
- Founded
- 2013
- Website
- https://www.nviso.eu
- Linkedin headcount
- 268
- Tagline
- Our Mission is to Safeguard the Foundations of European Society from Cyber Attacks
Main service(s)
NVISO is a pure play cybersecurity company. The company now has local presence in Belgium, Germany, Greece and Austria, making it an European player. With an offering covering the whole spectrum (prevent - detect - respond) of cybersecurity functions, NVISO is a full service cybersecurity company.
Offering
The NVISO offering is mapped roughly on the NIST Cybersecurity functions (prevention, detection and response). I’ll provide a helicopter overview below.
Prevention
This bucket comprises various governance and cybersecurity strategy engagements, awareness training and offensive security. Activities range from technical to managerial.
NVISO aims to be practical and give actionable output based on current and probable threats. (instead of a compliance first, cybersecurity second approach)
Some highlights:
- GRC: for small (CISO-as-a-Service) and large businesses. Effective and scalable security governance, demonstrable compliance with various regulations or obligations and down-to-earth propositions to manage information security risks.
- Offensive security: from the ubiquitous pentest to red teaming. NVISO first became known for its offensive security services and has a very good reputation in this area. NVISO also has long been a participant in TIBER exercises (threat-intel based red teaming for banks)
- Training/awareness: NVISO is always trying to include something memorable, such as hacking demos, a deepfake or hidden camera trickery for executive committee training.
Activities in this bucket can take the form of shorter engagements (such as pentests or gap assessments) or longer time commitments (such as CISO-as-a-service or implementation support).
Detection
Comprising activities to optimise existing security monitoring capability, analysing the environment for existing compromises, and even hunting for new threats.
NVISO has extensive experience in this area and Erik Van Buggenhout has authored two SANS courses on the topic.
Activities might be delivered as consulting or as a managed service:
- Consulting such as defining a target operating model (TOM), deploying various components and setting up automation.
- Managed services where the managed detection and response (MDR) is done for you. NVISO currently leverages the Microsoft stack and the Palo Alto product suite.
Respond
NVISO was one of the first parties in Belgium to offer computer security incident response services.
It now has a specialised and dedicated incident response team, which can operate 24/7. Because the team is working full-time on incident response, it has built up incredible experience in the area.
NVISO was also one of the first parties in Belgium to specialise in digital forensics and evidence handling for law enforcement.
Key differentiators
NVISO approach and DNA
NVISO management classifies the company approach as pragmatic and technically-rooted. This is reflected in the company values:
- We care: about customers, colleagues and the community
- We are proud: about taking pride in the work
- We break barriers: about embracing challenges and innovating
- No BS: about honesty, transparency and direct communication
In many cases, company values might be empty words on a wall. With NVISO however, it is easy to see them reflected in the actions of the company and its employees.
Here are some examples:
- Multiple people within NVISO have authored and given various SANS courses.
- NVISO was (and is) one of the driving forces for the Cyber Security Challenge in multiple countries. The event aims to raise the awareness and interest of students in cybersecurity.
- People inside NVISO have worked hard to give back to the community or be a cyber ambassador. I just mentioned the Cyber Security Challenge, but can also point to (non-exhaustive): Kurt Ceuppens acting as Agoria Brussels president, Jan De Blauwe volunteering as president of the Cyber Security Coalition or the multiple (!) talks at the 2024 RSA conference.
- Since the beginning, NVISO gives employees 10% R&D time. This of course yields many benefits. One we all can enjoy is an active blog with almost exclusively interesting technical content. One article to point to is the article about backdoors in Ivanti products (https://blog.nviso.eu/2024/03/01/covert-tls-n-day-backdoors-sparkcockpit-sparktar/). NVISO was one of the first parties world-wide to notice the issue and send out an alert.
Future plans and direction
NVISO is currently looking to further build out its portfolio, focusing on creating solutions today for tomorrow's customer needs.
NVISO also continues scaling across the EU, which brings the expected challenges (and opportunities for improvement) in areas such as the back office or sales.
Company history
NVISO was founded in 2013 by Kurt Ceuppens, Vincent Defrenne, Erik Van Buggenhout and Daan Raman.
In 2015, the first version of the Cyber Security Challenge was launched.
In 2018, NVISO expanded to Germany.
In 2019, Tim Beyens and Pierre-Alain Mouy joined as partners.
NVISO expanded to Austria and Greece in 2022.
In 2023, Jan De Blauwe became a partner in NVISO.
In 2024, both Michel Coene and Julian Obenland-Recker became partners in NVISO.