Network and Information Security 2 (NIS 2)
NIS 2 or NIS2 is a the main European Union regulation aimed to strengthening the cyber security of its member states. It has been published on 27 December 2022, replace the previous NIS from 2016 and will be transposed into national law before the 17 October 2024.
NIS 2 enforce the information security requirements for essential and important entities (previously Operators of Essential Services / OESs and Digital Service Providers / DSPs), but also for their third parties and suppliers. NIS2 provides new requirements on incident handling, risk management, security tests and supply chain security.
Patrowl is fully compliant with NIS 2's requirements about security tests of assets with Offensive Cybersecurity-as-a-Service. For details, please read below and Patrowl.
Everybody is concerned
Suppliers can be used as a relay to compromise real target, like during the SolarWinds supply chain attack. A hacking operation named SUNBURST, backdoored SolarWinds product to hack multiple American government agencies.
NIS 2 requires that essential and important entities take into account the cybersecurity of suppliers (85): "Essential and important entities should therefore assess and take into account the overall quality and resilience of products and services, the cybersecurity risk-management measures embedded in them, and the cybersecurity practices of their suppliers and service providers, including their secure development procedures."
Patrowl allow to continuously and easily check the external cybersecurity of your suppliers, whatever their size are. For details, please read below and Patrowl.
Identifying of critical system
Essential and important entities need to identify critical systems in real time and related. These systems may include customer databases, online payment servers, and mobile banking applications
Patrowl allows to continuously (re)discovery of all your Internet exposed (external facing) assets. For details, please read below and Patrowl.
NIS 2 requires that essential and important entities do proactive and regular security audits or security scans to identify known but also unknown vulnerabilities. Considering Internet exposed assets, it includes all the OWASP Risks like : Broken Access Control, Insecure Design, Security Misconfiguration, Outdated components, Injection...
Patrowl is fully compliant with this requirements by continuously identificating of all your weaknesses and vulnerabilities without any negative impact on the functioning of the entities’ services. Patrowl also offers you an easy way to remediate with prioritization and contextualization.
For more details, read the description of our solution Patrowl.