The Defender’s Advantage Podcast explores the world of cyber security and Mandiant through three distinct tracks. Threat Trends: Listen twice a month as host Luke McNamara interviews guests on the latest in cyber security research, the cyber landscape, and the latest news from Mandiant. Frontline Stories: Listen to Kerry Matre monthly as she is joined by notable guests on the frontlines of cyber security, including Mandiant customers, security professionals, and executives. Skills Gap: Listen to Kevin Bordlemay each month for this series focusing on thoughts, ideas, and initiatives for narrowing the skills gap in cyber security.
The podcast The Defender’s Advantage Podcast is created by Mandiant. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more.
Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned.
https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercise
https://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf
Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more.
For more on this topic: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
https://blog.virustotal.com/2024/04/analyzing-malware-in-binaries-and.html
Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more features being added to phishing kits, and more.
Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation.
For more on TAG's work on CSVs:
https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/
https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/
Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros.
For more on this topic, please see:
https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/
https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations?e=48754805
https://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east?e=48754805
Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, and then also employ AI within the security organization itself.
For more, please see: https://cloud.google.com/security/solutions/mandiant-ai-consulting
Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023. They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromise trends, and more.
Will and Omar's talk at Google Next: https://www.youtube.com/watch?v=Fg13kGsN9ok&t=2s
Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders.
For more, check out: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks
Follow Michael on X at @aRtAGGI
Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances. John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors. They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.
For more on this research, please check out:
Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-day
Cutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
Cutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence
Cutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
Follow John on X at @Big_Bad_W0lf_
Follow Tyler on X at @tylabs
Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report. Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations.
For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends
Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why certain sectors see more targeting, and more.
Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more.
Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations, and more.
Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises.
For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023
Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management, threat modeling, and more.
For more on the work of Google Cloud's Office of the CISO: https://cloud.google.com/solutions/security/board-of-directors?hl=en#additional-thought-leadership-resources
Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise.
For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop
For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last year.
Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, join host Luke McNamara to walk through some of the trends they have witnessed responding to breaches in 2023. Josh and Doug cover what is happening with business email compromise (BEC), common initial infection vectors, social engineering tactics, and more.
Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape, collaboration between the private sector and government, improving the talent gap in cyber, and ongoing DHS initiatives to foster greater cyber security.
For more on the Department of Homeland Security and their work, please see:
Cybersecurity | Homeland Security (dhs.gov)
Shields Up | CISA
Joint Cyber Defense Collaborative | CISA
https://www.cisa.gov/securebydesign
https://www.cisa.gov/secure-our-world
https://www.cisa.gov/cybersecurity-awareness-month
Alejandro Mayorkas | Homeland Security (dhs.gov)
Host Luke McNamara is joined by Amitai Cohen, Attack Vector Intel Lead at Wiz to discuss trends in cloud security, managing risk, and more.
For more on Wiz's research, please see: https://www.wiz.io/blog and https://www.wiz.io/crying-out-cloud
Host Luke McNamara is joined by Kristina Balaam, Staff Threat Researcher at Lookout, to discuss her work attributing two new mobile malware families to APT41.
For more on Lookout's report on WyrmSpy and DragonEgg: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
Follow Kristina on X @chmodxx_
Charles Carmakal, CTO for Mandiant Consulting, joins host Luke McNamara to discuss the long tail impact of FIN11's compromise of the MOVEit file transfer solution. Charles breaks down some of the differences with this compromise in comparison to FIN11's previous operations, why the impact from this operation may impact organizations for some time, and what this spells for the changing landscape of multifaceted extortion.
For more from Mandiant on MOVEit: https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
If you enjoyed this episode, please rate and leave us a review on your platform of choice!
Dr. Jamie Collier (Senior Threat Intelligence Advisor, Mandiant) joins host Luke McNamara to discuss the recent white paper from Mandiant about developing a requirements-driven approach to intelligence, challenges organizations face in this area, and the importance of recurring stakeholder feedback to a well-functioing CTI team.
Follow Jamie at @TheCollierJam on Twitter.
For more on A Requirements-Driven Approach to Cyber Threat Intelligence, please see: https://www.mandiant.com/resources/blog/requirements-driven-approach-cti
Dan Wire from Mandiant joins host Kerry Matre to discuss the ins and outs of crisis communications during a breach as well as what you can do to prepare for a crisis.
Ryan Tomcik, Dan Fenwick, and Tim Martin join host Luke McNamara to discuss how Managed Defense conducts proactive hunting, illustrated by several UNC961 intrusions.
For more, please see: https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivated
Follow Ryan @heferyzan and Tim @Sa1jak on Twitter.
What role do executives and the board play in cybersecurity and breach management. Hear from Jesse Jordan and Howard Israel of Mandiant discuss their experiences helping executives get the right information from their security leaders and understanding their role during a breach.
The endless battle of threat actors versus cybersecurity professionals may come down to who deploys AI better. In this interview from RSA, John Hultquist, Senior Manager, Mandiant Intelligence, surmises how the bad guys may use AI in the near future to scale attacks, while Vijay Ganti, Head of Product Management, Threat Intelligence, Detection & Analytics for Google Cloud Security, walks through the AI use cases that will help organizations better defend against those attacks. Hosted by Dan Lamorena, Head of Mandiant Product Marketing.
Mandiant's Kirstie Failey and Jake Nicastro join host Luke McNamara to break down the findings from the 2023 M-Trends report. Kirstie and Jake cover some of the notable trends gleaned from Mandiant breach investigations over the past year around dwell time, ransomware, top initial intrusion vectors, and more.
For more on Mandiant's 14th iteration of M-Trends, check out: https://www.mandiant.com/resources/blog/m-trends-2023
Follow Kirstie (@Gigs_Security) and Jake (@nicastronaut) on Twitter.
Jonathan Cran, Lead for Mandiant Attack Surface Management at Google Cloud, joins host Kerry Matre to discuss the evolution of vulnerability and exposure management and how important comprehensive approaches are to mitigating cyber risk.
Jonathan shares his experiences from BugBounty, penetration testing and working with customers to solve the growing problem of too many CVEs, too little prioritization methods. He walks through the importance of an intelligence-led approach to exposure management, how CISOs can think about their organization and how to make informed business decisions.
With the public release of Mandiant's latest named threat actor--APT43--guests Michael Barnhart and Jenny Town join host Luke McNamara to uncover how this espionage actor targets policy experts to support North Korea's nuclear ambitions.
Follow Jenny on Twitter @j3nnyt0wn and 38 North at https://www.38north.org/
Find Mandiant's full report on APT43 here: https://www.mandiant.com/resources/reports/apt43-north-korea-cybercrime-espionage
Jared Semrau (Mandiant) and Maddie Stone (Project Zero) join host Luke McNamara for a look back at the zero-day exploit trends of 2022. Maddie and Jared break down the differences in focus between their teams, and some of the interesting things they each observed last year. Jared covers some of the threat actors that drove last year's trends in observed zero-days, and Maddie highlights how variants of known vulnerabilities and bugs continue to shape the exploit landscape. They also discuss the challenges and trade-offs for defenders that arise from publishing technical details of exploits.
For more on Google's Project Zero, check out: https://googleprojectzero.blogspot.com/
For more on Mandiant's research on zero-days in 2022, please see: https://www.mandiant.com/resources/blog/zero-days-exploited-2022
Shane Huntley, Senior Director of Google's Threat Analysis Group (TAG) joins host Luke McNamara to discuss his team's work keeping Google users secure. Shane breaks down the research his team has done on the problem of commercial spyware vendors, and how that is impacting the threat landscape today. While this threat has evolved over the years as vendors come and go, Shane highlights drivers to this market and how it may evolve in the years to come. Shane also delves into TAG's recent report on the past year of Russian cyber operations since the invasion of Ukraine, and provides some thoughts on threat activity to anticipate going forward, from supply chain compromises to election security.
For more on TAG and Mandiant's analysis of Russian operations since the invasion of Ukraine, check out: https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/
For more on Google's efforts against commercial spyware: https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/
Have you ever wondered what a breach is really like from a CISO's perspective?
Fred Thiele, CISO at Interactive, joins host Kerry Matre to discuss managing data breaches from his personal experiences.
Fred dives into examples from his past, pointing out the depth and long tail of a breach. He explains all of the bits of a breach that go beyond incident response including working with insurance carriers, regulators, crisis communications, and more. He also shares what surprises he has encountered along the way!
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Kimberly Goody and Jeremy Kennelly from Mandiant’s Financial Crime Analysis team join host Luke McNamara to discuss trends in the cyber crime landscape. Kimberly and Jeremy dive into the ongoing nature of banking malware repurposed for other types of financially-motivated crime, SIM swapping, experimentation with file types and post-compromise exploitation frameworks, and more. Of course, the discussion inevitably returns to the topic of extortion and ransomware, and where that might be heading next.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.
Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.
Read the blog, Turla: A Galaxy of Opportunity at https://mndt.info/3jPAeRI.
Read the blog, Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia at https://mndt.info/3ATQB5n.
You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Our latest episode in The Defender’s Advantage Podcast Skills Gap series features Mandiant EVP and Chief of Business Operations Barbara Massa and Director of HR for Google Cloud Margaret Clarke who joined host Kevin Bordlemay to discuss the initiatives from Mandiant and Google Cloud to address the cyber mobilization crisis we are facing.
Recent data shows that there are over 700,000 cybersecurity jobs that are unfilled in the US alone, and global estimates show this number is upwards of 3 million. Barbara and Margaret discuss how both Mandiant and Google Cloud are breaking down the barriers to employment in cyber and ensure those interested in employment get the education they need to be successful in the field. They also discuss how organizations should think differently about addressing the talent shortage in cyber security.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
We are kicking off a new year of The Defender’s Advantage Podcast with a new episode of the Frontline Stories series. This week, host Kerry Matre is joined by Mary Writz, SVP of Product for fraud prevention platform Sift for a discussion on fraud.
Mary discusses the ins and outs of fraud, including the types of fraud, the industries typically impacted and how fraud connects with cyber security and identity access. She also touches on the skills gap in the fraud space and briefly talks about cryptocurrency.
Learn more about Sift at https://sift.com/ and @GetSift.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This week’s episode of the Threat Trends series is the final episode of 2022 for The Defender’s Advantage Podcast. To wrap up our year and provide a glimpse into what we can expect from 2023, Sandra Joyce, VP of Mandiant Intelligence, joins host Luke McNamara for a discussion on some of the highlights from the past year.
Sandra chats through aspects of the Russian invasion on Ukraine, activity from the DRAGONBRIDGE IO campaign, and Mandiant’s graduation of APT42. She also discusses the evolution of ransomware and the possibility of threat actors targeting countries with ransomware – as we saw in Albania – could be a trend we continue to see in 2023. Additional trends Sandra mentions include the close association of hacktivist activity with APT activity and North Korea’s continued interest in cryptocurrency.
Read more about what else experts predict we can expect in the coming year in Mandiant’s Cyber Security Forecast 2023 Report. Download your copy at https://mndt.info/3FDxQ9n.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This week’s episode of The Defender’s Advantage Podcast features British American Tobacco CISO, Dawn-Marie Hutchinson joins Frontline Stories host Kerry Matre for a discussion on third-party risk management.
Over the course of the conversation, Dawn-Marie discusses the approach that she takes in third-party risk management and the process of conducting risk assessments. She also shares how she encourages suppliers to increase their security and how she would ideally allocate budget toward risk reduction.
You can follow Dawn-Marie at @Rie_Hutch.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This week’s episode of The Defender’s Advantage Podcast features four members of Team Mandiant who previously served in the United States military and transitioned into careers in the cyber security industry. Skills Gap host Kevin Bordlemay was joined by Paul Shaver, Thomas Worthington, Lauren Krukar, and Brian Timberlake for a discussion on what the transition out of service looks like and the resources that are available to those interested in a role in cyber.
The group discusses their tips for military personnel considering a transition out of service and the resources they were able to take advantage of during their transitions, including resume review and SkillBridge. They also give their advice on what questions military members should be asking in interviews to ensure they are finding roles that fit.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This week’s episode of The Defender’s Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.
The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They also share their perspectives on the targeting trends they’ve observed over the last year and the activity we might expect to see moving forward, such as an increase in economic espionage and continued diplomatic targeting by APT29.
Follow Gabby Roncone at @gabby_roncone, John Wolfram at @Big_Bad_W0lf_ and Tyler McLellan at @tylabs.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Additional Resources
Listen to the episode, Threat Trends: Russian Invasion of Ukraine Information Operations featuring Sam Riddell and Alden Wahlstrom: https://mndt.info/3wGse9u
Listen to the episode, Threat Trends: Stolen Emails, Hacked Cameras and the Mysterious UNC3524 featuring Doug Bienstock and Josh Madeley: https://mndt.info/3vMne2R
Read the blog post, Trello From the Other Side: Tracking APT29 Phishing Campaigns: https://mndt.info/3UU9HjP
Read the blog post, They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming: https://mndt.info/3FZp7Pk
This week’s episode of The Defender’s Advantage Podcast features Davis Hake, co-founder of cyber insurance company Resilience, who joined Frontline Stories host Kerry Matre for a discussion on the role of cyber insurance.
During the conversation, Davis explains the model for how cyber insurance is sold, the application process and how insurance companies work with clients to determine their risks and set rates. He also discusses some of the advances in recent years and those he hopes to see in cyber insurance in the coming years, including global resilience to digital threats.
Learn more about Resilience at cyberresilience.com and follow at @ResilienceSays.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Additional Resources
This week’s episode of The Defender’s Advantage Podcast features Mandiant’s Michael Barnhart and Joe Dobson who joined Threat Trends host Luke McNamara for a discussion on recent cyber activity out of North Korea, including the targeting of cryptocurrency.
Michael and Joe discuss some of the North Korean threat groups Mandiant is following and a view of the threat landscape in the region. They also chat about the tactics of actors targeting cryptocurrency, which includes applying for roles with companies associated with crypto projects to enable malicious actors within the network.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
On this week’s episode of The Defender’s Advantage Podcast, Mandiant’s Nader Zaveri and Simran Sakraney join Skills Gap host Chris Campbell for a discussion on how the cyber security industry and the companies within it can attract candidates from underrepresented groups and foster diversity.
Nader and Simran share their individual journeys into the industry and their perspectives on how organizations in cyber can encourage more women to enter the security field and tactics recruiters can take to engage individuals from non-traditional educational and professional backgrounds. They also outline the various types of roles that live within the cyber industry and some of the transferable skills those just starting in the field can lean on.
You can follow Nader at @NaderZaveri and Simran at @SIEMmer_Down.
Learn how Mandiant is working to address the cyber security skills gap: https://mndt.info/3T0QjQd
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This week’s episode of The Defender’s Advantage Podcast features Stan Trepetin, Technical Product Manager at Google Cloud, who joined Threat Trends host Luke McNamara to discuss the Threat Horizon’s Report produced by the Google Cybersecurity Action Team.
Stan highlights several articles from the latest report in the quarterly series, including a piece on the importance of sharing information on state actor threats and vulnerabilities with the community to better protect your organization. He also details two of his own articles in the report, one on the issues that arise from improper cloud oversight and the other on malicious files and URLs slipping by IT governance controls.
Read the latest Threat Horizons Report from the Google Cybersecurity Action Team: https://mndt.info/3Wjb4K6
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
On this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Mandiant’s Fernando Tomlinson and Matt Boyle for a discussion on the value of hiring individuals from diverse professional backgrounds and ensuring accessibility to certifications and tools for those interested in transitioning to the cyber security field.
Fernando and Matt share their thoughts on what hiring teams in the industry can do to learn more about an applicant’s analytical or soft skills outside of their resume. They also discuss the tools and resources that are available to foster greater diversity in the industry, which prospective candidates may not have immediate knowledge of, such as topical video libraries, SANS Cyber Immersion Academies and industry conferences.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This week’s episode of The Defender’s Advantage Podcast, Mandiant’s Yihao Lim joins the Threat Trends series to chat with host Luke McNamara about the threat landscape in the Asia-Pacific region.
Yihao discusses recent IO campaigns in the region, particularly DragonBridge and HaiEnergy, and how these attacks influence how organizations view disinformation campaigns in APJ. He also discusses the impact of geopolitical drivers, such as Russia’s invasion of Ukraine and tensions between China and Taiwan, impact the cyber security landscape in the region. Additionally, Yihao shares the trends that he sees in the threat landscape and how organizations in the region are approaching security.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
The latest episode of The Defender’s Advantage Podcast Frontline Stories series features Uplight CISO Alex Wood joining host Kerry Matre to discuss how his role has evolved over the course of his career, for example, changes in the CISO reporting structure and the role’s shift to encompass a business focus as opposed to being exclusively technical.
He also discusses his own unique journey from majoring in chemistry to climbing the ranks in cyber security and his advice for those who want to break into the industry. Additionally, Kerry and Alex chat about Colorado = Security, a movement Alex co-founded to highlight the cyber security community in Colorado and bring those professionals in the area together through local events and a podcast.
Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
The latest episode of The Defender’s Advantage Podcast features SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade who joined host Luke McNamara to discuss some of the latest research they presented at LABScon, September 20-24.
Juan shares details around his team’s findings on Metador, a threat actor that primarily targets telecommunications and internet services providers, as well as universities in the Middle East and Africa. He discusses a few of the group’s unusual characteristics and also their awareness of operations security and deployment of countermeasures to thwart attribution efforts.
Tom joins the discussion to give a glimpse of his LABScon presentation on the cyber mercenary group, Void Balaur. He details what they have seen in the group’s activity as well as what aspects he sees the group evolving in the landscape.
Read more about the research on Metador: https://mndt.info/3UJ9XTf
Read more about the research on Void Balaur: https://mndt.info/3SMsxYR
You can follow Juan at @juanandres_gs and Tom at @TomHegel.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
mWISE Conference is happening October 18-20. Register today: https://mndt.info/3rh3gdr
The latest episode in The Defender’s Advantage Podcast Threat Trends series features Todd Boppell, COO of the National Association of Manufacturers (NAM), who joined host Luke McNamara to discuss cyber security in the manufacturing landscape. During the conversation Todd shares the top concerns for NAM’s member organizations, how the industry approaches cyber security, and the challenges and opportunities he sees in the space.
Learn more about NAM at https://www.nam.org and follow at @ShopFloorNAM
Additional Resources
Watch Mandiant’s recent manufacturing focused webinar on-demand now: https://mndt.info/3C1jKN5
Learn how Mandiant helps manufacturing organizations monitor, detect and respond to threats: https://mndt.info/3eZwoD0
In this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Dawn Hagen and Kevin Bordlemay for a discussion on diversity, inclusion, and belonging initiatives.
The group discusses Mandiant’s internal focus on diversity, including employee resource groups, as well as efforts to build awareness of career paths in cyber security via middle school, high school, and college information sessions. They also discuss ways Mandiant is partnering with external organizations on initiatives to expand diversity in the broader industry, including the Elevate program and Mandiant Gives Back. Dawn and Kevin also dive in to the soft and technical skills applicants may be missing when interviewing for cyber security positions and the internal initiatives at Mandiant to address the skills gap.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Additional Resources
Learn about the Elevate program: https://mndt.info/3RQoMS6
Learn about Mandiant Gives Back: https://mndt.info/3EI7ErX
Register for pre-conference training, provided by Mandiant Academy, ahead of mWISE Conference: https://mndt.info/3BIN0Id
This week’s episode of The Defender’s Advantage Podcast features Emiel Haeghebaert and Ashley Zaya who joined Threat Trends series host Luke McNamara to discuss Mandiant’s most recently graduated APT group, APT42.
Mandiant has identified APT42 as an Iranian-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizations of strategic interest to the Iranian government. During the conversation, Emiel and Ashley dig into APT42’s activity and tactics, including spear-phishing and social engineering techniques. They also discuss where the group fits in to the threat landscape and how they see threat actor evolving.
Read our blog post detailing our research on APT42: https://mndt.info/3R6Qs4z
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This latest installment of the Frontline Stories series, part of The Defender’s Advantage Podcast, features Nucleus Security Co-Founder and CEO Stephen Carter, who joined our host Kerry Matre for a conversation on CISA KEV. CISA’s Known Exploited Vulnerabilities list prioritizes vulnerabilities the agency has determined to be exploited in the wild and mandates that specified U.S. civilian agencies patch the vulnerabilities by a specified deadline. Stephen and Kerry discuss how vulnerability management has evolved and how this effort from CISA helps U.S. civilian agencies as well as organizations globally.
Follow Nucleus Security at https://nucleussec.com and follow at @nucleussec.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
The latest episode of the Skills Gap series, part of The Defender’s Advantage Podcast, features Mandiant Managed Defense team members Robert Parker and David Lindquist, who joined host Chris Campbell to discuss what they look for when hiring for their team. They detail the skills they look for most as they interview candidates and their tips for those looking to enhance their marketability in the industry. Robert and David also share instances in which they might shift their requirements of a potential candidate in favor of hiring someone with less experience and building them up.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
Additional Resources
Read more about how Mandiant is helping to address the cyber security skills gap: https://mndt.info/3QyO9XL
In the latest Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Teresa Walsh, Global Head of Intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC), for a deep dive on the financial services industry. Teresa discusses her journey from roles in government and how her experience has shaped her view of financial services. She also discusses how she sees the threat landscape impacting her customers and how FS-ISAC aids institutions in building resiliency against threats.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts!
In this week’s episode of The Defender’s Advantage Podcast, Kerry Matre, host of the Frontline Stories series, is joined by Mandiant’s Tim Crothers and Matt Shelton who discuss their role in protecting the company from attackers. Both share their professional journeys, how changes at the company have impacted their responsibilities, and some standout moments they’ve experienced while safeguarding Mandiant, such as the SolarWinds attack campaign. Tim and Matt also detail how they continue to promote security awareness among employees and offer their insights on the steps security and non-security companies can take to ensure that their environments are secure against attackers.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts!
In the latest Threat Trends episode of The Defender’s Advantage Podcast, Mandiant’s Jon Ford and Stacy O’Mara join host Luke McNamara for a conversation on election security. They discuss how organizations involved in the process of elections should think of cyber security in the lead up to these events, preparedness steps they have seen states take, and the evolution of the federal approach in the United States. Jon and Stacy also discuss some of the federal resources states and local entities can leverage for preparation going into the 2022 midterm elections and the 2024 general election in the U.S.
Learn more about Mandiant’s expertise around election security at https://mndt.info/3zEzWCO
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
All too often, hiring managers find themselves seeking candidates who fit 100% of the description for the role they are trying to fill. Because of this, they overlook a swath of applicants who are good for the job. In this week’s Skills Gap episode of The Defender’s Advantage Podcast, host Chris Campbell speaks with Mandiant consulting team members Dan Nutting, Kal Guntuku, and Chris Linklater about this habit and its contribution to the cyber security skills gap. The group also discusses the skills that companies could weigh outsourcing versus what skills they should consider keeping in-house.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast wherever you listen to podcasts!
Additional Resources:
Read tips from Mandiant's Kevin Bordlemay for candidates on how they can stand out during the application process in this Business Insider article: https://mndt.info/3Ohzezt
In this Threat Trends episode of The Defender’s Advantage Podcast, hear from Michelle Cantos who joins host Luke McNamara to discuss artificial intelligence (AI) in cyber and how adversaries are using AI in their activities today. Michelle details manipulated media techniques such as artificially generated images and vishing, tactics that have been increasingly employed by threat actors. She also discusses how financially motivated actors are seeking to leverage AI capabilities for extortive activity, and what we might expect to see as AI is further applied to cyber espionage operations.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This special episode of The Defender’s Advantage Podcast features Mandiant CTO Marshall Heilman speaking with Edgard Capdevielle, CEO of Nozomi Networks. The conversation, recorded in-person at RSA Conference 2022, delves into the partnership between Mandiant and Nozomi, and how the organizations can take on escalating cyber risks to secure cyber-physical infrastructure. Marshall and Edgard discuss the trends they are seeing in the industrial and critical infrastructure space and the role of zero trust in how we secure modern day OT and ICS systems.
You can learn more about Nozomi Networks at their website: https://www.nozominetworks.com/
Follow Nozomi Networks at @nozominetworks
Additional Resources
Learn more about the Mandiant Cyber Alliance Program: https://mndt.info/3xnXw5r
In this week’s episode of The Defender’s Advantage Podcast Threat Trends series, host Luke McNamara is joined by Anne Marie Engtoft Larsen to discuss her role as Danish Tech Ambassador and how the role has evolved since Denmark appointed the first Tech Ambassador in 2017. She chats about her views on cyber diplomacy and the value of partnerships with private sector cyber security companies. Ambassador Larsen also discusses the need for governments to tackle the issue of disinformation, talking specifically about the recent examples we’ve seen around COVID-19 and elections.
Learn more about the Strategy for Denmark’s Tech Diplomacy 2021-2023
You can follow Ambassador Larsen at @TechambDK.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
This week’s episode of The Defender’s Advantage Podcast kicks off our new monthly series, Skills Gap, which focuses on thoughts, ideas, and initiatives for narrowing the skills gap in cyber security. Our host Chris Campbell was joined for this conversation by Mandiant’s John Doyle, Principal Consultant, and Matt Shelton, Director of Technology Risk and Threat Intelligence, to discuss talent and bridging the skills gap. The guests share their tips and resources for those interested in getting into the cyber security space and discuss what they look for when interviewing potential members of their teams.
Follow John Doyle at @_John_Doyle and Matt Shelton at @mattjshelton.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast wherever you listen to podcasts!
Additional Resources
Read the blog, “Introducing the Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies Framework”: https://mndt.info/3sQVU1g
Learn more about Mandiant’s mWise Conference: https://mndt.info/3NeX7XQ
Check out Mandiant’s career page to learn about employment opportunities: https://mndt.info/3NcOblJ
This week’s Threat Trends episode of The Defender’s Advantage Podcast features Jacqueline Koven, Head of Cyber Threat Intelligence at Chainalysis, who joined host Luke McNamara to discuss the trends in cryptocurrency and cyber activity. She also breaks down some examples of nation state usage and targeting of crypto and the adoption of cryptocurrency by different threat actors.
Learn more about Chainalysis at chainalysis.com and follow them at @chainalysis.
Don’t forget to rate, review, and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.
In this Frontline Stories episode of the Defender’s Advantage Podcast, host Kerry Matre is joined by Joshua Bass, Director of Product Management, and Sarah Korth, Director of Commercial Intel Services, to discuss Mandiant’s Digital Risk Protection (DRP) solution. The group discusses digital risk protection, what it can reveal about cyber threat profiles, and how attackers find weaknesses. They also discuss advancements made in digital threat management, a service included in our DRP solution, such as natural language processing.
To learn more, read our blog, “Protecting Supply Chains and Third Party Vendor Connections"
Don’t forget to rate, review, and subscribe where you listen to podcasts.
Additional Resources
Read more about Digital Risk Protection
In this week’s Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Jonathan Yaron, CEO and Chairman of Kiteworks to discuss navigating customer trust following a breach. During the conversation, Jonathan talks about lessons learned from the breach he led the company through and what leaders should consider in the event their organization experiences a breach.
Don’t forget to rate, review, and subscribe where you listen to podcasts.
In the inaugural episode of the Frontline Stories series, part of The Defender’s Advantage Podcast, host Kerry Matre is joined by Rob Caldwell, Director of OT/ICS Services at Mandiant. During the conversation, they discuss OT/ICS security and the impact an OT attack can have on an organization. They also dive specifically into the INCONTROLLER and INDUSTROYER2 attacks and how they targeted OT environments.
For more information on OT/ICS Security, visit https://mndt.info/3PF5JJD
You can follow Rob Caldwell at @robac3.
Don’t forget to rate, review, and subscribe where you listen to podcasts.
In this week’s Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Sam Riddell and Alden Wahlstrom, analysts on Mandiant’s IO team, to discuss what they are seeing in the cyber threat landscape around Russia’s invasion of Ukraine. They talk about what their team has observed in the lead up to the invasion and the activity they have seen in the IO space since. Sam and Alden dive in on the threat actors in the space, the tactics being employed, and where they see the activity moving as the conflict continues.
Check out the blog, "Information Operations Surrounding the Russian Invasion of Ukraine" at https://mndt.info/3LumlAq.
You can follow Sam Riddell at @RiddellSam and Alden Wahlstrom at @AldenWahlstrom. Don’t forget to rate, review, and subscribe where you listen to podcasts.
In this week’s episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Doug Bienstock and Josh Madeley, members of the Mandiant consulting team to discuss a new threat actor, UNC3524. Doug and Josh share their observations of the group’s activities and tactics, like the use of IoT devices.
Read more about UNC3524 in the team’s latest blog post, “UNC3524: Eye Spy on Your Email”: https://mndt.info/3KCGtQm
Follow Doug Bienstock at @doughsec and Josh Madeley at @MadeleyJosh.
Don’t forget to rate, review, and subscribe where you listen to podcasts.
It’s that time of year again: Mandiant has just published its M-Trends 2022 report. With almost 100 pages to unpack in this year’s report, host Luke McNamara is joined by Regina Elwell, Senior Principal Threat Analyst and Kirstie Failey, Senior Threat Analyst, who both contributed to the development of this year’s report.
Among the aspects highlighted during the conversation are notable threat actors, including FIN12 and FIN13, the financially motivated threat groups that Mandiant graduated in 2021. The group also discussed the threat trends and techniques that have been observed during the report period.
You can follow Regina Elwell at @ReginaElwell and Kirstie Failey at @Gigs_Security
Download your copy of M-Trends 2022: https://www.mandiant.com/m-trends
Read how Mandiant tracks UNCs: https://mndt.info/3xwD9n3
Read this blog post to learn more about Cobalt Strike and BEACON: https://mndt.info/3Duxg9Q
View this webinar to learn more about FIN12: https://mndt.info/38UyDVj
Read this blog post to learn more about APT41: https://mndt.info/3JQOpgC
Don’t forget to rate, review, and subscribe where you listen to podcasts.
This week, host Luke McNamara is joined by Jens Monrad, Director, EMEA, Mandiant Threat Intelligence. The two discuss the evolving threat landscape in Europe following the COVID-19 pandemic and touch on the cyber aspect of Russia’s invasion of Ukraine.
You can follow Jens on Twitter at @jenschm.
Learn about Mandiant's Ukraine Crisis Resource Center: https://mndt.info/3roZ4Jv
Read the Mandiant blog, "Responses to Russia's invasion of Ukraine Likely to Spur Retaliation": https://mndt.info/3IM8Co5
Don’t forget to rate, review, and subscribe on the platform where you listen to podcasts.
Looking for Eye on Security? We are still here, but with a few important changes.
This week we're launching Mandiant's new Defender's Advantage Podcast featuring the same great content you've come to expect from us and even more.
Host Luke McNamara anchors our Threat Trends series, chatting with Mandiant intel analysts, consultants, and researchers, as well as external practitioners and leaders in cyber security, all through a threat-focused lens.
And Mandiant's Kerry Matre joins to host monthly conversations with Mandiant customers and industry experts who will share their experiences and stories from the frontline of cyber security as part of our new Frontline Stories series.
Stay tuned for our inaugural Threat Trends episode later this week.
In this episode, Ryan Tomcik, Emiel Haeghebaert, and Tufail Ahmed joins host Luke McNamara to discuss their blog post detailing their investigation on the activity of UNC3313. The group details the collaboration between their respective teams at Mandiant to detect and respond to an intrusion by the threat actor.
Read their blog post, “Left on Read: Telegram Malware Spotted in Latest Iranian Cyber Espionage Activity,” at https://www.mandiant.com/resources/telegram-malware-iranian-espionage
In this episode, Mandiant Principal Analyst Cristiana Brafman Kittner joins host Luke McNamara to discuss the potential cyber threats to the 2022 Winter Olympic Games. The conversation delves into cyber incidents attached to previous games as well as what we could see this year at the games being held in Beijing.
Host Luke McNamara is joined by Michelle Cantos, John Doyle, and James Sadowski to discuss the role of contractors in cyber network exploitation (CNE) and other cyber operations.
For further reading on this topic for Mandiant Advantage and MA Free users, please see “She Doesn’t Even Go Here: The Role of Contractors in the Cyber Landscape” at https://advantage.mandiant.com/reports/21-00013849. Register today for Mandiant Threat Intelligence Free.
For our last episode of the year, Mandiant CEO Kevin Mandia joins host Luke McNamara for a year in review of 2021. The discussion includes a look back at the SolarWinds incident one year later as well as look forward to 2022 with the three things that are top of his mind going into the New Year. Additionally, Kevin touches on the future of Mandiant and the Mandiant Advantage platform.
Columbia University researcher Jason Healey joins host Luke McNamara to discuss how cyber policy has evolved over the years, the dynamics of cyber conflict, and more. In particular, this conversation delves into the risks of escalation in a crisis, how norms may (and may not) shape such conflicts, and changing the role between defense and attack.
Jake Knowlton, Andy Schmidt, and Paul Shaver join host Luke McNamara to discuss making the transition from the military to working in cyber security. Jake, Andy, and Paul share their perspectives and how they became involved in this field, some of the challenges veterans might face, and how veterans can position their prior experience for roles in infosec.
For more on Mandiant’s partnership with VetSec, please see this blog post: https://www.mandiant.com/resources/mandiant-collaborating-with-vetsec-to-train-us-service-members-veterans
Jared Semrau and James Sadowski join host Luke McNamara to discuss some of their teams’ research this year into the rise of observed 0-days and other exploitation trends. They cover how the vulnerability landscape has evolved over the years, what has made 2021 stand out so far, and how the nature of threat activity—particularly the growth of ransomware—has shifted the makeup of actors in this space.
For Mandiant Advantage users, please see related reporting mentioned in this episode:
Patch Me If You Can: Analyzing Trends in Time to Exploit (Q1 2020 Through Q1 2021)
Shut the Front Door: VPN Vulnerability Exploitation Trends, January 2019 – June 2021
While the broader discussion of cyber-related incidents, events, and trends are contributed to by many different types of organizations and individuals, journalists play an important role in furthering our collective understanding of this space. Journalist Kim Zetter joins host Luke McNamara on Eye on Security to share her perspective in covering cybersecurity as a journalist. Kim discusses how the cybersecurity beat has evolved over the years, where she gathers information to write stories, and some of the themes she sees in the current conversation about cybersecurity issues.
For the launch of Mandiant’s most newly graduated threat group, FIN12, Kimberly Goody (Director, Financial Crime Analysis) and Josh Shilko (Principal Technical Analyst, Financial Crime Analysis) join Eye on Security to discuss this actor. They cover this group’s TTPs and targets, where they fit into the ransomware ecosystem, and what makes this particular threat actor unique in the landscape.
Host Luke McNamara is joined by Eli Fox and Michael Barnhart, both Senior Analysts at Mandiant, to discuss some of their work tracking various North Korean threat clusters. Michael and Eli share their perspectives on the continuously changing landscape of DPRK threat actors, some of the challenges in tracking them, and how information from defectors augments the technical data in their analysis. They share several stories of recent campaigns and delve into where some of these threats may be headed next.
This episode of Eye on Security delves into a security topic that continues to be front and center for many organizations: ransomware. Dave Wong, Vice President for Mandiant Consulting, joined host Luke McNamara to discuss some of the recent changes with threat activity in this space. Dave covered where the trends in ransomware operations have taken us over the last year and a half, with increasing ransom price demands and the frequent extortion over stolen data from the victim. Dave and Luke also chatted affiliate models common and the fluid nature of many ransomware families, as new malware emerges and others seemingly “go dark”. Dave discussed his visibility into ransomware negotiations, sharing examples of his experience in dealing with these threat actors. He also highlighted important preparedness steps organizations can take beyond technical hardening by considering strategies of how they might approach dealing with a threat actor in a ransomware scenario. Finally, Dave and Luke touched on what changes might be seen as threat actors continue to evolve TTPs and extortion methods.
For further insights into ransomware negotiations, check out this Daily Beast interview with Dave: https://www.thedailybeast.com/inside-a-ransomware-negotiation-this-is-how-asshole-russian-hackers-keep-shaking-down-companies
Whether it’s shipping disruptions caused by the COVID-19 pandemic or compromises into software platforms used by hundreds of organizations, supply chain issues are back in the spotlight. In this episode of Eye on Security, host Luke McNamara is joined by Bryan Ware, CEO of Next5 and former Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA). Bryan shares his perspective on the state of supply chain security, including the current challenges bringing this issue to the forefront now, different ways to think about supply chain issues, and steps organizations can take to mitigate their risk in this space.
While much of the discussion around modern ransomware campaigns has centered on threat actors from Eastern Europe and Russia, this episode highlights some of the lesser-known activity in a different region and explores how nations may experiment with asymmetric cyber capabilities in the future. In this episode of the Eye on Security podcast, host Luke McNamara sits down with Sanaz Yashar (Manager, Mandiant Intelligence) and Matan Mimran (Principal Analyst, Mandiant Intelligence) to discuss some of their research into Iranian threat actors leveraging ransomware and other cyber-crime tactics. Sanaz and Matan walk through campaigns they have witnessed from several UNCs that have impacted organizations in Israel and elsewhere, examining evidence for why these incidents could be part of a trend towards using ransomware for purposes other than financial gain.
Host Luke McNamara is joined by Jeff Compton, Senior Manager for Mandiant’s Intelligence Capability Development team to discuss the focus of his team in helping customers build threat intelligence programs and how the needs of customers in this space continue to evolve, and how the regulatory landscape is driving change in particular regions and industries. One of the things that Jeff in particular highlighted is the importance of having a threat intel function that supports more than just the SOC, but broader stakeholders across the organization as well. Translating cyber threats into risk particular to the customer is a big focus of Jeff’s team, woven throughout their range of functions.
In response to an increasing demand to fill the CTI skills gap, Mandiant has made a commitment to arm organizations around the world with skilled security teams to succeed on the fast-evolving threat landscape. Host Luke McNamara is joined by Shanyn Ronis, Manager, Intelligence Training Program to discuss the official launch of Mandiant On-Demand Cyber Intelligence Training. Backed by 15+ years of frontline expertise and accessible 24/7, this on-demand training provides a cost-effective approach that empowers cyber security teams to effectively use intelligence across different job roles, at different skill levels.
On this episode we have Daniel Kappelman Zafra, a manager on Mandiant’s Cyber Physical Threat Intelligence team, to discuss a recent blog he and has team have released on the trend of lower sophistication threat actors targeting operational technology (OT). We discuss a precursor blog they put out last year, specific to this trend and the usage of ransomware by financially motivated actors to OT, and we talk about what Daniel is seeing change in this space. Our conversation touches on the various motivations that appear to be shaping this activity, and what it means for the potential proliferation of this as a tactic for hacktivists, opportunistic threat actors, and more. One of the things that I think really comes across in this episode is the thoughtful analysis that Daniel and his team apply to ascertaining the drivers of this trend and where it may be going. It’s an insightful look into an area of threat activity we will likely continue to see headlines around this year.
For more information on the discussion in this episode of Eye on Security, please check out the aforementioned blogs:
- https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html
- https://www.fireeye.com/blog/threat-research/2020/07/financially-motivated-actors-are-expanding-access-into-ot.html
Host Luke McNamara is joined by Paul Tumelty, Government Security Manager, to discuss how Mandiant is partnering with governments in EMEA to help foster cyber capacity building in nations across the region.
Paul walks through how governments are thinking about this, from the crafting of high-level strategies to working through the tasking of the appropriate entities for cyber defense, and establishing relationships with the private sector and beyond. Paul also highlights some of the challenges—and even advantages—that various nations may have depending on where they are in their journey of establishing a government framework to better address a changing threat landscape, especially in areas such as critical infrastructure protection.
What Luke found particularly interesting and exciting about the work Mandiant is doing in this space is the holistic approach Paul and his team are taking—beyond just ensuring the implementation of the right technologies—but looking at every aspect of what contributes to a nation’s strategy to continuously provide for a defense that can meet emerging threats. Luke and Paul even discussed the importance of early education initiatives to help foster the future workforce as part of capacity building.
In the latest episode of Eye on Security, we invited Jens Monrad, Head of Mandiant Threat Intelligence, EMEA to join Luke for a conversation on how the threat landscape has changed in the past year and how it continues to be impacted by the ongoing pandemic.
We reviewed the cyber events of the past year: pandemic-themed phishing, multiple APT campaigns against vaccine research and development, and ransomware targeting healthcare systems. Jens revealed that the biggest change still impacting the cyber threat landscape is the sheer volume of people working from home. He also highlighted the potential increase in the cyber criminal ecosystem due to job losses, and how individuals might turn to cybercrime in order to make money.
Check out the episode now to hear how the pandemic has impacted APT activity and disinformation campaigns. Jens also shares a unique piece of advice on the threat landscape that is helpful to remember as we all work to better secure our environments.
For additional information on how the pandemic and more is influencing the cyber threat landscape, check out our latest M-Trends 2021 report.
Mandiant Advantage, our SaaS platform, was always intended to house more than just our threat intelligence—and now it does. With the addition of Mandiant Automated Defense and Mandiant Security Validation, we are continuing to roll out new features in a platform that is easily accessible, as well as easy to deploy and scale.
Mike Armistead, SVP of Mandiant Advantage Products, joined host Luke McNamara to discuss what security teams will be able to do with these new features. Mike joined FireEye during the Respond Software acquisition, in which Respond’s solution became what is now known as Mandiant Automated Defense. Mike shared how the addition of Mandiant Automated Defense to the Mandiant Advantage platform enables the automation of tier one triage alerts.
One thing that really stuck out about their conversation is how weaving together Mandiant Automated Defense, Mandiant Security Validation, and Mandiant Threat Intelligence helps organizations prioritize threats that matter to them, fast.
Listen to this episode to get a walkthrough of how a SOC analyst can use the Mandiant Advantage platform to access intel about an alert they receive. You’ll also get a glimpse into what’s next for the Mandiant Advantage platform.
Have you ever wondered what it takes to develop our annual M-Trends report? The short answer is: a whole lot! Our host Luke McNamara asked Regina Elwell, Senior Principal Threat Analyst on the Advanced Practices Team, and Steve Stone, Senior Director for Advanced Practices, to take us behind the scenes so we can see exactly what goes into building an edition of M-Trends.
Steve started by discussing the sheer amount of data collection that is required, and how the team has to pore over this data—which comes directly from our incident response investigations—to determine what is a trend and what is not. Regina and Steve also touched on the evolution of the report from its first iteration in 2011. Not surprisingly, the reports have gotten more robust and include new data points almost every year.
We also discussed some of the highlights from our latest report, M-Trends 2021, and interpreted some of the key findings, including drops in median dwell time, increases in internal detections, impact of ransomware, and notable malware families from 2020. Additionally, we covered some of the process and approach Mandiant puts into grouping new threat groups (UNCs) and Steve and Regina’s favorite threat actors.
Listen to the podcast now, and when you’re done, read the full M-Trends 2021 report.
We are wrapping up our “Big Four” series with a country that has been
one to watch for quite some time: Russia. And who better to join me
for this episode than our Vice President for Mandiant Threat
Intelligence, John Hultquist.
We started off this episode discussing how Russian cyber threat
activity evolved to what we know today, from the days of Moonlight
Maze and Agent.BTZ. We then shifted the conversation to some of the
most notable Russian threat groups and the difficulties of assigning
attribution at the organizational sponsorship level. While many APT
groups from the “Big Four” may blend together various types of threat
activity, Russia has utilized a particularly interesting mix of cyber
espionage, information operations, and disruptive attacks over the
years.
John brought up many notable Russian incidents, including: the
Olympics, the Ukrainian power grid, the targeting of elections, and
the SolarWinds supply chain breach. We also discussed some of the
challenges in communicating threat intelligence to both customers and
wider audiences. To cap off the series, John delved into how
organizations should think about not only Russian threat activity, but
the operations and campaigns from North Korea, Iran, and China.
You can stay ahead of threat actors like those from the “Big Four” by
joining Mandiant Advantage Free where you’ll have access to
up-to-the-minute threat intelligence: http://feye.io/MA
The third installment of our “Big Four” series on China is filled with
so much great information that it’s our longest episode yet. Lloyd
Brown, Principal Analyst for our Custom Intel Team, and Scott
Henderson, Principal Analyst for our Cyber Espionage Team, joined our
host, Luke McNamara to peel back the layers of China’s cyber
capabilities.
Similar to past episodes in this series, we started at the beginning
of China’s cyber operations—dating back to 2003. Scott and Lloyd took
us through a detailed look at all the stages of China’s operations,
including the shift in 2015/2016 from being “clumsy and noisy” to
stealthy. Lloyd brings up a great point that’s worth hearing about
their use of CVE exploits (which came into play with the recent
Microsoft Exchange server exploits).
We also discussed how China’s cyber activity is driven by economic
interests such as the Belt and Road initiative, the nature of their
operations surrounding global elections, APT41’s cybercrime activity
in addition to cyber espionage, and where they think China’s
operations are headed. You’ll definitely want to stick around to the
very end. Since our initial recording occurred before the Microsoft
Exchange exploits, Luke decided to follow up with Lloyd to get his
take on HAFNIUM and the UNC groups we’re tracking related to that
activity.
Know the threats that affect your organization with up-to-the-minute
threat intelligence by signing up for Mandiant Advantage Free:
http://feye.io/MA
How does Reddit handle malicious or suspicious coordinated activity on
their platform? Our host Luke McNamara asked Aylea Baldwin, Threat
Intelligence Lead at Reddit, to answer that question and more during
this episode of Eye on Security.
During the discussion Aylea shared a few ways Reddit is unique
compared to other social media networks—its tolerance for varying
levels of behavior on different communities, the lack of user data
collection, and the way posts are amplified through voting. The voting
feature is unique to Reddit and Luke was curious to know how threat
actors leverage it as part of their influence campaigns. As it turns
out, the answer to that question isn’t so simple since foreign actors
have to get buy-in from people to up-vote their posts.
We ended our conversation with Aylea’s thoughts on the future of
disinformation and deep fake technology, which is a concern in the
security and many other industries, and something that can have a huge
influence on sites such as Reddit.
Did you know that women are disproportionately affected by cybercrime,
cyber stalking, cyber bullying, cyber harassment, and image-based
sexual abuse? We asked Cris Kittner, Principal Analyst at Mandiant
Threat Intelligence, and Lillian Teng, Director of Threat
Investigations from Verizon Media to join us for a discussion around
their recent talk on digital safety for women and practical strategies
women of all ages can take to increase their online safety.
Cris and Lillian provided their reasons and motivations for putting
together the talk, which they first presented at the Grace Hopper
Celebration in 2020. They highlighted the connection between physical
and cyber stalking and the need for these conversations to be
normalized. Far too often, Cris and Lillian heard from young
professionals that they believed the cyber harassment that was
happening to them in the workplace or at conferences was “normal.”
To combat the issues many women are facing online, Chris and Lillian
provided a list of practical considerations that women should follow,
such as using a password manager, knowing what permissions are being
given to third-party applications, understanding that Snapchat images
can be recovered, adjusting (or eliminating) location tags, and how to
report abuse happening on social media sites.
Listen to the episode today for online safety strategies that can help
you or a loved one stay safe online.
We’re back with the second episode of our “Big Four” series focused on
North Korea, Iran, China, and Russia. We honed in on Iran for this
one, and to help explore their cyber capabilities, we invited Sarah
Hawley, Principal Analyst for Mandiant Threat Intelligence, and Lee
Foster, Senior Manager of Information Operations Analysis.
Sarah kicked off the episode by providing an overview of Iran’s past
offensive cyber activity and how these capabilities have developed
over the years. Lee shared how they have also grown their usage and
willingness to use information operations (IO) and how his team
approaches attribution and analysis of this disinformation activity.
We then touched on drivers of Iranian cyber threat and their apparent
increasing willingness to target democratic processes. Sarah also
discussed Iran’s destructive activity going after industrial targets
in the oil and gas sectors through password spraying and spear
phishing operations.
As always, we closed out the episode with thoughts about what Sarah
and Lee think we might see from Iran’s cyber operations in the coming
years. Listen to hear their predictions and stay tuned for our
upcoming episodes on China and Russia.
Listen to the podcast now, check out the “Big Four” episode on North
Korea if you haven’t already, and then head over to our Eye on
Security page for even more episodes.
“Legitimate access rules the threat landscape”, says Jon Ford,
Managing Director at Mandiant. In addition to loss of intellectual
property, malicious insiders are increasingly impacting organizational
reputation, customer trust and investor confidence. There’s a lot more
to insider cyber security threats than disgruntled employees, which is
the first thing that comes to mind for most when they think of this
threat. Jon Ford, Managing Director of Mandiant, and Johnny Collins,
Director of Mandiant, joined us to break down what insider threats are
and the trends Mandiant is seeing in recent investigations.
Johnny began by defining insider threats—from unintended link
clicking, all the way up to human enabled technical operations (think
meet-ups in parks while avoiding all electronic communications that
you see in movies). Both Johnny and Jon shared how organizations on
the commercial and government sides are thinking about insider threats
as part of their overall risk and security posture, and how clients
are approaching insider threat security from a behavior-focused
approach as opposed to targeting or profiling individuals.
Then we got to the good part: stories from recent investigations
they’ve worked on through Mandiant’s Insider Threat Security Services
offerings. You might be surprised by the outcomes of a few of them.
Johnny and Jon went on to highlight the various tiers of Mandiant’s
Insider Threat Program Assessments and Mandiant’s Insider Threat
Security as a Service offering with Mandiant Intelligence. Johnny and
Jon close with shared thoughts on the growing Insider Threat trends
we’ll see in the near future.
While many cyber threats and security issues are universal and
experienced by organizations in any part of the world, some are more
common to a particular region than others. Host Luke McNamara invited
Ryan Goss, Vice President for Latin America & the Caribbean, and Juan
Carlos Garcias Caparros, Director of Mandiant Consulting for Latin
America and the Caribbean, to talk specifically about cyber security
in Latin America.
Juan Carlos shares what threats we’ve seen our customers face in Latin
America. He also discusses the security culture in Latin America,
comparing maturity of organizations to those in United States or
Europe. We also explore whether attitudes are shifting around cyber
security in boardrooms. Ryan believes it’s moving in a good direction,
but that many companies still treat cyber security as an afterthought,
which leads to lower overall budgets and forces security teams to
focus on solutions that are “good enough” or at least allow them to
“check the compliance box”. Thus the importance of FireEye leading
with Mandiant Services and establishing ourselves as trusted advisors
and true partners for our customers.
We wrap up the episode by touching on cyber training, security
validation and unexpected activity from North Korea targeting
financial institutions throughout Latin America.
We’re kicking off Eye on Security in 2021 with a nation-state-themed
miniseries that focuses on the big four, which we recognize as North
Korea, Iran, China and Russia. In this episode, host Luke McNamara
invited Fred Plan, Senior Analyst for Mandiant Threat Intelligence,
onto the podcast to talk about North Korea.
Fred started our discussion by providing some background on the
country, how it operates geopolitically, and why they’ve shifted their
focus to a cyber capability. We also review their early cyber
operations that primarily targeted South Korea and their expansion to
the U.S. private sector with the Sony hack. Since then, North Korea
continues to be active in both financially-motivated and
espionage-related operations.
There are a lot of behaviors that make North Korean cyber operations
unique, due in part to the country being very closed off. Their cyber
operations have demonstrated rapid shifts in targeting, which likely
comes at the request of the regime. We most recently saw this with
their targeting of COVID-19 research and vaccine distribution. North
Korea hasn’t publicly reported on any COVID-19 cases, so their cyber
behavior offers us a glimpse into what might actually be going on
within the country.
As always, we like to predict what we’ll see next in a region or from
an actor. In this case, Fred says it’s quite difficult to know what
North Korea is up to next. Find out why when you listen to the
episode.
As the COVID-19 pandemic continues, cyber threats have worsened for
some industries across the globe. Universities with medical and
research facilities are increasingly being targeted by threat actors
because of the critical and valuable work they do surrounding
pandemic. Host Luke McNamara invited Monte Ratzlaff, Cyber Risk
Program Director at the University of California Office of the
President, to join us for this episode of Eye on Security so we could
discuss the important research they secure.
Monte and Luke reviewed the types of data UC protects, which includes
protected health information, payment card data, student data and
research data. Even with all that data, the threats UC faces are still
quite similar to what many other organizations face: phishing,
ransomware and nation-state attacks.
We shifted our discussion to the challenges of securing COVID-19
research; especially at a time where ransomware is particularly
rampant. Monte emphasized the critical need for organizations to know
their environment and have plans in place in case attacks get through
defenses.
Listen to the episode to hear insights on securing medical devices and
why Monte wouldn’t be surprised to see an uptick in insider threats as
a result of a larger remote workforce.
With 2020 coming to an end, we’ve released our 2021 cyber security
predictions report, videos with our senior leaders and more. Our host,
Luke McNamara asked General Earl Matthews, VP, Strategy for Mandiant
Security Validation to join him on 'Eye on Security' to discuss what
we can expect in the cyber space heading into a new year based on the
threat activity we’ve seen recently.
Ransomware isn’t going away any time soon, so Luke asked General
Matthews how he’s seen executives react to this new type of threat and
if that has impacted how they think of security. We also explore the
increasing risk ransomware poses to operational technology based on
some of the ransomware campaigns we have seen this year.
We also talk in depth about third-party risk—a risk that’s been around
for a long time, but that we’ll see increasingly exploited by threat
actors. General Matthews also shared some personal stories about his
time as a CISO that you won’t want to miss.
General Matthews and Luke finish their chat with an interesting look
at which industries have adopted security validation and the benefits
of this solution for providing proof of security effectiveness.
In this episode, we have something a little different. We're excited
that Sean Lygaas (@Snlyngaas), Senior Reporter at CyberScoop, has
joined host Luke McNamara to share a different perspective on many of
the same cyber security stories and events that we work on in parallel
here at FireEye.
Sean and Luke kick off their conversation by discussing which stories
Sean considers top priority. These days his mornings entail reviewing
election security, and then he starts chasing the timely stories he
finds most interesting. Sean also shared the difference between what
is news and what is research when it comes to writing a story.
With the election being so close, we of course turned to the topic of
disinformation. Sean shared the difficulties of writing about
information operations and his approach of attempting to report on it
without amplifying fear or paranoia. We also explored the impact and
intent of these operations.
Listen to the episode to hear Sean’s thoughts on the future of media
and news consumption, and the cybersecurity topics he thinks we will
be reading about in the news in the coming year.
Our customers expressed a desire for faster access to our intelligence
to focus on threat activity that matters to them, so we launched
Mandiant Advantage. Mandiant Advantage is a new SaaS platform that
allows our customers to engage across all areas of our expertise,
starting with threat intelligence.
For this episode of ‘Eye on Security’, our host, Luke McNamara is
joined by Jon Heit, Senior Manager of Intel Product Management, and
Jeff Guilfoyle, Principal Product Manager. We start by looking back at
where the idea for Mandiant Advantage came from and the problems the
platform aims to solve. One of the features we’re most excited about
is that our customers can get a visual representation of disparate
pieces of discovered threat actors, malware, vulnerabilities all
connected together regardless of the products and tools deployed. We
also explore the graduation process of adversarial group FIN11 and how
Mandiant Advantage will allow customers to continuously explore
activities of thousands of actors.
Listen to the podcast to hear how Mandiant Advantage can provide your
organization a front row seat into frontline threat intelligence to
focus on threats that matter to you.
The cyber skills shortage is a real problem. There just aren’t enough
qualified people to adequately meet the cyber security needs of all
organizations, and the problem is only expected to get worse. One of
the ways we address this challenge at FireEye is through internal and
external training courses. We invited two people involved in those
efforts to join our host, Luke McNamara for this episode of Eye on
Security: Dawn Hagen, Senior Director of Learning and Development, and
Dr. Brett Miller, Managing Director at Mandiant.
They spoke about the evolution and range of training that includes
product and product-agnostic courses. Brett shared insights on how we
adapted our courses to meet customer needs and market demands—efforts
that include opening up our training to individuals as well as the
general public. Dawn also noted that we have developed curricula
alongside clients who have requested custom courses, and that we
continue to teach some of these courses to this day.
Of course things are changing. While most of our training was
in-person for both internal and external courses, we have pivoted to
virtual training in light of recent global events. Currently, about 60
percent of our courses are available online, and we expect many of
these courses to remain online indefinitely—while still maintaining
the same quality as in-person classes.
Listen to the episode to dive into the development of our courses,
hear about our lab to lecture ratio, and find out why we’ve shifted to
ensuring students are able to perform tasks instead of just having the
knowledge to do it. And for more information about individual training
courses available to the public, check out our training schedule:
https://feye.io/30o4Zke
Ransomware continues to be one of the most significant cyber security
issues affecting organizations today. The attack is very effective and
can be carried out relatively cheaply, making for larger net profits.
With no end in sight to this nasty threat, Luke McNamara, our host and
Principal Analyst for FireEye, spoke with someone who has a front-row
seat into how organizations think about ransomware and other similar
threats. For that we turned to Charles Carmakal, our SVP & CTO for
Mandiant, and one of our leading incident response experts.
On this episode of our Eye on Security podcast, Charles and Luke
explore the rise and evolution of ransomware—from the early days of
threat actors automating ransomware infections without knowing who
their victim was, to the more recent trend of breaking into
organizations with known vulnerabilities, taking critical data,
deploying encryptors and asking for much more money.
They then turn their discussion to the C-suite. Charles shares
perspectives from the board when it comes to cyber threats, noting
that while leadership is much more aware of cyber security and risk
management than they were in the past, many still won’t understand the
gravity of the situation until it’s happening to them.
Closing out the conversation, Charles shares customer stories
involving nation-state intrusions, the use of public offensive
security tools by nation-states, and the struggles organizations have
had securing their now remote workforces.
Information operations (IO) gained prominent public attention in 2016
during the U.S. general election. Since then, new campaigns have
continued to be exposed, and the tactics actors employ have evolved.
In this episode of 'Eye on Security', Lee Foster, our Senior Manager
of Information Operations Intelligence Analysis, joins host Luke
McNamara to talk all about disinformation, a recent influence campaign
that we refer to as Ghostwriter, and what we could see play out in the
2020 general election.
We start with Lee sharing overall trends and changes in IO that his
team has observed since early 2016. We then discuss the increasing
usage of synthetic media (“deepfake”) images that threat actors are
employing in their campaigns, and how fabricated content is leveraged
in coordinated inauthentic activity across forums and social media.
Moving on to Ghostwriter, Lee describes all the tactics, techniques
and procedures related to this recent influence campaign, and goes on
to compare this activity to another well-known IO campaign: Secondary
Infektion.
Finally, no chat about disinformation would be complete without
discussing how it could play out during the 2020 U.S. general
election. Check out the episode today to hear Lee’s predictions for
the upcoming election and what the future holds for information
operations in general.
The Strategic Analysis team at Mandiant Threat Intelligence examines
hundreds of discrete data points from numerous sources, distilling
trends from that raw information to identify the most important,
common, and damaging cyber threats clients should prioritize in their
defensive strategies. That’s what we’re talking about on this week’s
episode of Eye on Security with our guest Kelli Vanderlee, Manager of
Strategic Analysis at FireEye.
Kelli shares the types of topics the team covers, including industry
and geographic-based reporting, trend analysis looking at the
evolution of actor types or tactics over time, and examinations of
cyber risks associated with common business situations, such as
mergers and acquisitions. Kelli and Luke also discuss the evolving
role of Chinese cyber espionage actors and how they may be becoming
more aggressive and risk-tolerant than previously believed. We also
delve into how the Belt and Road Initiative is driving cyber
espionage—from China and other nations. In terms of the geopolitics
driving cyber activity, Kelli believes we will continue to see more
nation-states invest in cyber capabilities, as the rewards for this
type of activity often outweigh the risks.
Listen to the episode to learn more about strategic analysis and the
trends Kelli’s team is tracking in 2020.
You’ve heard of security validation and know that it’s necessary to
test your security effectiveness, but do you know how our team
develops the right attacks to test your controls against threat
activity we see in real life?
On this episode of our Eye on Security podcast, Henry Peltokangas,
Director of Product Management, and Nart Villeneuve, Director of
Research & Collections, give us an inside look at what goes on behind
the scenes at Mandiant Security Validation.
We begin our chat by discussing some of the key benefits of security
validation. We then dive into the research Henry’s team conducts to
take tactics and techniques that adversaries use in the real world and
replicate them within the Mandiant Security Validation platform.
Nart and Henry go on to discuss how Mandiant Security Validation
replicates adversary activity across every stage of the attack
lifecycle, and then explain exactly why that is important. Finally, we
wrap up the episode by previewing some new features in upcoming
releases, and how Henry and Nart see security validation evolving in
the future.
To view the whitepaper mentioned during the episode, visit:
https://www.fireeye.com/current-threats/annual-threat-report/security-
effectiveness-report.html
In the latest episode of Eye on Security, our host Luke McNamara talks
all about the world of operational technology (OT) and cyber physical
systems with one of our foremost experts on the topic: Nathan
Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.
Nathan kicked off the chat by explaining what exactly we mean when we
use the term ‘cyber physical.’ They then turned their attention to
related threats. As it turns out, there are far less attempts by
attackers to target these systems than one might believe. Nathan went
on to discuss some of the fundamental differences between OT and
information technology (IT) systems, and then explained how OT is
becoming more similar to IT, which makes those systems more vulnerable
to compromise. Fortunately, even though OT security typically lags
behind that of IT systems, it’s definitely moving forward in the right
direction.
Listen to the podcast today, and check out the following blog posts
referenced by Nathan during the episode:
• Financially Motivated Actors Are Expanding Access Into OT: Analysis
of Kill Lists That Include OT Processes Used With Seven Malware
Families: https://feye.io/2Wn6jlr
• Monitoring ICS Cyber Operation Tools and Software Exploit Modules To
Anticipate Future Threats: https://feye.io/2B5WrVI
• Ransomware Against the Machine: How Adversaries are Learning to
Disrupt Industrial Production by Targeting IT and OT:
https://feye.io/3j4l1Y5
• The FireEye Approach to Operational Technology Security:
https://feye.io/2DImy5T
• TRITON Actor TTP Profile, Custom Attack Tools, Detections, and
ATT&CK Mapping: https://feye.io/2Wk58CX
We commonly see the same threat actors, techniques and malware popping
up in all corners of the globe, but that doesn’t mean each region
isn’t affected differently. In this episode, our host Luke McNamara,
Principal Analyst for Mandiant Threat Intelligence is joined by Yihao
Lim, Principal Analyst for Mandiant Threat Intelligence, to discuss
cyber security and threats related specifically to the Asia Pacific
(APAC) region.
COVID-19 has brought on a rapid shift to remote work. Many
organizations were unprepared, so they quickly turned to collaboration
platforms that could help employees get back to work. But with more
applications comes a bigger attack surface.
On today’s Eye on Security podcast, Luke McNamara, Principal Analyst
for Mandiant Threat Intelligence talks with Marcus Troiano, Managing
Consultant for Mandiant, about collaboration platform security.
We begin the episode by discussing overall best practices for
collaboration tools, including those used for chatting, video and
audio conferencing, and file sharing. The increased use of these tools
has made them a bigger target of attackers and organizations need to
ensure employees are aware of and protected against relevant threats.
Later in the episode, Marcus and Luke discuss issues surrounding the
use of personal devices for work, which can lead to issues such as
accidental data leakage. We also provide a list of recommendations on
how to keep virtual meetings secure so no one can listen in on a
meeting, as well as how to properly share a screen without
inadvertently disclosing confidential data.
Listen to the episode today, and check out our related blog post for
even more
information:https://www.fireeye.com/blog/executive-perspective/2020/04
/security-best-practices-for-collaboration-platforms.html
COVID-19 has rapidly taken over the headlines across the globe. As
with many other major events, threat actors are quick to adapt
relevant topics as part of their phishing campaigns to increase the
likelihood of success. The same rings true for COVID-19, especially
due to its global impact.
On this latest Eye on Security podcast, John Atrache, Principal
Consultant for Mandiant, joins me to discuss all things email in the
time of COVID-19. We cover a variety of topics, including how threat
actors are continuously updating their phishing campaigns as new
developments around the pandemic arise. We also cover the importance
of organizations increasing their vigilance during these challenging
times, and how to implement quick and effective hardening controls to
mitigate the risk of successful phishing attack.
Listen to the episode today, and then learn even more by checking out
our blog post on COVID-19 themed phishing attacks and how to manage
email phishing risks:
https://www.fireeye.com/blog/executive-perspective/2020/03/managing-em
ail-phishing-risks.html
We are back with the second part of our M-Trends podcast where Luke
McNamara, Principal Analyst continues discussing highlights and
insights from this year’s report with Jurgen Kutscher, EVP of Mandiant
Solutions.
We pick back up with the nature of multiple attackers in an
environment—notably, whether or not they are aware of other attackers
in the environment and if they are collaborating. Jurgen then
discusses the rise of insider threats and how organizations can
improve the monitoring and detection of insider threats.
Ransomware use continues to rise—attackers are having success and
generating revenue, so we don’t expect this trend to level off any
time soon. Jurgen provides steps that organizations can take to reduce
their risk of falling victim to ransomware, and suggests organizations
take a look at our ransomware white paper for more containment
strategies:
https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/w
p-ransomware-protection-and-containment-strategies.pdf
Check out our podcast today, and also hear Jurgen’s top cyber security
recommendations for 2020.
FireEye released M-Trends 2020 earlier this year to provide visibility
into frontline investigations of the most interesting and impactful
cyber attacks of the year. In this first episode of our two-part
M-Trends 2020 podcast, Luke McNamara discusses the report with Jurgen
Kutscher, EVP of Mandiant Solutions.
We begin the episode by highlighting the key themes from M-Trends
2020, such as dwell time and the continued exploitation of legitimate
credentials. Jurgen discusses the decrease in dwell time and whether
it’s due to organizations getting better at detections or the changing
nature of attacks. You’ll also hear about trends in cloud security and
recommendations for the healthcare industry when it comes to cloud, as
well as insights into compromise detection by third parties.
Listen to the podcast today to dive into M-Trends 2020, and be sure to
tune in for part two where we discuss insider threats, ransomware, and
Jurgen’s recommendations for the year ahead.
In this latest episode, we featured M-Trends contributors Dominik
Weber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit)
to take us on a deep dive of our annual M-Trends report. We discussed
how key metrics from our incident response investigations changed,
including: dwell times, source of notification, number of threat
actors tracked, and malware families/trends broken down by operating
system. Additionally, we highlighted things that stood out to Dominik
and Dan, including:
-Malware that used email for command and control
-Malware that leveraged cryptography to protect further stages for
analysis [execution guardrails!]
-How FLARE determines whether a malware sample is a "new" family vs a
variant of an existing family we've seen before
-Targeted ransomware trends
-Chinese threat groups who have been active lately (APT40, APT41,
APT5, and several uncategorized clusters), as well as how the recent
US Justice Department indictments may have impacted operations by
those APT groups
-Dominik's involvement in the annual FLARE-ON challenge and what it's
like to create a challenge (encrypted web shell)
For the full M-Trends report, visit:
https://www.fireeye.com/current-threats/annual-threat-report/mtrends.h
tml
To find out more about the FLARE-On challenge, visit:
http://flare-on.com/
Cloud security is more important today than ever before. Luke McNamara
was joined once again by Martin Holste, CTO for Cloud at FireEye,
Chris Schreiber, FireEye product strategist, and JR Weiks, FireEye
security principal engineer.
In this second of two podcasts on cloud security, they examine how the
point products and various processes that make up cyber security today
will set the stage for the future of security operations centers
(SOC). The ideal way to initiate this transformation to the SOC of
tomorrow is with a single cyber security platform such as FireEye
Helix, which is a cloud-hosted security operations platform.
Integrating visibility, protection and detection with advanced
analytics is not a dream of the future, but an achievable reality
right now.
Check out the podcast, and also learn more about how FireEye Helix
seamlessly integrates disparate security tools and augments them with
next generation SIEM, orchestration and threat intelligence
capabilities to capture the untapped potential of security
investments.
Cloud security is more important today than ever before. To learn more
about the topic, Luke McNamara sat down with Martin Holste, CTO for
Cloud at FireEye, Chris Schreiber, FireEye product strategist, and JR
Weiks, FireEye security principal engineer.
In this first of two podcasts on cloud security, they discuss some of
the security challenges that occur when migrating to the cloud,
specifically highlighting some of the common problems that quickly
rise to the top once that journey begins. Additionally, they dive into
some of the different tactics that threat actors use to exploit cloud
infrastructure and how organizations can protect themselves.
Check out the podcast, and for more information head over to our
FireEye Cloud Security page and our FireEye Partnership with AWS page.
In October 2019, FireEye launched its Purple Team and Continuous
Purple Team Assessments to enable organizations to quantifiably
evaluate security controls and programs against Verodin simulated
attack scenarios. With Purple Team Assessments, Mandiant experts guide
an organization’s security team through highly-realistic attack
scenarios.
Luke McNamara spoke with one of our global red team leads who is on
the front lines managing this new offering, Evan Pena. During their
discussion, Evan explains what exactly a purple team is vs. a
traditional red and blue team, what are the outputs/deliverables that
come from a purple team, in what capacity will Verodin be used to
deliver this new offering, and more.
For more information about FireEye Mandiant Purple Team Assessments,
including the FireEye Verodin Security Instrumentation Platform (SIP),
please visit
https://www.fireeye.com/services/purple-team-assessment.html
Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEye
Intelligence, EMEA at FireEye on the EMEA threat landscape. In their
discussion, Jens spoke on the multidimensional threats to the region,
what those threats look like today, election security affecting these
countries, and continued challenges for the public and private sector.
Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEye
Intelligence, EMEA at FireEye on the EMEA threat landscape. In their
discussion, Jens spoke on the multidimensional threats to the region,
what those threats look like today, election security affecting these
countries, and continued challenges for the public and private sector.
The healthcare industry faces a range of threat actors and malicious
activity. FireEye EVP, Products, Grady Summers spoke with Principal
Analyst, Luke McNamara on the types of financially motivated cyber
threat activity impacting healthcare organizations, nation states
threats that the healthcare sector should be aware of, and how the
threat landscape for healthcare organizations evolve in the future.
The importance of being prepared cannot be understated. Companies
experiencing an email compromise must undertake costly investigations
involving forensics services and data mining of affected inboxes to
see if sensitive information has been impacted. If that isn’t bad
enough, productivity and reputation also stand to take a hit.
To shine some light on the business email compromise threat and how
best to defend against it, FireEye EVP and CTO Grady Summers sat down
with Ken Bagnall, VP for Email Security at FireEye, and Lauren
Winchester, Privacy Breach Response Services Manager at Beazley.
During their chat, the trio discussed awareness, prevention and a new
unique offering from FireEye and Beazley.
In April 2018, FireEye CTO, Grady Summers had the opportunity to talk
about some of the latest features of FireEye Email Security with Ken
Bagnall, VP for Email Security at FireEye. Their conversation ended up
being one of our more popular 'Eye on Security' podcast episodes, so
it was a no-brainer that Grady would have Ken back in July 2018 to
discuss some of the changes in email attacks that we had been
observing.
When Ken happily agreed to return for a third appearance, FireEye
Chief Intel Strategist, Christopher Porter was particularly glad that
it was his turn to pick his brain. During their chat, Ken and
Christopher talked about the innovation behind our secure email
gateway, the intellectual property behind FireEye technologies for
detecting advanced threats that others miss, and some general trends
related to email threats that we’re seeing today.
Check out the podcast right now, and learn more about how FireEye
Email Security can help defend against today’s most widely used – and
lesser known – email attacks.
In recent weeks FireEye has been talking all about Expertise On
Demand, our annual subscription service that gives customers access to
security experts and more. As FireEye Chief Intelligence Strategist,
it has been exciting to see the transformation on the Intelligence
side of things, but to get a better look at the Expertise On Demand
service as a whole we turned to Gareth Maclachlan, VP of Strategy and
Product Management.
In our latest Eye on Security podcast, Gareth and Christopher discuss
everything from how the Expertise On Demand service works and what
makes it unique, to the overall experience for customers and partners.
Gareth also talks about what prompted FireEye to offer Expertise On
Demand in the first place, including an all-too-familiar problem in
the industry: a shortage of trained security professionals.
The United States District Attorney’s Office for the Western District
of Washington recently unsealed indictments and announced the arrests
of three individuals linked to a criminal organization we have been
tracking since 2015 as FIN7. With the threat group in the news quite a
bit lately, FireEye CTO, Grady Summers sat down to discuss the actors
and the arrests with two of the foremost FIN7 experts: Nick Carr and
Barry Vengerik from FireEye’s Advanced Practices Team.
They discussed a wide variety of topics, including FIN7’s targeting,
why they chose the particular sectors that they did, how they gained
an initial foothold in organizations, their tools and tactics,
techniques and procedures (TTPs), some of the methods FireEye used to
track the group, and some of the ways FIN7 activity changed following
arrests made as far back as January 2018.
More information on FIN7 and many other threat groups can be found in
our Intel Portal as part of our FireEye iSIGHT Threat Intelligence
offering.
Back in April 2018, FireEye CTO, Grady Summers had the chance to talk
with Ken Bagnall, VP for Email Security at FireEye. At the time, Ken
and Grady chatted about FireEye’s acquisition of the company The Email
Laundry, which took place late 2017, and about some of the new
capabilities that was gained in FireEye Email Security from that
integration. They also discussed some of the trends that had been
observed in the email security space.
Grady recently met back up with Ken to continue their chat, and this
time were also joined by Levi Lloyd, Senior Manager for Detection
Services at FireEye. During the conversation, the three of them dove a
little bit deeper into some of the details behind the changes in email
attacks that they've seen. They then went on to discuss some of the
really cutting-edge techniques that FireEye is using to respond to
those email attacks, including blocking impersonation attacks and
URL-based attacks.
Check-out the podcast, and also learn more about how FireEye Email
Security can help defend against today’s most widely used – and lesser
known – email attacks.
FireEye Chief Intelligence Strategist, Christopher Porter had the
opportunity to speak with Jared Semrau, head of our Vulnerability and
Exploitation intelligence team. Jared discusses how his team gathers
information on new and existing exploitable bugs, combines that with
what FireEye knows from engagements and device detections, and how
they map that intelligence to known threat actors. There are a lot of
myths going around about how vulnerability management should be
handled and this discussion helped cut through a lot of that.
Listen to the podcast to join this conversation and to learn why
FireEye rates less than 0.01% of its vulnerabilities as critical,
compared to 10% of vulnerabilities being rated critical by public
sources. Jared did a great job explaining for me how this focus on
only the truly critical and exploitable vulnerabilities helps our
clients better utilize their limited threat hunting resources and keep
operational systems online as much as possible without unnecessary
out-of-cycle patching.
It’s hard to believe, but April 2018 marked the release of our 9th
edition of M-Trends. To learn more about the latest report, FireEye
CTO, Grady Summers sat down and spoke with one of the key
contributors: Jurgen Kutscher, senior vice president responsible for
all Mandiant Consulting and Managed Defense offerings at FireEye.
During their conversation, Jurgen and Grady discussed a wide variety
of topics touched on in the M-Trends report, including the significant
increase in attacks originating from threat actors sponsored by Iran,
a typically dwindling global median dwell time increasing from 99 days
in 2016 to 101 days in 2017, how more than half of organizations that
were victims of a targeted attack were getting re-attacked by the same
or similarly motivated threat actors, and much more.
Check out our podcast today, and also read the M-Trends report to
explore the latest and greatest trends that define today’s threat
landscape at
https://www.fireeye.com/current-threats/annual-threat-report/mtrends.h
tml
FireEye CTO, Grady Summers discussed email security with Ken Bagnall,
VP of the FireEye Email Security side of the business. Ken came to
FireEye following its 2017 acquisition of The Email Laundry, where he
was a founder and CEO.
<br>
<br>
During their chat, Ken and Grady discussed a wide variety of topics,
including Ken's history in the industry and how he got into email
security, how the merging of The Email Laundry with FireEye was the
perfect fit, up-and-coming email threats such as malware-less attacks
and imposter-based attacks, and what FireEye is doing to stay ahead of
these threats and ensure customers remain protected.
<br>
<br>
Check out the podcast, and learn more about how FireEye Email Security
can help defend against today's most widely used - and lesser known -
email attacks.
Chris Porter, chief intelligence strategist at FireEye had the
opportunity to speak with Parnian Najafi Borazjani, senior cyber
security analyst at FireEye, and Michael Rastigue, vice president,
cyber risk practice growth leader for the central zone at Marsh, on
cyber threats to the manufacturing industry.
Listen to the podcast to learn about today's threats, including who
the bad actors are, what assets are they going after, and what are
some possible motivators for bad actors to target the industry.
Additionally, Parnian and Michael discussed common exploit routes, and
improvement in risk mitigation and transfer options.
Chris Porter, chief intelligence strategist at FireEye had the
opportunity to speak with Parnian Najafi Borazjani, senior cyber
security analyst at FireEye, and Michael Rastigue, vice president,
cyber risk practice growth leader for the central zone at Marsh, on
cyber threats to the manufacturing industry.
Listen to the podcast to learn about today's threats, including who
the bad actors are, what assets are they going after, and what are
some possible motivators for bad actors to target the industry.
Additionally, Parnian and Michael discussed common exploit routes, and
improvement in risk mitigation and transfer options.
FireEye CTO, Grady Summers spoke about cyber security in 2018 with
FireEye CSO, Steve Booth. They touched on various topics, including
the threat landscape, threat actor techniques, nation-state activity,
and the General Data Protection Regulation (GDPR).
Check-out the podcast to hear more about what the new year has in
store, and also learn a little bit about what organizations should be
doing to stay ahead of these threats – everything from basic upkeep to
managing priorities.
Grady Summers, CTO, FireEye recently sat down to speak about FireEye
Helix with Paul Nguyen, Vice President and General Manager for Helix
at FireEye. During their conversation, Paul reiterated a key focus of
Helix, which is to the help analysts be more effective at their jobs.
Check out the podcast to hear all about the latest release (Helix
1.2), how FireEye is able to pivot data from the consul through
orchestration, and more.
Chris Porter, chief intelligence strategist at FireEye recently sat
down with Jeffrey Ashcraft, senior analyst at FireEye, and Matthew
McCabe, senior vice president and advisory specialist at Marsh, to
discuss cyber threats to the utilities sector and how much of what you
see hackers do in the movies really happens when utilities are
breached in the real world?
Listen to our podcast to find out what the difference between an
espionage attempt and preparation for an attack is, the importance of
terms and conditions in cyber insurance, and how to best distinguish
between an attack and an intrusion to your organization.
Given recent high-profile incidents, cyber security has quickly risen
to the top of the priority list for many organizations, including
governments. As with many organizations these days, government
information technology and security is migrating to the cloud. As
government and public education entities migrate to Office 365, Google
Mail or other solutions for their primary email management service,
theyâre also looking for email security that delivers advanced
threat protection, and this requires a service that is FedRAMP
authorized. FireEye CTO Grady Summers spoke with FireEye Global Govt
CTO, Tony Cole and Risk Management Lead, Stacey Ziegler on how FireEye
will support the government as it moves to the cloud.
FireEye CTO, Grady Summers interviewed Kevin Mandia in the summer of
2016 to discuss his goals as FireEye's newest CEO. One year later he
has caught-up with Kevin to discuss his âOne Teamâ philosophy, the
successful launch of Helix, and his love of overcoming challenges.
FireEye CTO, Grady Summers caught-up with John Miller, manager of
threat intelligence to discuss his thoughts on the current threat
landscape.
John touched on preventative steps organizations can put in place,
popular attack methods and trends he’s observed from the front lines
of our cyber investigations.
Matt Snyder, chief information security officer for the Penn State
Milton S. Hershey Medical Center joins Grady Summers, FireEye chief
technology officer, for a thought-provoking discussion spanning a
broad range of security-related topics. Organizations in the
healthcare sector are experiencing exponentially increasing levels of
targeted attacks from organized crime and nation states: Matt shares
his approach to creating a holistic strategy to protect his complex
environment.
In this podcast, Dan Scali, senior manager for Mandiant consulting and
Grady Summers, FireEye Chief Technology Officer, discuss key issues in
critical infrastructure and industrial control systems. Bank data
centers, nuclear power plants, and water plants make up this niche
area of information security thatâs quickly gained increased
importance with recent high profile breaches. Dan covers some of the
vulnerabilities these organizations have, including lack of network
segmentation and patching, and how this allows everything from
crimeware to nation state attacks to threaten the integrity of
critical systems. Organizations of all sizes need a pragmatic approach
to security by adopting holistic security programs, employing
enterprise wide monitoring, and ensuring they have incident response
plans in place. Dan discusses some of the ways Mandiant consultants
are helping these organizations in these areas including program
development and non-invasive ICS health checks.
Detecting today’s attacks is difficult. Attackers are more
sophisticated, better funded and better organized. Moreover, the
attacks are more targeted, with 80 percent of observed malware showing
up just once and 68 percent of malware being used against only a
single organization. In many cases, malware isn’t even involved in the
attacks – instead, the threat actors use a variety of tactics, some of
which have never been seen before.
A well-designed architecture needs to detect even the most
sophisticated attacks, especially those designed to evade defensive
mechanisms. Furthermore, it needs to detect those attacks without
generating the false positives that may lead to security personnel
missing the true threats. Perhaps most importantly, alerts must come
with the context that enables security teams to prioritize
investigations and design a proper response.
In our latest podcast, Josh Goldfarb discusses all of this and more
with Matt Allen, senior director of FireEye Labs.
Paul Nguyen, VP, Orchestration & Integration for FireEye discusses how
orchestration levels the battlefield by leveraging FireEye's years
of expertise battling the world's most consequential breaches.
I was fortunate to sit down with Michael Sikorski, Director, FireEye
Labs Advanced Reverse Engineering (FLARE) Team. During our
conversation we discussed the origin of the FLARE team, Michael’s book
“Practical Malware Analysis: The Hands-On Guide to Dissecting
Malicious Software”, and the latest freeware tools FLOSS and
FakeNet-NG.
Over the years we have seen our message of detect, respond, and
contain resonate through-out the cyber security industry. I wanted to
explore this mantra further by speaking with our Vice President,
Mandiant Global Consulting â US Central & Latin America and
Executive Director, Strategic Services, Russell Teague.
On this podcast we discuss how strategic services help by making
companies proactive in their security efforts, what the right level of
security is for each organization, and the role board of directors
play.
FireEye CEO Kevin Mandia took the helm of the company in mid-June with
a tall order: to understand the current challenges and arrange all of
the components to make FireEye the best security company in the
industry.
In this Eye on Security podcast, FireEye Chief Technology Officer
Grady Summers talks with Kevin about why he’s so well positioned to
lead the company, including why he started Mandiant, why he scrapped
his business plan after just 30 minutes, and how his experiences with
Mandiant will help him move FireEye forward.
Earlier this year FireEye’s Mandiant business unit launched Red Team
Operations, which consists of two unique services designed to assess
the strength an organizations’ security program: Red Team Assessments
and Red Teaming for Security Operations.
During Black Hat USA 2016 I met up with Marshall Heilman, Vice
President, Mandiant Consulting – West and Executive Director, IR and
Red Team Operations to discuss how his team determines their approach
for each engagement and what differentiates Mandiant’s Red Team from
others.
Chris Tannery is a senior manager on the FireEye as a Service (FaaS)
team. In his role he helps customers with the onboarding process.
Nicole Oppenheim is the manager of Advanced Practices for FireEye as a
Service (FaaS). She is responsible for reviewing our analytical
strategy within FaaS and determining the best way forward to find
advanced attackers.
Pete Smith is a network practice lead for FaaS (FireEye as a Service).
In his role as network practice lead, Pete is responsible for
designing network services that our analysts use to defend our
customers from advanced attackers.
FireEye CTO of Emerging Technologies, Josh Goldfarb sat down with Sr.
Director, Yogi Chandiramani and international threat intel liaison,
Jens Monrad to discuss findings from the latest EMEA Regional Advanced
Threat Report.
FireEye CTO Grady Summers recently sat down with SangYun Jeong,
Information Security Manager for GS Caltex to discuss his take on what
it's like to manage information security for a large oil refiner
company in Korea.
Listen to the podcast and hear what the top cybersecurity risks are
that face an organization controlling and managing SCADA systems, what
prompted manufactures to become interested in protecting their
organizations against targeted attackers, and SangYun's thoughts on
what security vendors can do to improve.
Hear from John Watters - the founder and former CEO of iSIGHT Partners
(now the Cyber Threat Intelligence arm of FireEye) on his views of the
current state of cyber security, and what you can expect to hear from
him at the upcoming Cyber Defense Live Summit hosted by FireEye.
We sat down with Shannon Lietz, head of DevSecOps engineers at Intuit,
about the company’s philosophy regarding cloud security. In this
podcast she discusses what kinds of resources Intuit has devoted to
keeping the cloud safe, advice for companies considering moving to the
cloud, and how enterprises can use the cloud while staying ahead of
attackers.
She also describes Red Team Mondays, Blue Team Intelligence, and how
Intuit uses fire drills to keep vendors on their toes.
More and more companies are relying on the cloud for storage and
collaboration, but what does that mean from a security and cyber
standpoint? How safe is it? Who has access? And would you know if
someone else was accessing your data?
Patrick Heim is head of trust and security at Dropbox. He answers
these questions and more – including how Dropbox protects its
customer’s data – in our latest podcast. He also discusses the
difference between securing a cloud platform versus securing an
enterprise.
In this podcast, Grady Summers, FireEye CTO, discusses the cyber
issues that organizations face, the communication roadblocks between
those on the ground and at the board level, what steps to take to get
past these obstacles, and the next big trends in cyber security.
Learn more about the newest members of the FireEye family from Paul
Nguyen, founder and CEO of Invotas and John Watters, founder, chairman
and CEO of iSIGHT Partners. Hear why they started their companies, how
their addition to FireEye adds to our already robust product and
subscription offering, and what this all means both immediately and
long-term for our customers.
Learn more about the latest trends in cyber and what you can do to
protect your enterprise from Jurgen Kutscher, vice president of
security consulting services at Mandiant, a FireEye company.
How do you weed through the noise to find the signal? In this latest
podcast, Josh Goldfarb, Vice President and Chief Technology Officer at
FireEye, discusses best practices when looking for the signal within
the noise of alert volume.
According to Goldfarb, there are many ways an organization could
improve the efficiency of its security operations workflow, but one
way in particular makes a significant difference. A better quality of
alerts means more efficiency.. In other words, our work queue defines
what our scarce human resources work on in a given day. Given that,
doesn’t it make sense to supply that work queue with the highest
quality, highest fidelity alerts possible to ensure that human
resources spend their precious cycles on the highest value work? In
other words: more signal, less noise. Learn how this approach impacts
information security and cyberwar in this latest podcast.
En liten tjänst av I'm With Friends. Finns även på engelska.