The latest on cybersecurity threats and news from FireEye.
The Inception of Mandiant Advantage
Our customers expressed a desire for faster access to our intelligence to focus on threat activity that matters to them, so we launched Mandiant Advantage. Mandiant Advantage is a new SaaS platform that allows our customers to engage across all areas of our expertise, starting with threat intelligence.
For this episode of ‘Eye on Security’, our host, Luke McNamara is joined by Jon Heit, Senior Manager of Intel Product Management, and Jeff Guilfoyle, Principal Product Manager. We start by looking back at where the idea for Mandiant Advantage came from and the problems the platform aims to solve. One of the features we’re most excited about is that our customers can get a visual representation of disparate pieces of discovered threat actors, malware, vulnerabilities all connected together regardless of the products and tools deployed. We also explore the graduation process of adversarial group FIN11 and how Mandiant Advantage will allow customers to continuously explore activities of thousands of actors.
Listen to the podcast to hear how Mandiant Advantage can provide your organization a front row seat into frontline threat intelligence to focus on threats that matter to you.
Back to School: Training the Cyber Workforce in 2020
The cyber skills shortage is a real problem. There just aren’t enough qualified people to adequately meet the cyber security needs of all organizations, and the problem is only expected to get worse. One of the ways we address this challenge at FireEye is through internal and external training courses. We invited two people involved in those efforts to join our host, Luke McNamara for this episode of Eye on Security: Dawn Hagen, Senior Director of Learning and Development, and Dr. Brett Miller, Managing Director at Mandiant.
They spoke about the evolution and range of training that includes product and product-agnostic courses. Brett shared insights on how we adapted our courses to meet customer needs and market demands—efforts that include opening up our training to individuals as well as the general public. Dawn also noted that we have developed curricula alongside clients who have requested custom courses, and that we continue to teach some of these courses to this day.
Of course things are changing. While most of our training was in-person for both internal and external courses, we have pivoted to virtual training in light of recent global events. Currently, about 60 percent of our courses are available online, and we expect many of these courses to remain online indefinitely—while still maintaining the same quality as in-person classes.
Listen to the episode to dive into the development of our courses, hear about our lab to lecture ratio, and find out why we’ve shifted to ensuring students are able to perform tasks instead of just having the knowledge to do it. And for more information about individual training courses available to the public, check out our training schedule: https://feye.io/30o4Zke
Ransomware and Observations from Recent IR Investigations
Ransomware continues to be one of the most significant cyber security issues affecting organizations today. The attack is very effective and can be carried out relatively cheaply, making for larger net profits. With no end in sight to this nasty threat, Luke McNamara, our host and Principal Analyst for FireEye, spoke with someone who has a front-row seat into how organizations think about ransomware and other similar threats. For that we turned to Charles Carmakal, our SVP & CTO for Mandiant, and one of our leading incident response experts.
On this episode of our Eye on Security podcast, Charles and Luke explore the rise and evolution of ransomware—from the early days of threat actors automating ransomware infections without knowing who their victim was, to the more recent trend of breaking into organizations with known vulnerabilities, taking critical data, deploying encryptors and asking for much more money.
They then turn their discussion to the C-suite. Charles shares perspectives from the board when it comes to cyber threats, noting that while leadership is much more aware of cyber security and risk management than they were in the past, many still won’t understand the gravity of the situation until it’s happening to them.
Closing out the conversation, Charles shares customer stories involving nation-state intrusions, the use of public offensive security tools by nation-states, and the struggles organizations have had securing their now remote workforces.
The Ghostwriter Campaign and Trends in Disinformation Today
Information operations (IO) gained prominent public attention in 2016 during the U.S. general election. Since then, new campaigns have continued to be exposed, and the tactics actors employ have evolved. In this episode of 'Eye on Security', Lee Foster, our Senior Manager of Information Operations Intelligence Analysis, joins host Luke McNamara to talk all about disinformation, a recent influence campaign that we refer to as Ghostwriter, and what we could see play out in the 2020 general election.
We start with Lee sharing overall trends and changes in IO that his team has observed since early 2016. We then discuss the increasing usage of synthetic media (“deepfake”) images that threat actors are employing in their campaigns, and how fabricated content is leveraged in coordinated inauthentic activity across forums and social media.
Moving on to Ghostwriter, Lee describes all the tactics, techniques and procedures related to this recent influence campaign, and goes on to compare this activity to another well-known IO campaign: Secondary Infektion.
Finally, no chat about disinformation would be complete without discussing how it could play out during the 2020 U.S. general election. Check out the episode today to hear Lee’s predictions for the upcoming election and what the future holds for information operations in general.
Making Sense of Cyber Threats at Scale with Strategic Intel
The Strategic Analysis team at Mandiant Threat Intelligence examines hundreds of discrete data points from numerous sources, distilling trends from that raw information to identify the most important, common, and damaging cyber threats clients should prioritize in their defensive strategies. That’s what we’re talking about on this week’s episode of Eye on Security with our guest Kelli Vanderlee, Manager of Strategic Analysis at FireEye.
Kelli shares the types of topics the team covers, including industry and geographic-based reporting, trend analysis looking at the evolution of actor types or tactics over time, and examinations of cyber risks associated with common business situations, such as mergers and acquisitions. Kelli and Luke also discuss the evolving role of Chinese cyber espionage actors and how they may be becoming more aggressive and risk-tolerant than previously believed. We also delve into how the Belt and Road Initiative is driving cyber espionage—from China and other nations. In terms of the geopolitics driving cyber activity, Kelli believes we will continue to see more nation-states invest in cyber capabilities, as the rewards for this type of activity often outweigh the risks.
Listen to the episode to learn more about strategic analysis and the trends Kelli’s team is tracking in 2020.
Behind the Scenes with Mandiant Security Validation
You’ve heard of security validation and know that it’s necessary to test your security effectiveness, but do you know how our team develops the right attacks to test your controls against threat activity we see in real life?
On this episode of our Eye on Security podcast, Henry Peltokangas, Director of Product Management, and Nart Villeneuve, Director of Research & Collections, give us an inside look at what goes on behind the scenes at Mandiant Security Validation.
We begin our chat by discussing some of the key benefits of security validation. We then dive into the research Henry’s team conducts to take tactics and techniques that adversaries use in the real world and replicate them within the Mandiant Security Validation platform.
Nart and Henry go on to discuss how Mandiant Security Validation replicates adversary activity across every stage of the attack lifecycle, and then explain exactly why that is important. Finally, we wrap up the episode by previewing some new features in upcoming releases, and how Henry and Nart see security validation evolving in the future.
To view the whitepaper mentioned during the episode, visit: https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html
Customer ReviewsSee All
Audio quality needs improvement
The episodes are hit or miss, as some of them sound like they were recorded with a potato.