The Defender's Advantage Podcast

Did you know that women are disproportionately affected by cybercrime,cyber stalking, cyber bullying, cyber harassment, and image-basedsexual abuse? We asked Cris Kittner, Principal Analyst at MandiantThreat Intelligence, and Lillian Teng, Director of ThreatInvestigations from Verizon Media to join us for a discussion aroundtheir recent talk on digital safety for women and practical strategieswomen of all ages can take to increase their online safety.Cris and Lillian provided their reasons and motivations for puttingtogether the talk, which they first presented at the Grace HopperCelebration in 2020. They highlighted the connection between physicaland cyber stalking and the need for these conversations to benormalized. Far too often, Cris and Lillian heard from youngprofessionals that they believed the cyber harassment that washappening to them in the workplace or at conferences was “normal.”To combat the issues many women are facing online, Chris and Lillianprovided a list of practical considerations that women should follow,such as using a password manager, knowing what permissions are beinggiven to third-party applications, understanding that Snapchat imagescan be recovered, adjusting (or eliminating) location tags, and how toreport abuse happening on social media sites.Listen to the episode today for online safety strategies that can helpyou or a loved one stay safe online.

We’re back with the second episode of our “Big Four” series focused onNorth Korea, Iran, China, and Russia. We honed in on Iran for thisone, and to help explore their cyber capabilities, we invited SarahHawley, Principal Analyst for Mandiant Threat Intelligence, and LeeFoster, Senior Manager of Information Operations Analysis.Sarah kicked off the episode by providing an overview of Iran’s pastoffensive cyber activity and how these capabilities have developedover the years. Lee shared how they have also grown their usage andwillingness to use information operations (IO) and how his teamapproaches attribution and analysis of this disinformation activity.We then touched on drivers of Iranian cyber threat and their apparentincreasing willingness to target democratic processes. Sarah alsodiscussed Iran’s destructive activity going after industrial targetsin the oil and gas sectors through password spraying and spearphishing operations.As always, we closed out the episode with thoughts about what Sarahand Lee think we might see from Iran’s cyber operations in the comingyears. Listen to hear their predictions and stay tuned for ourupcoming episodes on China and Russia.Listen to the podcast now, check out the “Big Four” episode on NorthKorea if you haven’t already, and then head over to our Eye onSecurity page for even more episodes.

“Legitimate access rules the threat landscape”, says Jon Ford,Managing Director at Mandiant. In addition to loss of intellectualproperty, malicious insiders are increasingly impacting organizationalreputation, customer trust and investor confidence. There’s a lot moreto insider cyber security threats than disgruntled employees, which isthe first thing that comes to mind for most when they think of thisthreat. Jon Ford, Managing Director of Mandiant, and Johnny Collins,Director of Mandiant, joined us to break down what insider threats areand the trends Mandiant is seeing in recent investigations.Johnny began by defining insider threats—from unintended linkclicking, all the way up to human enabled technical operations (thinkmeet-ups in parks while avoiding all electronic communications thatyou see in movies). Both Johnny and Jon shared how organizations onthe commercial and government sides are thinking about insider threatsas part of their overall risk and security posture, and how clientsare approaching insider threat security from a behavior-focusedapproach as opposed to targeting or profiling individuals.Then we got to the good part: stories from recent investigationsthey’ve worked on through Mandiant’s Insider Threat Security Servicesofferings. You might be surprised by the outcomes of a few of them.Johnny and Jon went on to highlight the various tiers of Mandiant’sInsider Threat Program Assessments and Mandiant’s Insider ThreatSecurity as a Service offering with Mandiant Intelligence. Johnny andJon close with shared thoughts on the growing Insider Threat trendswe’ll see in the near future.

While many cyber threats and security issues are universal andexperienced by organizations in any part of the world, some are morecommon to a particular region than others. Host Luke McNamara invitedRyan Goss, Vice President for Latin America & the Caribbean, and JuanCarlos Garcias Caparros, Director of Mandiant Consulting for LatinAmerica and the Caribbean, to talk specifically about cyber securityin Latin America.Juan Carlos shares what threats we’ve seen our customers face in LatinAmerica. He also discusses the security culture in Latin America,comparing maturity of organizations to those in United States orEurope. We also explore whether attitudes are shifting around cybersecurity in boardrooms. Ryan believes it’s moving in a good direction,but that many companies still treat cyber security as an afterthought,which leads to lower overall budgets and forces security teams tofocus on solutions that are “good enough” or at least allow them to“check the compliance box”. Thus the importance of FireEye leadingwith Mandiant Services and establishing ourselves as trusted advisorsand true partners for our customers.We wrap up the episode by touching on cyber training, securityvalidation and unexpected activity from North Korea targetingfinancial institutions throughout Latin America.

We’re kicking off Eye on Security in 2021 with a nation-state-themedminiseries that focuses on the big four, which we recognize as NorthKorea, Iran, China and Russia. In this episode, host Luke McNamarainvited Fred Plan, Senior Analyst for Mandiant Threat Intelligence,onto the podcast to talk about North Korea.Fred started our discussion by providing some background on thecountry, how it operates geopolitically, and why they’ve shifted theirfocus to a cyber capability. We also review their early cyberoperations that primarily targeted South Korea and their expansion tothe U.S. private sector with the Sony hack. Since then, North Koreacontinues to be active in both financially-motivated andespionage-related operations.There are a lot of behaviors that make North Korean cyber operationsunique, due in part to the country being very closed off. Their cyberoperations have demonstrated rapid shifts in targeting, which likelycomes at the request of the regime. We most recently saw this withtheir targeting of COVID-19 research and vaccine distribution. NorthKorea hasn’t publicly reported on any COVID-19 cases, so their cyberbehavior offers us a glimpse into what might actually be going onwithin the country.As always, we like to predict what we’ll see next in a region or froman actor. In this case, Fred says it’s quite difficult to know whatNorth Korea is up to next. Find out why when you listen to theepisode.

As the COVID-19 pandemic continues, cyber threats have worsened forsome industries across the globe. Universities with medical andresearch facilities are increasingly being targeted by threat actorsbecause of the critical and valuable work they do surroundingpandemic. Host Luke McNamara invited Monte Ratzlaff, Cyber RiskProgram Director at the University of California Office of thePresident, to join us for this episode of Eye on Security so we coulddiscuss the important research they secure.Monte and Luke reviewed the types of data UC protects, which includesprotected health information, payment card data, student data andresearch data. Even with all that data, the threats UC faces are stillquite similar to what many other organizations face: phishing,ransomware and nation-state attacks.We shifted our discussion to the challenges of securing COVID-19research; especially at a time where ransomware is particularlyrampant. Monte emphasized the critical need for organizations to knowtheir environment and have plans in place in case attacks get throughdefenses.Listen to the episode to hear insights on securing medical devices andwhy Monte wouldn’t be surprised to see an uptick in insider threats asa result of a larger remote workforce.

With 2020 coming to an end, we’ve released our 2021 cyber securitypredictions report, videos with our senior leaders and more. Our host,Luke McNamara asked General Earl Matthews, VP, Strategy for MandiantSecurity Validation to join him on 'Eye on Security' to discuss whatwe can expect in the cyber space heading into a new year based on thethreat activity we’ve seen recently.Ransomware isn’t going away any time soon, so Luke asked GeneralMatthews how he’s seen executives react to this new type of threat andif that has impacted how they think of security. We also explore theincreasing risk ransomware poses to operational technology based onsome of the ransomware campaigns we have seen this year.We also talk in depth about third-party risk—a risk that’s been aroundfor a long time, but that we’ll see increasingly exploited by threatactors. General Matthews also shared some personal stories about histime as a CISO that you won’t want to miss.General Matthews and Luke finish their chat with an interesting lookat which industries have adopted security validation and the benefitsof this solution for providing proof of security effectiveness.

In this episode, we have something a little different. We're excitedthat Sean Lygaas (@Snlyngaas), Senior Reporter at CyberScoop, hasjoined host Luke McNamara to share a different perspective on many ofthe same cyber security stories and events that we work on in parallelhere at FireEye.Sean and Luke kick off their conversation by discussing which storiesSean considers top priority. These days his mornings entail reviewingelection security, and then he starts chasing the timely stories hefinds most interesting. Sean also shared the difference between whatis news and what is research when it comes to writing a story.With the election being so close, we of course turned to the topic ofdisinformation. Sean shared the difficulties of writing aboutinformation operations and his approach of attempting to report on itwithout amplifying fear or paranoia. We also explored the impact andintent of these operations.Listen to the episode to hear Sean’s thoughts on the future of mediaand news consumption, and the cybersecurity topics he thinks we willbe reading about in the news in the coming year.

Our customers expressed a desire for faster access to our intelligenceto focus on threat activity that matters to them, so we launchedMandiant Advantage. Mandiant Advantage is a new SaaS platform thatallows our customers to engage across all areas of our expertise,starting with threat intelligence.For this episode of ‘Eye on Security’, our host, Luke McNamara isjoined by Jon Heit, Senior Manager of Intel Product Management, andJeff Guilfoyle, Principal Product Manager. We start by looking back atwhere the idea for Mandiant Advantage came from and the problems theplatform aims to solve. One of the features we’re most excited aboutis that our customers can get a visual representation of disparatepieces of discovered threat actors, malware, vulnerabilities allconnected together regardless of the products and tools deployed. Wealso explore the graduation process of adversarial group FIN11 and howMandiant Advantage will allow customers to continuously exploreactivities of thousands of actors.Listen to the podcast to hear how Mandiant Advantage can provide yourorganization a front row seat into frontline threat intelligence tofocus on threats that matter to you.

The cyber skills shortage is a real problem. There just aren’t enoughqualified people to adequately meet the cyber security needs of allorganizations, and the problem is only expected to get worse. One ofthe ways we address this challenge at FireEye is through internal andexternal training courses. We invited two people involved in thoseefforts to join our host, Luke McNamara for this episode of Eye onSecurity: Dawn Hagen, Senior Director of Learning and Development, andDr. Brett Miller, Managing Director at Mandiant.They spoke about the evolution and range of training that includesproduct and product-agnostic courses. Brett shared insights on how weadapted our courses to meet customer needs and market demands—effortsthat include opening up our training to individuals as well as thegeneral public. Dawn also noted that we have developed curriculaalongside clients who have requested custom courses, and that wecontinue to teach some of these courses to this day.Of course things are changing. While most of our training wasin-person for both internal and external courses, we have pivoted tovirtual training in light of recent global events. Currently, about 60percent of our courses are available online, and we expect many ofthese courses to remain online indefinitely—while still maintainingthe same quality as in-person classes.Listen to the episode to dive into the development of our courses,hear about our lab to lecture ratio, and find out why we’ve shifted toensuring students are able to perform tasks instead of just having theknowledge to do it. And for more information about individual trainingcourses available to the public, check out our training schedule:https://feye.io/30o4Zke