The Defender's Advantage Podcast

In this latest episode, we featured M-Trends contributors DominikWeber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit)to take us on a deep dive of our annual M-Trends report. We discussedhow key metrics from our incident response investigations changed,including: dwell times, source of notification, number of threatactors tracked, and malware families/trends broken down by operatingsystem. Additionally, we highlighted things that stood out to Dominikand Dan, including:-Malware that used email for command and control-Malware that leveraged cryptography to protect further stages foranalysis [execution guardrails!]-How FLARE determines whether a malware sample is a "new" family vs avariant of an existing family we've seen before-Targeted ransomware trends-Chinese threat groups who have been active lately (APT40, APT41,APT5, and several uncategorized clusters), as well as how the recentUS Justice Department indictments may have impacted operations bythose APT groups-Dominik's involvement in the annual FLARE-ON challenge and what it'slike to create a challenge (encrypted web shell)For the full M-Trends report, visit:https://www.fireeye.com/current-threats/annual-threat-report/mtrends.htmlTo find out more about the FLARE-On challenge, visit:http://flare-on.com/

Cloud security is more important today than ever before. Luke McNamarawas joined once again by Martin Holste, CTO for Cloud at FireEye,Chris Schreiber, FireEye product strategist, and JR Weiks, FireEyesecurity principal engineer.In this second of two podcasts on cloud security, they examine how thepoint products and various processes that make up cyber security todaywill set the stage for the future of security operations centers(SOC). The ideal way to initiate this transformation to the SOC oftomorrow is with a single cyber security platform such as FireEyeHelix, which is a cloud-hosted security operations platform.Integrating visibility, protection and detection with advancedanalytics is not a dream of the future, but an achievable realityright now.Check out the podcast, and also learn more about how FireEye Helixseamlessly integrates disparate security tools and augments them withnext generation SIEM, orchestration and threat intelligencecapabilities to capture the untapped potential of securityinvestments.

Cloud security is more important today than ever before. To learn moreabout the topic, Luke McNamara sat down with Martin Holste, CTO forCloud at FireEye, Chris Schreiber, FireEye product strategist, and JRWeiks, FireEye security principal engineer.In this first of two podcasts on cloud security, they discuss some ofthe security challenges that occur when migrating to the cloud,specifically highlighting some of the common problems that quicklyrise to the top once that journey begins. Additionally, they dive intosome of the different tactics that threat actors use to exploit cloudinfrastructure and how organizations can protect themselves.Check out the podcast, and for more information head over to ourFireEye Cloud Security page and our FireEye Partnership with AWS page.

In October 2019, FireEye launched its Purple Team and ContinuousPurple Team Assessments to enable organizations to quantifiablyevaluate security controls and programs against Verodin simulatedattack scenarios. With Purple Team Assessments, Mandiant experts guidean organization’s security team through highly-realistic attackscenarios.Luke McNamara spoke with one of our global red team leads who is onthe front lines managing this new offering, Evan Pena. During theirdiscussion, Evan explains what exactly a purple team is vs. atraditional red and blue team, what are the outputs/deliverables thatcome from a purple team, in what capacity will Verodin be used todeliver this new offering, and more.For more information about FireEye Mandiant Purple Team Assessments,including the FireEye Verodin Security Instrumentation Platform (SIP),please visithttps://www.fireeye.com/services/purple-team-assessment.html

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEyeIntelligence, EMEA at FireEye on the EMEA threat landscape. In theirdiscussion, Jens spoke on the multidimensional threats to the region,what those threats look like today, election security affecting thesecountries, and continued challenges for the public and private sector.

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEyeIntelligence, EMEA at FireEye on the EMEA threat landscape. In theirdiscussion, Jens spoke on the multidimensional threats to the region,what those threats look like today, election security affecting thesecountries, and continued challenges for the public and private sector.

The healthcare industry faces a range of threat actors and maliciousactivity. FireEye EVP, Products, Grady Summers spoke with PrincipalAnalyst, Luke McNamara on the types of financially motivated cyberthreat activity impacting healthcare organizations, nation statesthreats that the healthcare sector should be aware of, and how thethreat landscape for healthcare organizations evolve in the future.

The importance of being prepared cannot be understated. Companiesexperiencing an email compromise must undertake costly investigationsinvolving forensics services and data mining of affected inboxes tosee if sensitive information has been impacted. If that isn’t badenough, productivity and reputation also stand to take a hit.To shine some light on the business email compromise threat and howbest to defend against it, FireEye EVP and CTO Grady Summers sat downwith Ken Bagnall, VP for Email Security at FireEye, and LaurenWinchester, Privacy Breach Response Services Manager at Beazley.During their chat, the trio discussed awareness, prevention and a newunique offering from FireEye and Beazley.

In April 2018, FireEye CTO, Grady Summers had the opportunity to talkabout some of the latest features of FireEye Email Security with KenBagnall, VP for Email Security at FireEye. Their conversation ended upbeing one of our more popular 'Eye on Security' podcast episodes, soit was a no-brainer that Grady would have Ken back in July 2018 todiscuss some of the changes in email attacks that we had beenobserving.When Ken happily agreed to return for a third appearance, FireEyeChief Intel Strategist, Christopher Porter was particularly glad thatit was his turn to pick his brain. During their chat, Ken andChristopher talked about the innovation behind our secure emailgateway, the intellectual property behind FireEye technologies fordetecting advanced threats that others miss, and some general trendsrelated to email threats that we’re seeing today.Check out the podcast right now, and learn more about how FireEyeEmail Security can help defend against today’s most widely used – andlesser known – email attacks.