The Defender's Advantage Podcast

“Legitimate access rules the threat landscape”, says Jon Ford,Managing Director at Mandiant. In addition to loss of intellectualproperty, malicious insiders are increasingly impacting organizationalreputation, customer trust and investor confidence. There’s a lot moreto insider cyber security threats than disgruntled employees, which isthe first thing that comes to mind for most when they think of thisthreat. Jon Ford, Managing Director of Mandiant, and Johnny Collins,Director of Mandiant, joined us to break down what insider threats areand the trends Mandiant is seeing in recent investigations.Johnny began by defining insider threats—from unintended linkclicking, all the way up to human enabled technical operations (thinkmeet-ups in parks while avoiding all electronic communications thatyou see in movies). Both Johnny and Jon shared how organizations onthe commercial and government sides are thinking about insider threatsas part of their overall risk and security posture, and how clientsare approaching insider threat security from a behavior-focusedapproach as opposed to targeting or profiling individuals.Then we got to the good part: stories from recent investigationsthey’ve worked on through Mandiant’s Insider Threat Security Servicesofferings. You might be surprised by the outcomes of a few of them.Johnny and Jon went on to highlight the various tiers of Mandiant’sInsider Threat Program Assessments and Mandiant’s Insider ThreatSecurity as a Service offering with Mandiant Intelligence. Johnny andJon close with shared thoughts on the growing Insider Threat trendswe’ll see in the near future.

While many cyber threats and security issues are universal andexperienced by organizations in any part of the world, some are morecommon to a particular region than others. Host Luke McNamara invitedRyan Goss, Vice President for Latin America & the Caribbean, and JuanCarlos Garcias Caparros, Director of Mandiant Consulting for LatinAmerica and the Caribbean, to talk specifically about cyber securityin Latin America.Juan Carlos shares what threats we’ve seen our customers face in LatinAmerica. He also discusses the security culture in Latin America,comparing maturity of organizations to those in United States orEurope. We also explore whether attitudes are shifting around cybersecurity in boardrooms. Ryan believes it’s moving in a good direction,but that many companies still treat cyber security as an afterthought,which leads to lower overall budgets and forces security teams tofocus on solutions that are “good enough” or at least allow them to“check the compliance box”. Thus the importance of FireEye leadingwith Mandiant Services and establishing ourselves as trusted advisorsand true partners for our customers.We wrap up the episode by touching on cyber training, securityvalidation and unexpected activity from North Korea targetingfinancial institutions throughout Latin America.

We’re kicking off Eye on Security in 2021 with a nation-state-themedminiseries that focuses on the big four, which we recognize as NorthKorea, Iran, China and Russia. In this episode, host Luke McNamarainvited Fred Plan, Senior Analyst for Mandiant Threat Intelligence,onto the podcast to talk about North Korea.Fred started our discussion by providing some background on thecountry, how it operates geopolitically, and why they’ve shifted theirfocus to a cyber capability. We also review their early cyberoperations that primarily targeted South Korea and their expansion tothe U.S. private sector with the Sony hack. Since then, North Koreacontinues to be active in both financially-motivated andespionage-related operations.There are a lot of behaviors that make North Korean cyber operationsunique, due in part to the country being very closed off. Their cyberoperations have demonstrated rapid shifts in targeting, which likelycomes at the request of the regime. We most recently saw this withtheir targeting of COVID-19 research and vaccine distribution. NorthKorea hasn’t publicly reported on any COVID-19 cases, so their cyberbehavior offers us a glimpse into what might actually be going onwithin the country.As always, we like to predict what we’ll see next in a region or froman actor. In this case, Fred says it’s quite difficult to know whatNorth Korea is up to next. Find out why when you listen to theepisode.

As the COVID-19 pandemic continues, cyber threats have worsened forsome industries across the globe. Universities with medical andresearch facilities are increasingly being targeted by threat actorsbecause of the critical and valuable work they do surroundingpandemic. Host Luke McNamara invited Monte Ratzlaff, Cyber RiskProgram Director at the University of California Office of thePresident, to join us for this episode of Eye on Security so we coulddiscuss the important research they secure.Monte and Luke reviewed the types of data UC protects, which includesprotected health information, payment card data, student data andresearch data. Even with all that data, the threats UC faces are stillquite similar to what many other organizations face: phishing,ransomware and nation-state attacks.We shifted our discussion to the challenges of securing COVID-19research; especially at a time where ransomware is particularlyrampant. Monte emphasized the critical need for organizations to knowtheir environment and have plans in place in case attacks get throughdefenses.Listen to the episode to hear insights on securing medical devices andwhy Monte wouldn’t be surprised to see an uptick in insider threats asa result of a larger remote workforce.

With 2020 coming to an end, we’ve released our 2021 cyber securitypredictions report, videos with our senior leaders and more. Our host,Luke McNamara asked General Earl Matthews, VP, Strategy for MandiantSecurity Validation to join him on 'Eye on Security' to discuss whatwe can expect in the cyber space heading into a new year based on thethreat activity we’ve seen recently.Ransomware isn’t going away any time soon, so Luke asked GeneralMatthews how he’s seen executives react to this new type of threat andif that has impacted how they think of security. We also explore theincreasing risk ransomware poses to operational technology based onsome of the ransomware campaigns we have seen this year.We also talk in depth about third-party risk—a risk that’s been aroundfor a long time, but that we’ll see increasingly exploited by threatactors. General Matthews also shared some personal stories about histime as a CISO that you won’t want to miss.General Matthews and Luke finish their chat with an interesting lookat which industries have adopted security validation and the benefitsof this solution for providing proof of security effectiveness.

In this episode, we have something a little different. We're excitedthat Sean Lygaas (@Snlyngaas), Senior Reporter at CyberScoop, hasjoined host Luke McNamara to share a different perspective on many ofthe same cyber security stories and events that we work on in parallelhere at FireEye.Sean and Luke kick off their conversation by discussing which storiesSean considers top priority. These days his mornings entail reviewingelection security, and then he starts chasing the timely stories hefinds most interesting. Sean also shared the difference between whatis news and what is research when it comes to writing a story.With the election being so close, we of course turned to the topic ofdisinformation. Sean shared the difficulties of writing aboutinformation operations and his approach of attempting to report on itwithout amplifying fear or paranoia. We also explored the impact andintent of these operations.Listen to the episode to hear Sean’s thoughts on the future of mediaand news consumption, and the cybersecurity topics he thinks we willbe reading about in the news in the coming year.

Our customers expressed a desire for faster access to our intelligenceto focus on threat activity that matters to them, so we launchedMandiant Advantage. Mandiant Advantage is a new SaaS platform thatallows our customers to engage across all areas of our expertise,starting with threat intelligence.For this episode of ‘Eye on Security’, our host, Luke McNamara isjoined by Jon Heit, Senior Manager of Intel Product Management, andJeff Guilfoyle, Principal Product Manager. We start by looking back atwhere the idea for Mandiant Advantage came from and the problems theplatform aims to solve. One of the features we’re most excited aboutis that our customers can get a visual representation of disparatepieces of discovered threat actors, malware, vulnerabilities allconnected together regardless of the products and tools deployed. Wealso explore the graduation process of adversarial group FIN11 and howMandiant Advantage will allow customers to continuously exploreactivities of thousands of actors.Listen to the podcast to hear how Mandiant Advantage can provide yourorganization a front row seat into frontline threat intelligence tofocus on threats that matter to you.

The cyber skills shortage is a real problem. There just aren’t enoughqualified people to adequately meet the cyber security needs of allorganizations, and the problem is only expected to get worse. One ofthe ways we address this challenge at FireEye is through internal andexternal training courses. We invited two people involved in thoseefforts to join our host, Luke McNamara for this episode of Eye onSecurity: Dawn Hagen, Senior Director of Learning and Development, andDr. Brett Miller, Managing Director at Mandiant.They spoke about the evolution and range of training that includesproduct and product-agnostic courses. Brett shared insights on how weadapted our courses to meet customer needs and market demands—effortsthat include opening up our training to individuals as well as thegeneral public. Dawn also noted that we have developed curriculaalongside clients who have requested custom courses, and that wecontinue to teach some of these courses to this day.Of course things are changing. While most of our training wasin-person for both internal and external courses, we have pivoted tovirtual training in light of recent global events. Currently, about 60percent of our courses are available online, and we expect many ofthese courses to remain online indefinitely—while still maintainingthe same quality as in-person classes.Listen to the episode to dive into the development of our courses,hear about our lab to lecture ratio, and find out why we’ve shifted toensuring students are able to perform tasks instead of just having theknowledge to do it. And for more information about individual trainingcourses available to the public, check out our training schedule:https://feye.io/30o4Zke

Ransomware continues to be one of the most significant cyber securityissues affecting organizations today. The attack is very effective andcan be carried out relatively cheaply, making for larger net profits.With no end in sight to this nasty threat, Luke McNamara, our host andPrincipal Analyst for FireEye, spoke with someone who has a front-rowseat into how organizations think about ransomware and other similarthreats. For that we turned to Charles Carmakal, our SVP & CTO forMandiant, and one of our leading incident response experts.On this episode of our Eye on Security podcast, Charles and Lukeexplore the rise and evolution of ransomware—from the early days ofthreat actors automating ransomware infections without knowing whotheir victim was, to the more recent trend of breaking intoorganizations with known vulnerabilities, taking critical data,deploying encryptors and asking for much more money.They then turn their discussion to the C-suite. Charles sharesperspectives from the board when it comes to cyber threats, notingthat while leadership is much more aware of cyber security and riskmanagement than they were in the past, many still won’t understand thegravity of the situation until it’s happening to them.Closing out the conversation, Charles shares customer storiesinvolving nation-state intrusions, the use of public offensivesecurity tools by nation-states, and the struggles organizations havehad securing their now remote workforces.

Information operations (IO) gained prominent public attention in 2016during the U.S. general election. Since then, new campaigns havecontinued to be exposed, and the tactics actors employ have evolved.In this episode of 'Eye on Security', Lee Foster, our Senior Managerof Information Operations Intelligence Analysis, joins host LukeMcNamara to talk all about disinformation, a recent influence campaignthat we refer to as Ghostwriter, and what we could see play out in the2020 general election.We start with Lee sharing overall trends and changes in IO that histeam has observed since early 2016. We then discuss the increasingusage of synthetic media (“deepfake”) images that threat actors areemploying in their campaigns, and how fabricated content is leveragedin coordinated inauthentic activity across forums and social media.Moving on to Ghostwriter, Lee describes all the tactics, techniquesand procedures related to this recent influence campaign, and goes onto compare this activity to another well-known IO campaign: SecondaryInfektion.Finally, no chat about disinformation would be complete withoutdiscussing how it could play out during the 2020 U.S. generalelection. Check out the episode today to hear Lee’s predictions forthe upcoming election and what the future holds for informationoperations in general.