The Defender's Advantage Podcast cover image

The Defender's Advantage Podcast

Latest episodes

undefined
May 5, 2020 • 16min

Getting Ready for a New Era of COVID-19 Related Phishing

COVID-19 has rapidly taken over the headlines across the globe. Aswith many other major events, threat actors are quick to adaptrelevant topics as part of their phishing campaigns to increase thelikelihood of success. The same rings true for COVID-19, especiallydue to its global impact.On this latest Eye on Security podcast, John Atrache, PrincipalConsultant for Mandiant, joins me to discuss all things email in thetime of COVID-19. We cover a variety of topics, including how threatactors are continuously updating their phishing campaigns as newdevelopments around the pandemic arise. We also cover the importanceof organizations increasing their vigilance during these challengingtimes, and how to implement quick and effective hardening controls tomitigate the risk of successful phishing attack.Listen to the episode today, and then learn even more by checking outour blog post on COVID-19 themed phishing attacks and how to manageemail phishing risks:https://www.fireeye.com/blog/executive-perspective/2020/03/managing-email-phishing-risks.html
undefined
Apr 21, 2020 • 21min

A Deeper Discussion About M-Trends 2020, Part Two

We are back with the second part of our M-Trends podcast where LukeMcNamara, Principal Analyst continues discussing highlights andinsights from this year’s report with Jurgen Kutscher, EVP of MandiantSolutions.We pick back up with the nature of multiple attackers in anenvironment—notably, whether or not they are aware of other attackersin the environment and if they are collaborating. Jurgen thendiscusses the rise of insider threats and how organizations canimprove the monitoring and detection of insider threats.Ransomware use continues to rise—attackers are having success andgenerating revenue, so we don’t expect this trend to level off anytime soon. Jurgen provides steps that organizations can take to reducetheir risk of falling victim to ransomware, and suggests organizationstake a look at our ransomware white paper for more containmentstrategies:https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/wp-ransomware-protection-and-containment-strategies.pdfCheck out our podcast today, and also hear Jurgen’s top cyber securityrecommendations for 2020.
undefined
Apr 18, 2020 • 18min

A Deeper Discussion About M-Trends, Part One

FireEye released M-Trends 2020 earlier this year to provide visibilityinto frontline investigations of the most interesting and impactfulcyber attacks of the year. In this first episode of our two-partM-Trends 2020 podcast, Luke McNamara discusses the report with JurgenKutscher, EVP of Mandiant Solutions.We begin the episode by highlighting the key themes from M-Trends2020, such as dwell time and the continued exploitation of legitimatecredentials. Jurgen discusses the decrease in dwell time and whetherit’s due to organizations getting better at detections or the changingnature of attacks. You’ll also hear about trends in cloud security andrecommendations for the healthcare industry when it comes to cloud, aswell as insights into compromise detection by third parties.Listen to the podcast today to dive into M-Trends 2020, and be sure totune in for part two where we discuss insider threats, ransomware, andJurgen’s recommendations for the year ahead.
undefined
Mar 24, 2020 • 36min

S3E3: M-Trends 2020 Dwell Time is a Swell Time

In this latest episode, we featured M-Trends contributors DominikWeber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit)to take us on a deep dive of our annual M-Trends report. We discussedhow key metrics from our incident response investigations changed,including: dwell times, source of notification, number of threatactors tracked, and malware families/trends broken down by operatingsystem. Additionally, we highlighted things that stood out to Dominikand Dan, including:-Malware that used email for command and control-Malware that leveraged cryptography to protect further stages foranalysis [execution guardrails!]-How FLARE determines whether a malware sample is a "new" family vs avariant of an existing family we've seen before-Targeted ransomware trends-Chinese threat groups who have been active lately (APT40, APT41,APT5, and several uncategorized clusters), as well as how the recentUS Justice Department indictments may have impacted operations bythose APT groups-Dominik's involvement in the annual FLARE-ON challenge and what it'slike to create a challenge (encrypted web shell)For the full M-Trends report, visit:https://www.fireeye.com/current-threats/annual-threat-report/mtrends.htmlTo find out more about the FLARE-On challenge, visit:http://flare-on.com/
undefined
Nov 19, 2019 • 17min

The Cloud Revolution and the Future of the SOC

Cloud security is more important today than ever before. Luke McNamarawas joined once again by Martin Holste, CTO for Cloud at FireEye,Chris Schreiber, FireEye product strategist, and JR Weiks, FireEyesecurity principal engineer.In this second of two podcasts on cloud security, they examine how thepoint products and various processes that make up cyber security todaywill set the stage for the future of security operations centers(SOC). The ideal way to initiate this transformation to the SOC oftomorrow is with a single cyber security platform such as FireEyeHelix, which is a cloud-hosted security operations platform.Integrating visibility, protection and detection with advancedanalytics is not a dream of the future, but an achievable realityright now.Check out the podcast, and also learn more about how FireEye Helixseamlessly integrates disparate security tools and augments them withnext generation SIEM, orchestration and threat intelligencecapabilities to capture the untapped potential of securityinvestments.
undefined
Nov 19, 2019 • 16min

What to Anticipate When Migrating to the Cloud

Cloud security is more important today than ever before. To learn moreabout the topic, Luke McNamara sat down with Martin Holste, CTO forCloud at FireEye, Chris Schreiber, FireEye product strategist, and JRWeiks, FireEye security principal engineer.In this first of two podcasts on cloud security, they discuss some ofthe security challenges that occur when migrating to the cloud,specifically highlighting some of the common problems that quicklyrise to the top once that journey begins. Additionally, they dive intosome of the different tactics that threat actors use to exploit cloudinfrastructure and how organizations can protect themselves.Check out the podcast, and for more information head over to ourFireEye Cloud Security page and our FireEye Partnership with AWS page.
undefined
Oct 22, 2019 • 16min

Validating Detection & Response with Purple Team Assessments

In October 2019, FireEye launched its Purple Team and ContinuousPurple Team Assessments to enable organizations to quantifiablyevaluate security controls and programs against Verodin simulatedattack scenarios. With Purple Team Assessments, Mandiant experts guidean organization’s security team through highly-realistic attackscenarios.Luke McNamara spoke with one of our global red team leads who is onthe front lines managing this new offering, Evan Pena. During theirdiscussion, Evan explains what exactly a purple team is vs. atraditional red and blue team, what are the outputs/deliverables thatcome from a purple team, in what capacity will Verodin be used todeliver this new offering, and more.For more information about FireEye Mandiant Purple Team Assessments,including the FireEye Verodin Security Instrumentation Platform (SIP),please visithttps://www.fireeye.com/services/purple-team-assessment.html
undefined
Oct 15, 2019 • 18min

Scaling Up with Digital Threat Monitoring

undefined
Sep 26, 2019 • 11min

The EMEA Cyber Security Threat Landscape

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEyeIntelligence, EMEA at FireEye on the EMEA threat landscape. In theirdiscussion, Jens spoke on the multidimensional threats to the region,what those threats look like today, election security affecting thesecountries, and continued challenges for the public and private sector.
undefined
Aug 26, 2019 • 11min

Innovation Architecture: A New Way of Protecting Our Custome

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEyeIntelligence, EMEA at FireEye on the EMEA threat landscape. In theirdiscussion, Jens spoke on the multidimensional threats to the region,what those threats look like today, election security affecting thesecountries, and continued challenges for the public and private sector.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app