The Defender's Advantage Podcast

FireEye CTO, Grady Summers interviewed Kevin Mandia in the summer of2016 to discuss his goals as FireEye's newest CEO. One year later hehas caught-up with Kevin to discuss his âOne Teamâ philosophy, thesuccessful launch of Helix, and his love of overcoming challenges.

FireEye CTO, Grady Summers caught-up with John Miller, manager ofthreat intelligence to discuss his thoughts on the current threatlandscape.John touched on preventative steps organizations can put in place,popular attack methods and trends he’s observed from the front linesof our cyber investigations.

Matt Snyder, chief information security officer for the Penn StateMilton S. Hershey Medical Center joins Grady Summers, FireEye chieftechnology officer, for a thought-provoking discussion spanning abroad range of security-related topics. Organizations in thehealthcare sector are experiencing exponentially increasing levels oftargeted attacks from organized crime and nation states: Matt shareshis approach to creating a holistic strategy to protect his complexenvironment.

In this podcast, Dan Scali, senior manager for Mandiant consulting andGrady Summers, FireEye Chief Technology Officer, discuss key issues incritical infrastructure and industrial control systems. Bank datacenters, nuclear power plants, and water plants make up this nichearea of information security thatâs quickly gained increasedimportance with recent high profile breaches. Dan covers some of thevulnerabilities these organizations have, including lack of networksegmentation and patching, and how this allows everything fromcrimeware to nation state attacks to threaten the integrity ofcritical systems. Organizations of all sizes need a pragmatic approachto security by adopting holistic security programs, employingenterprise wide monitoring, and ensuring they have incident responseplans in place. Dan discusses some of the ways Mandiant consultantsare helping these organizations in these areas including programdevelopment and non-invasive ICS health checks.

Detecting today’s attacks is difficult. Attackers are moresophisticated, better funded and better organized. Moreover, theattacks are more targeted, with 80 percent of observed malware showingup just once and 68 percent of malware being used against only asingle organization. In many cases, malware isn’t even involved in theattacks – instead, the threat actors use a variety of tactics, some ofwhich have never been seen before.A well-designed architecture needs to detect even the mostsophisticated attacks, especially those designed to evade defensivemechanisms. Furthermore, it needs to detect those attacks withoutgenerating the false positives that may lead to security personnelmissing the true threats. Perhaps most importantly, alerts must comewith the context that enables security teams to prioritizeinvestigations and design a proper response.In our latest podcast, Josh Goldfarb discusses all of this and morewith Matt Allen, senior director of FireEye Labs.

Paul Nguyen, VP, Orchestration & Integration for FireEye discusses howorchestration levels the battlefield by leveraging FireEye's yearsof expertise battling the world's most consequential breaches.

I was fortunate to sit down with Michael Sikorski, Director, FireEyeLabs Advanced Reverse Engineering (FLARE) Team. During ourconversation we discussed the origin of the FLARE team, Michael’s book“Practical Malware Analysis: The Hands-On Guide to DissectingMalicious Software”, and the latest freeware tools FLOSS andFakeNet-NG.

Over the years we have seen our message of detect, respond, andcontain resonate through-out the cyber security industry. I wanted toexplore this mantra further by speaking with our Vice President,Mandiant Global Consulting â US Central & Latin America andExecutive Director, Strategic Services, Russell Teague.On this podcast we discuss how strategic services help by makingcompanies proactive in their security efforts, what the right level ofsecurity is for each organization, and the role board of directorsplay.

FireEye CEO Kevin Mandia took the helm of the company in mid-June witha tall order: to understand the current challenges and arrange all ofthe components to make FireEye the best security company in theindustry.In this Eye on Security podcast, FireEye Chief Technology OfficerGrady Summers talks with Kevin about why he’s so well positioned tolead the company, including why he started Mandiant, why he scrappedhis business plan after just 30 minutes, and how his experiences withMandiant will help him move FireEye forward.

Earlier this year FireEye’s Mandiant business unit launched Red TeamOperations, which consists of two unique services designed to assessthe strength an organizations’ security program: Red Team Assessmentsand Red Teaming for Security Operations.During Black Hat USA 2016 I met up with Marshall Heilman, VicePresident, Mandiant Consulting – West and Executive Director, IR andRed Team Operations to discuss how his team determines their approachfor each engagement and what differentiates Mandiant’s Red Team fromothers.