The Defender's Advantage Podcast – Détails, épisodes et analyse

Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's usage of cyber in Ukraine compares to previous phases of the conflict, how this activity is likely supporting battlefield operations, and how users of secure messaging applications can mitigate some of the risks associated with activity like this. 

https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capabilities of an enterprise in cyber defense. 

Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders. 

For more,  check out: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks

Follow Michael on X at @aRtAGGI 

While many cyber threats and security issues are universal and
experienced by organizations in any part of the world, some are more
common to a particular region than others. Host Luke McNamara invited
Ryan Goss, Vice President for Latin America & the Caribbean, and Juan
Carlos Garcias Caparros, Director of Mandiant Consulting for Latin
America and the Caribbean, to talk specifically about cyber security
in Latin America.

Juan Carlos shares what threats we’ve seen our customers face in Latin
America. He also discusses the security culture in Latin America,
comparing maturity of organizations to those in United States or
Europe. We also explore whether attitudes are shifting around cyber
security in boardrooms. Ryan believes it’s moving in a good direction,
but that many companies still treat cyber security as an afterthought,
which leads to lower overall budgets and forces security teams to
focus on solutions that are “good enough” or at least allow them to
“check the compliance box”. Thus the importance of FireEye leading
with Mandiant Services and establishing ourselves as trusted advisors
and true partners for our customers.

We wrap up the episode by touching on cyber training, security
validation and unexpected activity from North Korea targeting
financial institutions throughout Latin America.

We’re kicking off Eye on Security in 2021 with a nation-state-themed
miniseries that focuses on the big four, which we recognize as North
Korea, Iran, China and Russia. In this episode, host Luke McNamara
invited Fred Plan, Senior Analyst for Mandiant Threat Intelligence,
onto the podcast to talk about North Korea.

Fred started our discussion by providing some background on the
country, how it operates geopolitically, and why they’ve shifted their
focus to a cyber capability. We also review their early cyber
operations that primarily targeted South Korea and their expansion to
the U.S. private sector with the Sony hack. Since then, North Korea
continues to be active in both financially-motivated and
espionage-related operations.

There are a lot of behaviors that make North Korean cyber operations
unique, due in part to the country being very closed off. Their cyber
operations have demonstrated rapid shifts in targeting, which likely
comes at the request of the regime. We most recently saw this with
their targeting of COVID-19 research and vaccine distribution. North
Korea hasn’t publicly reported on any COVID-19 cases, so their cyber
behavior offers us a glimpse into what might actually be going on
within the country.

As always, we like to predict what we’ll see next in a region or from
an actor. In this case, Fred says it’s quite difficult to know what
North Korea is up to next. Find out why when you listen to the
episode.

As the COVID-19 pandemic continues, cyber threats have worsened for
some industries across the globe. Universities with medical and
research facilities are increasingly being targeted by threat actors
because of the critical and valuable work they do surrounding
pandemic. Host Luke McNamara invited Monte Ratzlaff, Cyber Risk
Program Director at the University of California Office of the
President, to join us for this episode of Eye on Security so we could
discuss the important research they secure.

Monte and Luke reviewed the types of data UC protects, which includes
protected health information, payment card data, student data and
research data. Even with all that data, the threats UC faces are still
quite similar to what many other organizations face: phishing,
ransomware and nation-state attacks.

We shifted our discussion to the challenges of securing COVID-19
research; especially at a time where ransomware is particularly
rampant. Monte emphasized the critical need for organizations to know
their environment and have plans in place in case attacks get through
defenses.

Listen to the episode to hear insights on securing medical devices and
why Monte wouldn’t be surprised to see an uptick in insider threats as
a result of a larger remote workforce.

With 2020 coming to an end, we’ve released our 2021 cyber security
predictions report, videos with our senior leaders and more. Our host,
Luke McNamara asked General Earl Matthews, VP, Strategy for Mandiant
Security Validation to join him on 'Eye on Security' to discuss what
we can expect in the cyber space heading into a new year based on the
threat activity we’ve seen recently.

Ransomware isn’t going away any time soon, so Luke asked General
Matthews how he’s seen executives react to this new type of threat and
if that has impacted how they think of security. We also explore the
increasing risk ransomware poses to operational technology based on
some of the ransomware campaigns we have seen this year.

We also talk in depth about third-party risk—a risk that’s been around
for a long time, but that we’ll see increasingly exploited by threat
actors. General Matthews also shared some personal stories about his
time as a CISO that you won’t want to miss.

General Matthews and Luke finish their chat with an interesting look
at which industries have adopted security validation and the benefits
of this solution for providing proof of security effectiveness.

In this episode, we have something a little different. We're excited
that Sean Lygaas (@Snlyngaas), Senior Reporter at CyberScoop, has
joined host Luke McNamara to share a different perspective on many of
the same cyber security stories and events that we work on in parallel
here at FireEye.

Sean and Luke kick off their conversation by discussing which stories
Sean considers top priority. These days his mornings entail reviewing
election security, and then he starts chasing the timely stories he
finds most interesting. Sean also shared the difference between what
is news and what is research when it comes to writing a story.

With the election being so close, we of course turned to the topic of
disinformation. Sean shared the difficulties of writing about
information operations and his approach of attempting to report on it
without amplifying fear or paranoia. We also explored the impact and
intent of these operations.

Listen to the episode to hear Sean’s thoughts on the future of media
and news consumption, and the cybersecurity topics he thinks we will
be reading about in the news in the coming year.

Our customers expressed a desire for faster access to our intelligence
to focus on threat activity that matters to them, so we launched
Mandiant Advantage. Mandiant Advantage is a new SaaS platform that
allows our customers to engage across all areas of our expertise,
starting with threat intelligence.

For this episode of ‘Eye on Security’, our host, Luke McNamara is
joined by Jon Heit, Senior Manager of Intel Product Management, and
Jeff Guilfoyle, Principal Product Manager. We start by looking back at
where the idea for Mandiant Advantage came from and the problems the
platform aims to solve. One of the features we’re most excited about
is that our customers can get a visual representation of disparate
pieces of discovered threat actors, malware, vulnerabilities all
connected together regardless of the products and tools deployed. We
also explore the graduation process of adversarial group FIN11 and how
Mandiant Advantage will allow customers to continuously explore
activities of thousands of actors.

Listen to the podcast to hear how Mandiant Advantage can provide your
organization a front row seat into frontline threat intelligence to
focus on threats that matter to you.

The cyber skills shortage is a real problem. There just aren’t enough
qualified people to adequately meet the cyber security needs of all
organizations, and the problem is only expected to get worse. One of
the ways we address this challenge at FireEye is through internal and
external training courses. We invited two people involved in those
efforts to join our host, Luke McNamara for this episode of Eye on
Security: Dawn Hagen, Senior Director of Learning and Development, and
Dr. Brett Miller, Managing Director at Mandiant.

They spoke about the evolution and range of training that includes
product and product-agnostic courses. Brett shared insights on how we
adapted our courses to meet customer needs and market demands—efforts
that include opening up our training to individuals as well as the
general public. Dawn also noted that we have developed curricula
alongside clients who have requested custom courses, and that we
continue to teach some of these courses to this day.

Of course things are changing. While most of our training was
in-person for both internal and external courses, we have pivoted to
virtual training in light of recent global events. Currently, about 60
percent of our courses are available online, and we expect many of
these courses to remain online indefinitely—while still maintaining
the same quality as in-person classes.

Listen to the episode to dive into the development of our courses,
hear about our lab to lecture ratio, and find out why we’ve shifted to
ensuring students are able to perform tasks instead of just having the
knowledge to do it. And for more information about individual training
courses available to the public, check out our training schedule:
https://feye.io/30o4Zke