Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's usage of cyber in Ukraine compares to previous phases of the conflict, how this activity is likely supporting battlefield operations, and how users of secure messaging applications can mitigate some of the risks associated with activity like this. 

https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capabilities of an enterprise in cyber defense. 

Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders. 

For more,  check out: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networks

Follow Michael on X at @aRtAGGI 

While many cyber threats and security issues are universal and
experienced by organizations in any part of the world, some are more
common to a particular region than others. Host Luke McNamara invited
Ryan Goss, Vice President for Latin America & the Caribbean, and Juan
Carlos Garcias Caparros, Director of Mandiant Consulting for Latin
America and the Caribbean, to talk specifically about cyber security
in Latin America.

Juan Carlos shares what threats we’ve seen our customers face in Latin
America. He also discusses the security culture in Latin America,
comparing maturity of organizations to those in United States or
Europe. We also explore whether attitudes are shifting around cyber
security in boardrooms. Ryan believes it’s moving in a good direction,
but that many companies still treat cyber security as an afterthought,
which leads to lower overall budgets and forces security teams to
focus on solutions that are “good enough” or at least allow them to
“check the compliance box”. Thus the importance of FireEye leading
with Mandiant Services and establishing ourselves as trusted advisors
and true partners for our customers.

We wrap up the episode by touching on cyber training, security
validation and unexpected activity from North Korea targeting
financial institutions throughout Latin America.

We’re kicking off Eye on Security in 2021 with a nation-state-themed
miniseries that focuses on the big four, which we recognize as North
Korea, Iran, China and Russia. In this episode, host Luke McNamara
invited Fred Plan, Senior Analyst for Mandiant Threat Intelligence,
onto the podcast to talk about North Korea.

Fred started our discussion by providing some background on the
country, how it operates geopolitically, and why they’ve shifted their
focus to a cyber capability. We also review their early cyber
operations that primarily targeted South Korea and their expansion to
the U.S. private sector with the Sony hack. Since then, North Korea
continues to be active in both financially-motivated and
espionage-related operations.

There are a lot of behaviors that make North Korean cyber operations
unique, due in part to the country being very closed off. Their cyber
operations have demonstrated rapid shifts in targeting, which likely
comes at the request of the regime. We most recently saw this with
their targeting of COVID-19 research and vaccine distribution. North
Korea hasn’t publicly reported on any COVID-19 cases, so their cyber
behavior offers us a glimpse into what might actually be going on
within the country.

As always, we like to predict what we’ll see next in a region or from
an actor. In this case, Fred says it’s quite difficult to know what
North Korea is up to next. Find out why when you listen to the
episode.

As the COVID-19 pandemic continues, cyber threats have worsened for
some industries across the globe. Universities with medical and
research facilities are increasingly being targeted by threat actors
because of the critical and valuable work they do surrounding
pandemic. Host Luke McNamara invited Monte Ratzlaff, Cyber Risk
Program Director at the University of California Office of the
President, to join us for this episode of Eye on Security so we could
discuss the important research they secure.

Monte and Luke reviewed the types of data UC protects, which includes
protected health information, payment card data, student data and
research data. Even with all that data, the threats UC faces are still
quite similar to what many other organizations face: phishing,
ransomware and nation-state attacks.

We shifted our discussion to the challenges of securing COVID-19
research; especially at a time where ransomware is particularly
rampant. Monte emphasized the critical need for organizations to know
their environment and have plans in place in case attacks get through
defenses.

Listen to the episode to hear insights on securing medical devices and
why Monte wouldn’t be surprised to see an uptick in insider threats as
a result of a larger remote workforce.

With 2020 coming to an end, we’ve released our 2021 cyber security
predictions report, videos with our senior leaders and more. Our host,
Luke McNamara asked General Earl Matthews, VP, Strategy for Mandiant
Security Validation to join him on 'Eye on Security' to discuss what
we can expect in the cyber space heading into a new year based on the
threat activity we’ve seen recently.

Ransomware isn’t going away any time soon, so Luke asked General
Matthews how he’s seen executives react to this new type of threat and
if that has impacted how they think of security. We also explore the
increasing risk ransomware poses to operational technology based on
some of the ransomware campaigns we have seen this year.

We also talk in depth about third-party risk—a risk that’s been around
for a long time, but that we’ll see increasingly exploited by threat
actors. General Matthews also shared some personal stories about his
time as a CISO that you won’t want to miss.

General Matthews and Luke finish their chat with an interesting look
at which industries have adopted security validation and the benefits
of this solution for providing proof of security effectiveness.

In this episode, we have something a little different. We're excited
that Sean Lygaas (@Snlyngaas), Senior Reporter at CyberScoop, has
joined host Luke McNamara to share a different perspective on many of
the same cyber security stories and events that we work on in parallel
here at FireEye.

Sean and Luke kick off their conversation by discussing which stories
Sean considers top priority. These days his mornings entail reviewing
election security, and then he starts chasing the timely stories he
finds most interesting. Sean also shared the difference between what
is news and what is research when it comes to writing a story.

With the election being so close, we of course turned to the topic of
disinformation. Sean shared the difficulties of writing about
information operations and his approach of attempting to report on it
without amplifying fear or paranoia. We also explored the impact and
intent of these operations.

Listen to the episode to hear Sean’s thoughts on the future of media
and news consumption, and the cybersecurity topics he thinks we will
be reading about in the news in the coming year.

Our customers expressed a desire for faster access to our intelligence
to focus on threat activity that matters to them, so we launched
Mandiant Advantage. Mandiant Advantage is a new SaaS platform that
allows our customers to engage across all areas of our expertise,
starting with threat intelligence.

For this episode of ‘Eye on Security’, our host, Luke McNamara is
joined by Jon Heit, Senior Manager of Intel Product Management, and
Jeff Guilfoyle, Principal Product Manager. We start by looking back at
where the idea for Mandiant Advantage came from and the problems the
platform aims to solve. One of the features we’re most excited about
is that our customers can get a visual representation of disparate
pieces of discovered threat actors, malware, vulnerabilities all
connected together regardless of the products and tools deployed. We
also explore the graduation process of adversarial group FIN11 and how
Mandiant Advantage will allow customers to continuously explore
activities of thousands of actors.

Listen to the podcast to hear how Mandiant Advantage can provide your
organization a front row seat into frontline threat intelligence to
focus on threats that matter to you.

The cyber skills shortage is a real problem. There just aren’t enough
qualified people to adequately meet the cyber security needs of all
organizations, and the problem is only expected to get worse. One of
the ways we address this challenge at FireEye is through internal and
external training courses. We invited two people involved in those
efforts to join our host, Luke McNamara for this episode of Eye on
Security: Dawn Hagen, Senior Director of Learning and Development, and
Dr. Brett Miller, Managing Director at Mandiant.

They spoke about the evolution and range of training that includes
product and product-agnostic courses. Brett shared insights on how we
adapted our courses to meet customer needs and market demands—efforts
that include opening up our training to individuals as well as the
general public. Dawn also noted that we have developed curricula
alongside clients who have requested custom courses, and that we
continue to teach some of these courses to this day.

Of course things are changing. While most of our training was
in-person for both internal and external courses, we have pivoted to
virtual training in light of recent global events. Currently, about 60
percent of our courses are available online, and we expect many of
these courses to remain online indefinitely—while still maintaining
the same quality as in-person classes.

Listen to the episode to dive into the development of our courses,
hear about our lab to lecture ratio, and find out why we’ve shifted to
ensuring students are able to perform tasks instead of just having the
knowledge to do it. And for more information about individual training
courses available to the public, check out our training schedule:
https://feye.io/30o4Zke

Ransomware continues to be one of the most significant cyber security
issues affecting organizations today. The attack is very effective and
can be carried out relatively cheaply, making for larger net profits.
With no end in sight to this nasty threat, Luke McNamara, our host and
Principal Analyst for FireEye, spoke with someone who has a front-row
seat into how organizations think about ransomware and other similar
threats. For that we turned to Charles Carmakal, our SVP & CTO for
Mandiant, and one of our leading incident response experts.

On this episode of our Eye on Security podcast, Charles and Luke
explore the rise and evolution of ransomware—from the early days of
threat actors automating ransomware infections without knowing who
their victim was, to the more recent trend of breaking into
organizations with known vulnerabilities, taking critical data,
deploying encryptors and asking for much more money.

They then turn their discussion to the C-suite. Charles shares
perspectives from the board when it comes to cyber threats, noting
that while leadership is much more aware of cyber security and risk
management than they were in the past, many still won’t understand the
gravity of the situation until it’s happening to them.

Closing out the conversation, Charles shares customer stories
involving nation-state intrusions, the use of public offensive
security tools by nation-states, and the struggles organizations have
had securing their now remote workforces.

Information operations (IO) gained prominent public attention in 2016
during the U.S. general election. Since then, new campaigns have
continued to be exposed, and the tactics actors employ have evolved.
In this episode of 'Eye on Security', Lee Foster, our Senior Manager
of Information Operations Intelligence Analysis, joins host Luke
McNamara to talk all about disinformation, a recent influence campaign
that we refer to as Ghostwriter, and what we could see play out in the
2020 general election.

We start with Lee sharing overall trends and changes in IO that his
team has observed since early 2016. We then discuss the increasing
usage of synthetic media (“deepfake”) images that threat actors are
employing in their campaigns, and how fabricated content is leveraged
in coordinated inauthentic activity across forums and social media.

Moving on to Ghostwriter, Lee describes all the tactics, techniques
and procedures related to this recent influence campaign, and goes on
to compare this activity to another well-known IO campaign: Secondary
Infektion.

Finally, no chat about disinformation would be complete without
discussing how it could play out during the 2020 U.S. general
election. Check out the episode today to hear Lee’s predictions for
the upcoming election and what the future holds for information
operations in general.

The Strategic Analysis team at Mandiant Threat Intelligence examines
hundreds of discrete data points from numerous sources, distilling
trends from that raw information to identify the most important,
common, and damaging cyber threats clients should prioritize in their
defensive strategies. That’s what we’re talking about on this week’s
episode of Eye on Security with our guest Kelli Vanderlee, Manager of
Strategic Analysis at FireEye.

Kelli shares the types of topics the team covers, including industry
and geographic-based reporting, trend analysis looking at the
evolution of actor types or tactics over time, and examinations of
cyber risks associated with common business situations, such as
mergers and acquisitions. Kelli and Luke also discuss the evolving
role of Chinese cyber espionage actors and how they may be becoming
more aggressive and risk-tolerant than previously believed. We also
delve into how the Belt and Road Initiative is driving cyber
espionage—from China and other nations. In terms of the geopolitics
driving cyber activity, Kelli believes we will continue to see more
nation-states invest in cyber capabilities, as the rewards for this
type of activity often outweigh the risks.

Listen to the episode to learn more about strategic analysis and the
trends Kelli’s team is tracking in 2020.

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  

For more on this research, please check out: 

Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-day
Cutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitation
Cutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistence
Cutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement

Follow John on X at  @Big_Bad_W0lf_
Follow Tyler on X at @tylabs

You’ve heard of security validation and know that it’s necessary to
test your security effectiveness, but do you know how our team
develops the right attacks to test your controls against threat
activity we see in real life?

On this episode of our Eye on Security podcast, Henry Peltokangas,
Director of Product Management, and Nart Villeneuve, Director of
Research & Collections, give us an inside look at what goes on behind
the scenes at Mandiant Security Validation.

We begin our chat by discussing some of the key benefits of security
validation. We then dive into the research Henry’s team conducts to
take tactics and techniques that adversaries use in the real world and
replicate them within the Mandiant Security Validation platform.

Nart and Henry go on to discuss how Mandiant Security Validation
replicates adversary activity across every stage of the attack
lifecycle, and then explain exactly why that is important. Finally, we
wrap up the episode by previewing some new features in upcoming
releases, and how Henry and Nart see security validation evolving in
the future.

To view the whitepaper mentioned during the episode, visit:
https://www.fireeye.com/current-threats/annual-threat-report/security-
effectiveness-report.html

In the latest episode of Eye on Security, our host Luke McNamara talks
all about the world of operational technology (OT) and cyber physical
systems with one of our foremost experts on the topic: Nathan
Brubaker, Senior Manager of Analysis for Mandiant Threat Intelligence.


Nathan kicked off the chat by explaining what exactly we mean when we
use the term ‘cyber physical.’ They then turned their attention to
related threats. As it turns out, there are far less attempts by
attackers to target these systems than one might believe. Nathan went
on to discuss some of the fundamental differences between OT and
information technology (IT) systems, and then explained how OT is
becoming more similar to IT, which makes those systems more vulnerable
to compromise. Fortunately, even though OT security typically lags
behind that of IT systems, it’s definitely moving forward in the right
direction.

Listen to the podcast today, and check out the following blog posts
referenced by Nathan during the episode:

• Financially Motivated Actors Are Expanding Access Into OT: Analysis
of Kill Lists That Include OT Processes Used With Seven Malware
Families: https://feye.io/2Wn6jlr
• Monitoring ICS Cyber Operation Tools and Software Exploit Modules To
Anticipate Future Threats: https://feye.io/2B5WrVI
• Ransomware Against the Machine: How Adversaries are Learning to
Disrupt Industrial Production by Targeting IT and OT:
https://feye.io/3j4l1Y5
• The FireEye Approach to Operational Technology Security:
https://feye.io/2DImy5T
• TRITON Actor TTP Profile, Custom Attack Tools, Detections, and
ATT&CK Mapping: https://feye.io/2Wk58CX

We commonly see the same threat actors, techniques and malware popping
up in all corners of the globe, but that doesn’t mean each region
isn’t affected differently. In this episode, our host Luke McNamara,
Principal Analyst for Mandiant Threat Intelligence is joined by Yihao
Lim, Principal Analyst for Mandiant Threat Intelligence, to discuss
cyber security and threats related specifically to the Asia Pacific
(APAC) region.

COVID-19 has brought on a rapid shift to remote work. Many
organizations were unprepared, so they quickly turned to collaboration
platforms that could help employees get back to work. But with more
applications comes a bigger attack surface.

On today’s Eye on Security podcast, Luke McNamara, Principal Analyst
for Mandiant Threat Intelligence talks with Marcus Troiano, Managing
Consultant for Mandiant, about collaboration platform security.

We begin the episode by discussing overall best practices for
collaboration tools, including those used for chatting, video and
audio conferencing, and file sharing. The increased use of these tools
has made them a bigger target of attackers and organizations need to
ensure employees are aware of and protected against relevant threats.

Later in the episode, Marcus and Luke discuss issues surrounding the
use of personal devices for work, which can lead to issues such as
accidental data leakage. We also provide a list of recommendations on
how to keep virtual meetings secure so no one can listen in on a
meeting, as well as how to properly share a screen without
inadvertently disclosing confidential data.

Listen to the episode today, and check out our related blog post for
even more
information:https://www.fireeye.com/blog/executive-perspective/2020/04
/security-best-practices-for-collaboration-platforms.html

COVID-19 has rapidly taken over the headlines across the globe. As
with many other major events, threat actors are quick to adapt
relevant topics as part of their phishing campaigns to increase the
likelihood of success. The same rings true for COVID-19, especially
due to its global impact.

On this latest Eye on Security podcast, John Atrache, Principal
Consultant for Mandiant, joins me to discuss all things email in the
time of COVID-19. We cover a variety of topics, including how threat
actors are continuously updating their phishing campaigns as new
developments around the pandemic arise. We also cover the importance
of organizations increasing their vigilance during these challenging
times, and how to implement quick and effective hardening controls to
mitigate the risk of successful phishing attack.


Listen to the episode today, and then learn even more by checking out
our blog post on COVID-19 themed phishing attacks and how to manage
email phishing risks:
https://www.fireeye.com/blog/executive-perspective/2020/03/managing-em
ail-phishing-risks.html

We are back with the second part of our M-Trends podcast where Luke
McNamara, Principal Analyst continues discussing highlights and
insights from this year’s report with Jurgen Kutscher, EVP of Mandiant
Solutions.

We pick back up with the nature of multiple attackers in an
environment—notably, whether or not they are aware of other attackers
in the environment and if they are collaborating. Jurgen then
discusses the rise of insider threats and how organizations can
improve the monitoring and detection of insider threats.

Ransomware use continues to rise—attackers are having success and
generating revenue, so we don’t expect this trend to level off any
time soon. Jurgen provides steps that organizations can take to reduce
their risk of falling victim to ransomware, and suggests organizations
take a look at our ransomware white paper for more containment
strategies:
https://www.fireeye.com/content/dam/fireeye-www/current-threats/pdfs/w
p-ransomware-protection-and-containment-strategies.pdf

Check out our podcast today, and also hear Jurgen’s top cyber security
recommendations for 2020.

FireEye released M-Trends 2020 earlier this year to provide visibility
into frontline investigations of the most interesting and impactful
cyber attacks of the year. In this first episode of our two-part
M-Trends 2020 podcast, Luke McNamara discusses the report with Jurgen
Kutscher, EVP of Mandiant Solutions.

We begin the episode by highlighting the key themes from M-Trends
2020, such as dwell time and the continued exploitation of legitimate
credentials. Jurgen discusses the decrease in dwell time and whether
it’s due to organizations getting better at detections or the changing
nature of attacks. You’ll also hear about trends in cloud security and
recommendations for the healthcare industry when it comes to cloud, as
well as insights into compromise detection by third parties.

Listen to the podcast today to dive into M-Trends 2020, and be sure to
tune in for part two where we discuss insider threats, ransomware, and
Jurgen’s recommendations for the year ahead.

In this latest episode, we featured M-Trends contributors Dominik
Weber (Director - FLARE) and Dan Perez (Manager - Adversary Pursuit)
to take us on a deep dive of our annual M-Trends report. We discussed
how key metrics from our incident response investigations changed,
including: dwell times, source of notification, number of threat
actors tracked, and malware families/trends broken down by operating
system. Additionally, we highlighted things that stood out to Dominik
and Dan, including:
-Malware that used email for command and control
-Malware that leveraged cryptography to protect further stages for
analysis [execution guardrails!]
-How FLARE determines whether a malware sample is a "new" family vs a
variant of an existing family we've seen before
-Targeted ransomware trends
-Chinese threat groups who have been active lately (APT40, APT41,
APT5, and several uncategorized clusters), as well as how the recent
US Justice Department indictments may have impacted operations by
those APT groups
-Dominik's involvement in the annual FLARE-ON challenge and what it's
like to create a challenge (encrypted web shell)

For the full M-Trends report, visit:
https://www.fireeye.com/current-threats/annual-threat-report/mtrends.h
tml

To find out more about the FLARE-On challenge, visit:
http://flare-on.com/

Cloud security is more important today than ever before. To learn more
about the topic, Luke McNamara sat down with Martin Holste, CTO for
Cloud at FireEye, Chris Schreiber, FireEye product strategist, and JR
Weiks, FireEye security principal engineer.

In this first of two podcasts on cloud security, they discuss some of
the security challenges that occur when migrating to the cloud,
specifically highlighting some of the common problems that quickly
rise to the top once that journey begins. Additionally, they dive into
some of the different tactics that threat actors use to exploit cloud
infrastructure and how organizations can protect themselves.

Check out the podcast, and for more information head over to our
FireEye Cloud Security page and our FireEye Partnership with AWS page.

Cloud security is more important today than ever before. Luke McNamara
was joined once again by Martin Holste, CTO for Cloud at FireEye,
Chris Schreiber, FireEye product strategist, and JR Weiks, FireEye
security principal engineer.

In this second of two podcasts on cloud security, they examine how the
point products and various processes that make up cyber security today
will set the stage for the future of security operations centers
(SOC). The ideal way to initiate this transformation to the SOC of
tomorrow is with a single cyber security platform such as FireEye
Helix, which is a cloud-hosted security operations platform.
Integrating visibility, protection and detection with advanced
analytics is not a dream of the future, but an achievable reality
right now.

Check out the podcast, and also learn more about how FireEye Helix
seamlessly integrates disparate security tools and augments them with
next generation SIEM, orchestration and threat intelligence
capabilities to capture the untapped potential of security
investments.

Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report.  Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. 

For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends

In October 2019, FireEye launched its Purple Team and Continuous
Purple Team Assessments to enable organizations to quantifiably
evaluate security controls and programs against Verodin simulated
attack scenarios. With Purple Team Assessments, Mandiant experts guide
an organization’s security team through highly-realistic attack
scenarios.

Luke McNamara spoke with one of our global red team leads who is on
the front lines managing this new offering, Evan Pena. During their
discussion, Evan explains what exactly a purple team is vs. a
traditional red and blue team, what are the outputs/deliverables that
come from a purple team, in what capacity will Verodin be used to
deliver this new offering, and more.

For more information about FireEye Mandiant Purple Team Assessments,
including the FireEye Verodin Security Instrumentation Platform (SIP),
please visit
https://www.fireeye.com/services/purple-team-assessment.html

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEye
Intelligence, EMEA at FireEye on the EMEA threat landscape. In their
discussion, Jens spoke on the multidimensional threats to the region,
what those threats look like today, election security affecting these
countries, and continued challenges for the public and private sector.

Luke McNamara spoke with Jens Christian Høy Monrad, Head of FireEye
Intelligence, EMEA at FireEye on the EMEA threat landscape. In their
discussion, Jens spoke on the multidimensional threats to the region,
what those threats look like today, election security affecting these
countries, and continued challenges for the public and private sector.

The healthcare industry faces a range of threat actors and malicious
activity. FireEye EVP, Products, Grady Summers spoke with Principal
Analyst, Luke McNamara on the types of financially motivated cyber
threat activity impacting healthcare organizations, nation states
threats that the healthcare sector should be aware of, and how the
threat landscape for healthcare organizations evolve in the future.

The importance of being prepared cannot be understated. Companies
experiencing an email compromise must undertake costly investigations
involving forensics services and data mining of affected inboxes to
see if sensitive information has been impacted. If that isn’t bad
enough, productivity and reputation also stand to take a hit.

To shine some light on the business email compromise threat and how
best to defend against it, FireEye EVP and CTO Grady Summers sat down
with Ken Bagnall, VP for Email Security at FireEye, and Lauren
Winchester, Privacy Breach Response Services Manager at Beazley.
During their chat, the trio discussed awareness, prevention and a new
unique offering from FireEye and Beazley.

In April 2018, FireEye CTO, Grady Summers had the opportunity to talk
about some of the latest features of FireEye Email Security with Ken
Bagnall, VP for Email Security at FireEye. Their conversation ended up
being one of our more popular 'Eye on Security' podcast episodes, so
it was a no-brainer that Grady would have Ken back in July 2018 to
discuss some of the changes in email attacks that we had been
observing.

When Ken happily agreed to return for a third appearance, FireEye
Chief Intel Strategist, Christopher Porter was particularly glad that
it was his turn to pick his brain. During their chat, Ken and
Christopher talked about the innovation behind our secure email
gateway, the intellectual property behind FireEye technologies for
detecting advanced threats that others miss, and some general trends
related to email threats that we’re seeing today.

Check out the podcast right now, and learn more about how FireEye
Email Security can help defend against today’s most widely used – and
lesser known – email attacks.

In recent weeks FireEye has been talking all about Expertise On
Demand, our annual subscription service that gives customers access to
security experts and more. As FireEye Chief Intelligence Strategist,
it has been exciting to see the transformation on the Intelligence
side of things, but to get a better look at the Expertise On Demand
service as a whole we turned to Gareth Maclachlan, VP of Strategy and
Product Management.

In our latest Eye on Security podcast, Gareth and Christopher discuss
everything from how the Expertise On Demand service works and what
makes it unique, to the overall experience for customers and partners.
Gareth also talks about what prompted FireEye to offer Expertise On
Demand in the first place, including an all-too-familiar problem in
the industry: a shortage of trained security professionals.

The United States District Attorney’s Office for the Western District
of Washington recently unsealed indictments and announced the arrests
of three individuals linked to a criminal organization we have been
tracking since 2015 as FIN7. With the threat group in the news quite a
bit lately, FireEye CTO, Grady Summers sat down to discuss the actors
and the arrests with two of the foremost FIN7 experts: Nick Carr and
Barry Vengerik from FireEye’s Advanced Practices Team.

They discussed a wide variety of topics, including FIN7’s targeting,
why they chose the particular sectors that they did, how they gained
an initial foothold in organizations, their tools and tactics,
techniques and procedures (TTPs), some of the methods FireEye used to
track the group, and some of the ways FIN7 activity changed following
arrests made as far back as January 2018.

More information on FIN7 and many other threat groups can be found in
our Intel Portal as part of our FireEye iSIGHT Threat Intelligence
offering.

Back in April 2018, FireEye CTO, Grady Summers had the chance to talk
with Ken Bagnall, VP for Email Security at FireEye. At the time, Ken
and Grady chatted about FireEye’s acquisition of the company The Email
Laundry, which took place late 2017, and about some of the new
capabilities that was gained in FireEye Email Security from that
integration. They also discussed some of the trends that had been
observed in the email security space.

Grady recently met back up with Ken to continue their chat, and this
time were also joined by Levi Lloyd, Senior Manager for Detection
Services at FireEye. During the conversation, the three of them dove a
little bit deeper into some of the details behind the changes in email
attacks that they've seen. They then went on to discuss some of the
really cutting-edge techniques that FireEye is using to respond to
those email attacks, including blocking impersonation attacks and
URL-based attacks.

Check-out the podcast, and also learn more about how FireEye Email
Security can help defend against today’s most widely used – and lesser
known – email attacks.

Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why certain sectors see more targeting, and more.

FireEye Chief Intelligence Strategist, Christopher Porter had the
opportunity to speak with Jared Semrau, head of our Vulnerability and
Exploitation intelligence team. Jared discusses how his team gathers
information on new and existing exploitable bugs, combines that with
what FireEye knows from engagements and device detections, and how
they map that intelligence to known threat actors. There are a lot of
myths going around about how vulnerability management should be
handled and this discussion helped cut through a lot of that.

Listen to the podcast to join this conversation and to learn why
FireEye rates less than 0.01% of its vulnerabilities as critical,
compared to 10% of vulnerabilities being rated critical by public
sources. Jared did a great job explaining for me how this focus on
only the truly critical and exploitable vulnerabilities helps our
clients better utilize their limited threat hunting resources and keep
operational systems online as much as possible without unnecessary
out-of-cycle patching.

It’s hard to believe, but April 2018 marked the release of our 9th
edition of M-Trends. To learn more about the latest report, FireEye
CTO, Grady Summers sat down and spoke with one of the key
contributors: Jurgen Kutscher, senior vice president responsible for
all Mandiant Consulting and Managed Defense offerings at FireEye.

During their conversation, Jurgen and Grady discussed a wide variety
of topics touched on in the M-Trends report, including the significant
increase in attacks originating from threat actors sponsored by Iran,
a typically dwindling global median dwell time increasing from 99 days
in 2016 to 101 days in 2017, how more than half of organizations that
were victims of a targeted attack were getting re-attacked by the same
or similarly motivated threat actors, and much more.

Check out our podcast today, and also read the M-Trends report to
explore the latest and greatest trends that define today’s threat
landscape at
https://www.fireeye.com/current-threats/annual-threat-report/mtrends.h
tml

FireEye CTO, Grady Summers discussed email security with Ken Bagnall,
VP of the FireEye Email Security side of the business. Ken came to
FireEye following its 2017 acquisition of The Email Laundry, where he
was a founder and CEO.
<br>
<br>
During their chat, Ken and Grady discussed a wide variety of topics,
including Ken's history in the industry and how he got into email
security, how the merging of The Email Laundry with FireEye was the
perfect fit, up-and-coming email threats such as malware-less attacks
and imposter-based attacks, and what FireEye is doing to stay ahead of
these threats and ensure customers remain protected.
<br>
<br>
Check out the podcast, and learn more about how FireEye Email Security
can help defend against today's most widely used - and lesser known -
email attacks.

Chris Porter, chief intelligence strategist at FireEye had the
opportunity to speak with Parnian Najafi Borazjani, senior cyber
security analyst at FireEye, and Michael Rastigue, vice president,
cyber risk practice growth leader for the central zone at Marsh, on
cyber threats to the manufacturing industry.

Listen to the podcast to learn about today's threats, including who
the bad actors are, what assets are they going after, and what are
some possible motivators for bad actors to target the industry.
Additionally, Parnian and Michael discussed common exploit routes, and
improvement in risk mitigation and transfer options.

Chris Porter, chief intelligence strategist at FireEye had the
opportunity to speak with Parnian Najafi Borazjani, senior cyber
security analyst at FireEye, and Michael Rastigue, vice president,
cyber risk practice growth leader for the central zone at Marsh, on
cyber threats to the manufacturing industry.

Listen to the podcast to learn about today's threats, including who
the bad actors are, what assets are they going after, and what are
some possible motivators for bad actors to target the industry.
Additionally, Parnian and Michael discussed common exploit routes, and
improvement in risk mitigation and transfer options.

FireEye CTO, Grady Summers spoke about cyber security in 2018 with
FireEye CSO, Steve Booth. They touched on various topics, including
the threat landscape, threat actor techniques, nation-state activity,
and the General Data Protection Regulation (GDPR).

Check-out the podcast to hear more about what the new year has in
store, and also learn a little bit about what organizations should be
doing to stay ahead of these threats – everything from basic upkeep to
managing priorities.

Grady Summers, CTO, FireEye recently sat down to speak about FireEye
Helix with Paul Nguyen, Vice President and General Manager for Helix
at FireEye. During their conversation, Paul reiterated a key focus of
Helix, which is to the help analysts be more effective at their jobs.

Check out the podcast to hear all about the latest release (Helix
1.2), how FireEye is able to pivot data from the consul through
orchestration, and more.

Chris Porter, chief intelligence strategist at FireEye recently sat
down with Jeffrey Ashcraft, senior analyst at FireEye, and Matthew
McCabe, senior vice president and advisory specialist at Marsh, to
discuss cyber threats to the utilities sector and how much of what you
see hackers do in the movies really happens when utilities are
breached in the real world?

Listen to our podcast to find out what the difference between an
espionage attempt and preparation for an attack is, the importance of
terms and conditions in cyber insurance, and how to best distinguish
between an attack and an intrusion to your organization.

Given recent high-profile incidents, cyber security has quickly risen
to the top of the priority list for many organizations, including
governments. As with many organizations these days, government
information technology and security is migrating to the cloud. As
government and public education entities migrate to Office 365, Google
Mail or other solutions for their primary email management service,
theyâre also looking for email security that delivers advanced
threat protection, and this requires a service that is FedRAMP
authorized. FireEye CTO Grady Summers spoke with FireEye Global Govt
CTO, Tony Cole and Risk Management Lead, Stacey Ziegler on how FireEye
will support the government as it moves to the cloud.

FireEye CTO, Grady Summers interviewed Kevin Mandia in the summer of
2016 to discuss his goals as FireEye's newest CEO. One year later he
has caught-up with Kevin to discuss his âOne Teamâ philosophy, the
successful launch of Helix, and his love of overcoming challenges.

Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more. 

FireEye CTO, Grady Summers caught-up with John Miller, manager of
threat intelligence to discuss his thoughts on the current threat
landscape.

John touched on preventative steps organizations can put in place,
popular attack methods and trends he’s observed from the front lines
of our cyber investigations.

Matt Snyder, chief information security officer for the Penn State
Milton S. Hershey Medical Center joins Grady Summers, FireEye chief
technology officer, for a thought-provoking discussion spanning a
broad range of security-related topics. Organizations in the
healthcare sector are experiencing exponentially increasing levels of
targeted attacks from organized crime and nation states: Matt shares
his approach to creating a holistic strategy to protect his complex
environment.

In this podcast, Dan Scali, senior manager for Mandiant consulting and
Grady Summers, FireEye Chief Technology Officer, discuss key issues in
critical infrastructure and industrial control systems. Bank data
centers, nuclear power plants, and water plants make up this niche
area of information security thatâs quickly gained increased
importance with recent high profile breaches. Dan covers some of the
vulnerabilities these organizations have, including lack of network
segmentation and patching, and how this allows everything from
crimeware to nation state attacks to threaten the integrity of
critical systems. Organizations of all sizes need a pragmatic approach
to security by adopting holistic security programs, employing
enterprise wide monitoring, and ensuring they have incident response
plans in place. Dan discusses some of the ways Mandiant consultants
are helping these organizations in these areas including program
development and non-invasive ICS health checks.