Hi [[ session.user.profile.firstName ]]

Operationalizing Threat Intelligence

In a rapidly evolving threat landscape with the realities of limited security program resources, it can be difficult for organizations to know what the most critical risks and exposures are, presently and looking forward. While most organizations recognize the importance of cyber threat intelligence (CTI), Mandiant consulting frequently finds organizations have limited capabilities to operationalize CTI throughout all aspects of their security program.

A recent online poll conducted by FireEye about the operational use of CTI found that 84% of responders use threat intelligence for business decision-making. 67% use it to make decisions about resources and security tools while 17% said they use it for risk assessment on new business initiatives. 17% don’t use it at all.

In this webinar, Jeff Berg, Senior Manager of Mandiant’s Cyber Threat Intelligence Services, discusses the role of intelligence in cyber security programs and steps organizations can take to transform security operations to be intelligence-led, so they can continuously adapt to the threat landscape, and ultimately infuse intelligence capabilities across the entire organization for informed decision making.
Recorded Nov 17 2016 51 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jeff Berg, Sr. Manager, Cyber Threat Intelligence Services, Mandiant
Presentation preview: Operationalizing Threat Intelligence
  • Channel
  • Channel profile
  • Malware Maelstrom: Guarding Against the Return of APT10 and its Subsets Apr 13 2021 11:00 am UTC 45 mins
    Adrien Bataille, Senior Consultant, FireEye Mandiant & Mitchell Clarke, Principal Consultant, FireEye Mandiant
    In 2020, during an incident response engagement, FireEye Mandiant stumbled upon APT10 for the first time since the U.S. indictments against the group in late 2018. Upon re-discovery and identification of the group’s new and evolved tooling, FireEye Mandiant determined that other previous incident response engagements that were largely unrecognized had likely featured APT10.

    This presentation will take a deep dive look into:
    ● How FireEye Mandiant re-discovered APT10 and the threat actor’s new malware and updated tools
    ● The difficulties in conducting malware-based attribution and possible subsets of APT10
    ● How organizations can spot this threat group and what defensive steps to take

    Be sure to check out all of the sessions in our FireEye Mandiant Virtual Summit 2021, Innovation Forward. A New Era of Resilience. - Live on April 13-15. https://virtualsummit.fireeye.com/
  • A Playbook for Resiliency: Contain and Remediate Ransomware Before It Can Act Apr 13 2021 9:00 am UTC 60 mins
    Mitchell Clarke, Principal Consultant, FireEye Mandiant & Phil Pearce, Senior Consultant, FireEye Mandiant
    Attackers have become skilled at rapidly detonating ransomware within victim environments. By taking certain steps companies can quickly halt a ransomware intrusion and take action to contain and remediate the compromise, protecting critical data and wrestling control of their environment away from attackers.

    Join Mandiant detection and response experts to discover how best to stop a ransomware attack in its tracks and keep it from disrupting business and causing costly harm.
    During this talk, you will learn:
    • New ways ransomware intrusions are being carried out
    • How to build a playbook for resiliency against future ransomware intrusions
    • What actions to take, how to prioritize them, and the rationale behind each to contain and remediate the attack

    Be sure to check out all of the sessions in our FireEye Mandiant Virtual Summit 2021, Innovation Forward. A New Era of Resilience. - Live on April 13-15. https://virtualsummit.fireeye.com/
  • FireEye Chat | Front & Center on the Impact of SUNBURST on the Security Industry Recorded: Apr 13 2021 29 mins
    Sandra Joyce, EVP, Mandiant; Christopher Krebs, Founding Partner, Krebs Stamos Group LLC; Josh Madeley, Manager, Mandiant
    FireEye Mandiant recently uncovered the SUNBURST incident, a wide-scale supply chain attack. Our revelations galvanized both public and private organization networks across multiple sectors and prompted the security industry to reexamine and reinforce its defensive measures.

    In this episode of FireEye Chat, our experts take a close look at the threat group behind the SUNBURST incident as well as its implications on the broader cyber security industry. We also consider what your organization should do to better protect itself from a breach of this magnitude.

    Watch Now!
  • Assessing and Managing Cyber Risk : An Approach for Chief Risk Officers (CROs) Recorded: Apr 13 2021 60 mins
    Steve Ledzian | Vice President, Chief Technology Officer, Asia Pacific
    Simply investing in cyber security controls isn’t enough, as countless victims of cyber-attacks have learned the hard way. This session will offer valuable insights and recommendations for Chief Risk Officers (CROs) and C-suite decision makers about how to move beyond simply ticking a box to ensuring their cyber security investments are effective and working as intended to provide risk assurance.

    In this lesson you will learn about:
    ● The importance of moving from auditing security control existence to security control effectiveness
    ● Determining the right level of risk for your organization
    ● How to assess if security controls are working as they should

    Be sure to check out all of the sessions in our FireEye Mandiant Virtual Summit 2021, Innovation Forward. A New Era of Resilience. - Live on April 13-15. https://virtualsummit.fireeye.com/
  • The Next Big Attack How Agencies Can Protect Themselves From Evolving Cyber Atta Recorded: Mar 25 2021 61 mins
    Jon Ford, Johnny Collins, Jason Atwell
    After what has been deemed as one of the largest breaches in U.S. cyber security in recent history, an estimated 18,000 public and private sector entities will spend billions of dollars over many months to contain and fix the damage. As just one example of how sophisticated and stealthy hackers have become, the attack leaves many asking when and where will the next one happen – or has it already?

    In this session, Government Technology and FireEye Mandiant share best practices around how state and local governments can better defend against and respond to evolving and difficult-to-detect threats. A few of the topics discussed are:
    •The increase in spear phishing attacks on the remote government workforce
    •The value of cyber threat intelligence in detecting the latest threats
    •What the ransomware threat landscape looks like in 2021
    •Why an incident response retainer is critical
  • Fear of Missing Incidents – The Battle for Security Analysts Recorded: Mar 25 2021 56 mins
    Chris Triolo, VP of Customer Success, FireEye and Daniel Slack, Director of Mandiant Managed Defense
    The cybersecurity community is no stranger to alert fatigue and security analyst burnout resulting from the large volume of security sensor data. In the recent IDC InfoBrief “The Voice of the Analysts: Improving Security Operations Center Processes Through Adapted Technologies,” 350 internal and managed security service provider security analysts and managers shared their perspectives of the frontline SOC work.

    The Reality of the Frontline SOC:
    · False positives create alert fatigue for security analysts, impacting SOC effectiveness
    · Fear of missing incidents (FOMI) negatively impacts job satisfaction for security analysts and managers
    · Security analysts need advanced automation solutions and back up of experienced frontline defenders to reduce alert fatigue and increase effectiveness

    Join Chris Triolo, VP of Customer Success, FireEye and Daniel Slack, Director of Mandiant Managed Defense, for a timely discussion on the reality of frontline SOC work. Chris and Daniel will share real-world examples from their experiences in the SOC while analyzing the results from the IDC InfoBrief.

    Register to join the discussion!
  • Descobrindo e cAPTurando Ameaças no Active Directory Recorded: Mar 25 2021 121 mins
    Lucas Donato, Consultor Principal da Mandiant Managed Defense
    Junte-se a nós para uma demonstração prática sobre como os atacantes avançados se movimentam no Windows Active Directory, incluindo ferramentas, técnicas e procedimentos.

    Será uma ótima oportunidade para aprender a detectar e conter esses tipos de ataques em que as tecnologias baseadas em assinatura falham. No final colocaremos essas novas habilidades à prova em um CTF (Capture The Flag).

    A sessão será conduzida por Lucas Donato, Consultor Principal da Mandiant Managed Defense.

    Registre-se agora!
  • Mandiant Front Lines: The Latest on Exchange Exploits Recorded: Mar 17 2021 46 mins
    Matthew Bromiley, Senior Consultant, and Mandiant Chris DiGiamo, Sr. Tech Director, Mandiant
    Last week, the public learned of multiple vulnerabilities that impacted Microsoft Exchange Server. Since then, many have come to realize that these attacks potentially impacted tens of thousands of organizations—many of whom may be unsure where to begin. Regardless of your organization’s size, industry, or locale, there are steps that you can take to identify if Exchange exploitation in your environment.

    In this episode of Mandiant Front Lines, we address the following questions:
    - What’s happening with this attack?
    - What do we know about the threat actors so far?
    - How does this attack impact my organization?
    - What can—and should—I do right now?

    Join us to discuss these attacks on Microsoft Exchange servers. Our goal in this episode is for you to walk away with concrete next steps to assess your environment.
  • Respond to the Alerts that Matter with Free Expert Ratings from Mandiant Recorded: Mar 11 2021 51 mins
    Tim Gallo, Security Strategist & Solutions Engineering Lead, FireEye Mandiant; Bart Lenaerts-Bergmans, Sr. PMM, Mandiant
    30-minute demo on how to get threat actor insights and instant value from Mandiant Advantage

    Time is of essence, especially when it comes to responding to alerts. Unfortunately, there are often too many and picking the right one to investigate and respond to takes time and expertise.

    Join us in this session where our specialist Tim Gallo will give an overview of Mandiant Advantage: Threat Intelligence and recently added features that will help you prioritize alerts and provide instant context directly from Mandiant’s frontline expertise.

    Key topics:

    -Understanding the latest news with Mandiant’s judgments
    -Mandiant M-score for quick expert ratings on indicators
    -Browser Plugin, the heads up display every SOC analyst needs

    Join us for a 30-minute live presentation and demo on Thursday March 11th 2021 at 2 PM EST.

    Presenter: Tim Gallo – Security Strategist and Solutions Engineering Lead at FireEye Mandiant
    Host: Bart Lenaerts – Product Marketing Mandiant Solutions
  • Light in the Dark: Hunting for SUNBURST Recorded: Feb 25 2021 61 mins
    Matt Bromiley Principal Consultant, Managed Defense; Andrew Rector Sr. Principal Security Analyst, Managed Defense
    In December 2020, FireEye revealed the details of a sophisticated threat actor that took advantage of SolarWinds’ Orion Platform to orchestrate a wide-scale supply chain attack and deploy a backdoor we call SUNBURST.

    This attack impacted organizations worldwide, leading executives everywhere to question whether their environment fell victim. For Mandiant Managed Defense, the identification of victims started even before the public became aware of the SUNBURST campaign.

    Join Matt Bromiley, Principal Consultant, Mandiant Managed Defense and Andrew Rector, Sr. Principal Consultant, Mandiant Managed Defense, for a first-ever look inside how Mandiant addressed the SUNBURST threat with customers, including stories from the front lines of this customer-focused response. Our experts will also highlight:

    • How this prolific cyber attack changes the way we view security
    • SUNBURST threat actor TTPs and how Mandiant hunts for the most relevant, and dangerous threats
    • What threat hunting techniques should be deployed to find today’s stealthiest attackers

    Register Now!
  • Operacionalización de la Inteligencia de Amenazas: Poniendo la CTI en práctica Recorded: Feb 17 2021 64 mins
    Jorge Lozano, Manager, Consulting, Latin America, Mandiant
    La inteligencia de ciber amenazas (CTI) puede ser considerado como el super héroe de la ciber seguridad en la actualidad. ¿Por qué? Porque puede ayudar a los equipos de seguridad y de gestión de riesgos a mantenerse enfocados y mejor preparados para enfrentar a las amenazas más relevantes para la organización, así como apoyar en la toma de decisiones estratégicas y ejecutivas. Sin embargo, para ser efectiva, la función de CTI debe ser operativa y seguir un enfoque estructurado.

    Únase al equipo de expertos en ciber seguridad de Mandiant mientras discuten:
    • Los beneficios de contar con una unidad de CTI
    • El “Estándar Dorado” de Mandiant para operacionalizar la inteligencia
    • Los elementos fundacionales para la operacionalización de la CTI
    • La integración de fuentes de inteligencia como parte de las operaciones de la unidad de CTI
  • Uplift your SOAR with Detection On Demand Recorded: Feb 16 2021 56 mins
    Rob Ayoub, Sr. Product Marketing Manager, FireEye; Alex Lanstein, Product Manager, Detection on Demand, FireEye
    One of the foremost challenges for security operations center (SOC) analysts is evaluating alerts from the wide variety of tools operating in the SOC. For every alert, SOC analysts must perform a detailed triage in order to determine the extent of an alert and whether an alert is actually a threat or a false positive. It can be difficult for a SOC analyst to easily determine whether a file or hash is malicious or benign and the whole process can take hours of valuable time.

    Enter FireEye Detection on Demand! Delivered as an API, this threat detection service provides easy integration into the SOC workflow, SIEM analytics, data repositories, and more. Detection On Demand delivers flexible file and content analysis capabilities to identify malicious behavior wherever the enterprise needs it.

    Verdicts are delivered almost instantly and allow applications to quickly process without the latency of other competitors. If more in-depth analysis is needed, users can log into the Detection On Demand web portal which provides reports, memory dumps, pcaps, and access to MITRE ATT&CK mappings.

    Detection On Demand integrates natively with FireEye Security Orchestrator and with numerous other SaaS and Security products, providing for rapid integration with the existing infrastructure. Many application integrations are already in place with the likes of Splunk Phantom, Polarity, Siemplify, Palo Alto Network XSOAR, and D3 Security, with more being added every month.

    In this webinar, you will learn:
    •How Detection On Demand works
    •How to best integrate Detection On Demand to improve the efficiency of your SOC
    •Other ways you can leverage Detection on Demand

    At the end of the webinar, you will be able to test drive Detection On Demand for yourself.

    Register Now!
  • Proving Security Effectiveness to Your CISO, CFO and Board Recorded: Feb 11 2021 60 mins
    Earl Matthews, Maj Gen, (Ret), VP of Strategy, Mandiant Security Validation; Ryan Dodd, Founder and CEO, Cyberhedge
    Investments in cyber security have rapidly increased in recent years, yet high-profile breaches continue to make headlines, and the economic and financial losses stemming from these breaches continue to grow. Combined with economic pressures and extensive remote workforces, CISOs and CFOs must now work together to understand where to cut spending without adding risk. But without proper security validation and assessment tools that can credibly quantify risks in dollar terms, this becomes an impossible task.

    Attend this webinar to:

    • Learn how to fully validate your organization’s cyber health and measure its impact on the company’s financial posture and market performance Determine your organization’s risk profile, the financial impact of cyber performance and communicate about risk in dollar-based terms
    • Discover how mismanagement, underutilization and duplication of security controls drive up costs that increase as they flow through the organization
    • Learn how a bottom-up approach to security validation combined with a top-down market-validated risk assessment increases ROI of your security investments

    Expert Speakers:
    Earl Matthews, Maj Gen, (Ret), Vice President of Strategy, Mandiant Security Validation
    Ryan Dodd, Founder and CEO, Cyberhedge
  • Supply Chain Attack – Campanha de Intrusão Global Recorded: Jan 28 2021 62 mins
    Arthur Cesar Oreana
    A FireEye descobriu uma ampla campanha que estamos rastreando como UNC2452. Os atores por trás dessa campanha tiveram acesso a inúmeras organizações públicas e privadas em todo o mundo através de atualizações trojanizadas do software Orion da SolarWinds, de gerenciamento e monitoramento de TI. Esta campanha pode ter começado no outono de 2020 e atualmente está em andamento.

    A atividade pós-comprometimento incluiu movimentação lateral e roubo de dados. A campanha é obra de um ator altamente qualificado e a operação foi realizada com significativa segurança operacional.

    Estamos trabalhando incansavelmente para defender e ajudar nossos clientes contra essas e futuras ameaças e gostaríamos de aproveitar este momento para compartilhar um briefing técnico – apenas para convidados – no dia 28 de janeiro às 15hs (horário de Brasília), conduzido por Arthur Cesar Oreana, da FireEye. Este briefing irá discutir as ameaças atuais e resumir as melhores práticas em evolução ao investigá-las e mitigá-las.

    Eu gostaria de convidá-lo pessoalmente a participar da sessão para obter uma visão e orientação específicas para o Brasil.
  • The Security Operations Center is Essential – But Is it Effective? Recorded: Jan 26 2021 30 mins
    Larry Ponemon, Founder of the Ponemon Institute and Dan Lamorena, VP Marketing for XDR at FireEye
    From COVID to the cloud and from ransomware to work-from-home, everything changed, fast. The foundation of it all – the Security Operations Center, or SOC, played a critical role in supporting how enterprises tackled the pivot in how we work, communicate and connect, while ensuring a strong security posture for the organization. The Ponemon Institute researched how these changes have impacted the effectiveness of the SOC in the “Second Annual Study on the Economics of Security Operations Centers: What is the True Cost for Effective Results?”

    What stands out this year?

    • COVID-19: The pandemic’s impact on how SOCs operate and tackle security challenges as remote employees create new access points and bad actors take advantage.
    • Strong Hiring & Salaries: Jobs and salaries are up as CISOs drive to employ qualified security analysts and retain them in an environment where competition for their services is ruthless.
    • ROI of the SOC is Dropping: Complexity, analyst turnover and the growing cost of MSSP support for security monitoring drives lower scores in SOC investment.
    • Budgets include Automation & Extended Detection & Response: Extended Detection & Response (XDR) and security automation solutions have emerged as budgetary priorities as CISOs seek answers to improve security engineering effectiveness and cost.

    Let’s dig into what it all means for the next year. Join the report author, Larry Ponemon, Founder of the Ponemon Institute and Dan Lamorena, VP of Marketing for XDR at FireEye, for a live discussion on the state of today’s SOC, staffing, budgets for SOC tools, cost considerations for outsourcing and ROI.
  • Resumen Técnico de FireEye para CISOs de Latinoamérica Recorded: Jan 21 2021 53 mins
    Stephen Fallas y Carlos Ayala de FireEye
    FireEye ha descubierto una campaña generalizada, que estamos rastreando como UNC2452. Los actores detrás de esta campaña obtuvieron acceso a numerosas organizaciones públicas y privadas de todo el mundo. Los mismos obtuvieron acceso a las víctimas a través de actualizaciones troyanizadas del software de gestión y supervisión de TI Orion de SolarWinds.

    Se presume que esta campaña pudo haber comenzado en la primavera de 2020 y actualmente está en curso. Actividades posteriores a la vulneración que afectaron la cadena de suministro incluyen movimientos laterales y el robo de datos. La campaña es obra de un actor altamente calificado y la operación se llevó a cabo con una seguridad operativa significativa.

    Estamos trabajando incansablemente para defender y ayudar a nuestros clientes contra estas y futuras amenazas y nos gustaría aprovechar este momento para informarles sobre una sesión técnica que se realizará solo por invitación el 13 de enero de 2021 a la 2 p.m. hora de Nueva York, la cual estará a cargo de Stephen Fallas y Carlos Ayala de FireEye. En esta sesión se analizarán las amenazas actuales y resumirán las mejores prácticas en evolución a la hora de investigar y mitigar dichas amenazas.
  • DebUNCing Attribution to Counter Threats More Effectively Recorded: Jan 21 2021 57 mins
    Kelli Vanderlee Manager, Intelligence Analysis, Mandiant and Jeff Guilfoyle, Principal Product Manager, Mandiant
    Malicious cyber operations are not a force of nature. Instead, behind every compromise are human operators using tools and techniques to accomplish various goals.
    As a result, when reading about a malware campaign like “SUNBURST”, security practitioners try to answer essential questions like “Who could be behind this attack?” “What are they trying to accomplish?” or “How do they operate?”

    Solving these questions is often easier said than done. Actionable threat intelligence can provide unique insight so that security teams act in concert, quickly understand risks, prioritize resources to take the most effective countermeasures.

    Join our host, Bart Lenaerts-Bergmans, Sr. Product Marketing Manager, Mandiant with presenters, Kelli Vanderlee, Sr. Manager, Analysis, Mandiant and Jeff Guilfoyle, Principal Product Manager, Mandiant Advantage, as we explore key concepts:

    • How modern attribution works and the analytic processes
    • Understanding new actors (uncategorized) and which details to pay attention to
    • Navigating recent threat actor UNC2452 and Sunburst Malware using Mandiant Advantage
  • To XDR or Not to XDR? Recorded: Jan 19 2021 36 mins
    Chris Triolo, Chief Customer Officer at Respond Software and Jackie Groark, VP, Security/CISO at Veristor
    The security operations center (SOC) will never keep up with information overload. CISOs are challenged to transform the paradigm so the investments in people payoff, while reducing attrition and making security work fun. Automation is only just part of the solution.

    Modern security operations need to abandon the current model bogged down by formalities in process and procedure to one that is incident-aware, and situation focused. As enterprises deploy solutions for endpoint detection and response (EDR), security teams are realizing that they also need tools and strategies that are more all-encompassing to include threat intelligence, cloud services, SOAR, and next-gen SIEM, among others. So, where is the SOC to go from here?

    Join Chris Triolo, Chief Customer Officer at Respond Software, as he welcomes Jackie Groark, VP of Security and CISO at Veristor. Triolo and Groark will explore the promise of Extended Detection and Response (XDR) and start a discussion on how to supercharge automation and effectiveness in the security operations center.
  • FireEye Helix Explained - Helix Analytics Recorded: Jan 14 2021 54 mins
    ​Sarah Cox, Sr. Instructional Designer, FireEye and Dustin Seibel, Mgr, Sr, Detection Research, FireEye
    FireEye Helix enables you to take control of any incident from alert to fix, saving valuable time, resources and effort. This unified security operations platform addresses traditional SIEM shortfalls while delivering highly efficient, low-maintenance security automation.

    Join us for the next session in a series of webinars, as our experts highlight:

    • How Helix analytics automate the detection of suspicious activity in your environment using techniques that rules alone cannot provide
    • The types of detectors employed by analytics to identify specific kinds of activity that are often associated with attackers
    • Analytics Advisories that help you identify additional data sources for analytics detections in your environment
    • Techniques for building context on analytics alert to enhance alert analysis and response
    • How to improve threat and vulnerability detection with advanced user behavioral analytics

    A hands-on Helix demonstration shows how you can build context on analytics alerts and leverage analytics for hunting. And you can stay on after the session for an in-depth Q&A with our experts.
  • UNC2452: What We Know So Far Recorded: Jan 12 2021 57 mins
    Benjamin Read, Director, Threat Intelligence Analysis and John Hultquist, VP, Mandiant Threat Intelligence
    Get the latest on UNC2452, the actor behind the SolarWinds supply chain compromise

    FireEye's Mandiant team recently uncovered a threat actor leveraging a supply chain to carry out intrusions in a uniquely impactful campaign. The actor behind these intrusions, UNC2452, focuses heavily on operational security, which has limited historic perspective on their behavior and made them very difficult to detect; however, we are rapidly learning more about them.

    Join our Mandiant experts for this webinar where we will offer the latest intelligence on this important threat actor.
The leading provider of next generation threat protection
FireEye is the world leader in combating advanced malware, zero-day and targeted attacks that bypass traditional defenses, such as firewalls, IPS and antivirus.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Operationalizing Threat Intelligence
  • Live at: Nov 17 2016 7:00 pm
  • Presented by: Jeff Berg, Sr. Manager, Cyber Threat Intelligence Services, Mandiant
  • From:
Your email has been sent.
or close