Tag Archives: Mandiant

Black Hat USA 2014: The Ultimate Cybersecurity Event

| By | Business of Security, Security Perspective |
Comments
0

Black Hat USA is about to return for its 17th year in Las Vegas, NV. The show will bring together the brightest minds in the world of cybersecurity for a six-day period where learning, networking, and skill-building top the activity list. FireEye will be there in full force.

Here is what you need to know:

  • Be on the Look Out: FireEye and Mandiant will have a presence at the conference in booths 411 and 246, respectively. You’ll be able to watch live demos, attend presentations, and get the latest updates on our full platform of technologies and services.
  • Jump into the Trenches: Join FireEye CTO Dave Merkel on Thursday, August 7 from 1-2PM for his insightful presentation “Lessons from the Trenches: Advanced Techniques for Dealing with Advanced Attacks” which will review the latest approaches attackers are using to compromise organizations and, more importantly, what the most innovative security teams are doing to stay ahead. Mr. Merkel will be drawing on data and anecdotes from hundreds of organizations, and will outline how leading security teams have reorganized, re-architected and realigned their security strategies.
  • Take a Practical View: Visit the FireEye booth (411) for ongoing presentations with a focus on various case studies that can be applied to everyday activities. Presentations will be interactive and include audience responses.
  • View Live Demonstrations: FireEye will have eight demo stations networked to live products and solutions to recreate real and recognizable environments.
  • Come out and Party: Join the FireEye crew for an event co-sponsored by Rapid7 on Wednesday, August 6 at XS Nightclub in Wynn/Encore. Register for the party here!
  • M After Dark: There is nothing quite like Mandiant’s “M After Dark” party, which will take place on August 5, from 7-9PM at the Eye Candy Sound Lounge at Mandalay Bay. Click here for registration information.

We hope to see you in Las Vegas the week of August 2 through August 7. If you are unable to attend, check back on the blog for insights from the conference.

 

Security as a Differentiator: Investis Partners With FireEye Managed Defense to Offer Its Clients the Very Best in Cybersecurity

| By | Business of Security, Incident Response, Security Perspective, Technology |
Comments
0

This is a contributed post from Alex Booth, COO, Investis

As a provider of digital corporate communication services to many of the world’s leading companies, information security is of critical importance to us here at Investis. In order to be the world’s safest platform for managing digital communications and hosting corporate sites, we wanted the strongest security partner in the business. As COO of Investis, this was a critical decision which is why I wanted to share the reasons we chose FireEye Managed Defense. To give you the short version, though, the choice was easy - the long version of which you can see in the video below or get a synopsis of in this post…

We are an ISO 27001 certified company and a member of CISP, the UK government’s cybersecurity information partnership. We believe you can never take security too seriously, especially in a digital landscape with increasingly sophisticated cybercrime. With that in mind, we wanted the most advanced solution to protect our environment and clients, and FireEye was the perfect partner to help us safeguard against advanced threats.

FireEye is the cybersecurity partner of choice for many of the US’s largest firms and its subsidiary, Mandiant, was selected by the UK Government Communications Headquarters (GCHQ) as one of four vendors certified to respond to cybersecurity attacks targeting the UK’s national infrastructure.

As a result of an on-site assessment by Mandiant consultants, we chose to augment our security team with the FireEye Managed Defense service.

We are looking forward to working with the great team over at FireEye to ensure we offer our clients the very best in cybersecurity.

FireEye Enters Agreement to Acquire nPulse Technologies

| By | Business of Security, Executive Perspectives, Security News, Security Perspective
Today, I’m excited to announce that we’ve entered an agreement to acquire nPulse Technologies, the performance leader in network forensics. The acquisition is expected to close during the second quarter of 2014, subject to standard closing conditions. nPulse has the fastest solution available for high-speed full packet capture and indexing. By combining the nPulse products with the FireEye platform, we’re building enterprise forensics capabilities that will enable incident investigation and remediation that no other security vendor can match. When combined with Mandiant services and the services capabilities of our partners, we’ll be able to provide customers complete visibility into the network with quality analytics that accelerate the path from detection to resolution. This acquisition is a vital part of our long-term strategy to build a single security platform that protects against the most advanced threats and offers customers one solution to detect, contain, resolve and prevent threats.

With the acquisition, FireEye will further expand its security platform with the following:

  • FireEye will offer the industry’s first Enterprise Forensics solution with a unified view of network to endpoint forensics, enabling enterprises to minimize risk and drive down mean time to resolution.
  • The Enterprise Forensics solution, coupled with the FireEye threat analytics solution, will form a comprehensive intelligence platform.
  • The FireEye Network Threat Prevention Platform combined with newly introduced IPS capabilities and the addition of nPulse’s forensics will offer a comprehensive threat management platform.
  • The Enterprise Forensics solution together with FireEye Managed Defense™ will enable the industry’s most advanced managed service capabilities, bringing together deep visibility and rich context from Enterprise Forensics with active defense capabilities of the Managed Defense portfolio.

The New Reality of IT Security
Our Mandiant services team has investigated thousands of breaches and from this experience we know that no matter how good your defenses, with users in the system, every organization has some malicious code within their network. In fact, we know the median number of days attackers were present on a victim’s network before being discovered was 229 days in 2013. But today, when a data breach can result in being called to testify in front of Congress, every organization should be prepared to answer questions about how an attacker got into their network and what data was impacted. Preventing malicious code from entering the network is always key, but now we need to know more - when the malicious code appeared, how the network was compromised and if any data was removed. This is the new reality of enterprise security.

Enterprise Forensics - A Black Box For Your Network

Previously adding enterprise forensics involved building a customized solution that correlated data from multiple point products monitoring different parts of the network and across endpoints. Overwhelmed by cost and complexity, many organizations simply put this off, leaving a wide hole in their IT security and response capabilities. After entering into a technology partnership with nPulse Technologies earlier this year, we saw how our joint customers benefited from bringing together nPulse network information with FireEye threat intelligence and endpoint data.

With this acquisition, FireEye will combine nPulse network forensics with the endpoint products acquired from Mandiant to incorporate attack information from the host, endpoint, network and cloud. We like to think of enterprise forensics as adding a flight data recorder – or a black box – to the network. With complete visibility into the network, the FireEye platform will be able to produce higher quality alerts to help protect against threats as well as quickly quantify the impact of a breach following the discovery of malware on a network. With big-data analytics and real-time capabilities, FireEye will offer enterprise forensics that help answer the most important questions an organization has after a breach.

nPulse extends our reach into an organization’s history because it can log all network activity for as long as they choose to retain that data. With the industry’s fastest lossless, intelligent capture and retrieval, nPulse gives us the ability to “go back in time” to see the full extent of how malicious code behaved on the network. By being the first to deliver end-to-end (network and endpoint) detection and forensics at scale, FireEye enables enterprises to minimize risk by quantifying the impact of a breach while accelerating detection and resolution from days to a matter of minutes. For our Mandiant team and partners, this means we can deliver better service and more comprehensive incident response capabilities.

And most importantly, by reducing incident investigation time, providing validated breach information and improving the quality of alerts, our customers and clients can reduce their exposure to attacks while substantially reducing operational expenses.

At FireEye we’re building the most comprehensive security platform and I look forward to welcoming the nPulse Technologies team to the FireEye family. In the short term after the acquisition, nPulse will continue to operate normally and current customers should expect no disruption in current capabilities and service. Over the coming months after the acquisition, we’ll work to combine the nPulse products with the FireEye platform and bring enterprise forensics to all our customers and partners. Once again, FireEye is leading the way to solve the most complex and time-consuming security challenges.

 

Forward-Looking Statements
This blog post contains forward-looking statements about the expectations, beliefs, plans, intentions and strategies of FireEye relating to its pending acquisition of nPulse. Such forward-looking statements include statements regarding the impact of the pending acquisition of nPulse on FireEye’s competitive position, future product offerings and potential benefits of current and future product offerings. These statements reflect the current beliefs of FireEye and are based on current information available to us as of the date hereof, and FireEye does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made. The ability of FireEye to achieve these business objectives involves many risks and uncertainties that could cause actual outcomes and results to differ materially and adversely from those expressed in any forward-looking statements. These risks and uncertainties include market adoption of FireEye’s virtual machine-based security platform; the termination of FireEye’s pending acquisition of nPulse if FireEye and nPulse fail to satisfy the conditions for closing in the definitive agreement; the failure to achieve expected synergies and efficiencies of operations between FireEye and nPulse; the ability of FireEye and nPulse to successfully integrate their respective technologies, products, personnel and operations; FireEye’s ability to attract and retain new customers and expand and train its sales force; the failure to timely develop and achieve market acceptance of combined products and services; the potential impact on the business of nPulse as a result of the pending acquisition; the loss of any nPulse customers; the ability to coordinate strategy and resources between FireEye and nPulse; the ability of FireEye and nPulse to retain and motivate key employees of nPulse; general economic conditions; as well as those risks and uncertainties included under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in FireEye’s Form S-1 filed with the Securities and Exchange Commission on April 22, 2014, which is available on the Investor Relations section of FireEye’s website at investors.fireeye.com and on the SEC website at www.sec.gov. Any future product, feature, or related specification that may be referenced in this blog post are for information purposes only and are not commitments to deliver any technology or enhancement. FireEye reserves the right to modify future product or service plans at any time.

 

Annual M-Trends Report Looks Beyond the Breach

| By | Advanced Threat Trends, Business of Security, Executive Perspectives, Security Perspective

Since 2010, Mandiant’s annual threat report, “M-Trends” has provided the industry with in-depth analysis and insight based on hundreds of advanced threat investigations conducted during the previous calendar year for the U.S. government, the defense industrial base and commercial organizations. As a leader in combating advanced threats, FireEye stresses the continuous education that needs to take place in order to be one step ahead of attackers. That is why it is with great excitement that I present the fifth installment of M-Trends.

2013 was an explosive year for the cybersecurity industry; a result of Mandiant’s APT1 report, The New York Times breach, and other organizations coming to the forefront to openly discuss their own incidents. In addition, President Obama discussed concerns about cyber-attacks in his annual State of the Union address. This was a huge step for the industry in terms of bringing advanced attacks to the forefront of the nation, and the world’s, attention.

This year’s report compiles incident response trends from hundreds of clients in more than 30 industry sectors. Some highlights include:

  • The time it takes to detect a compromise continues to improve
    The median number of days it takes an organization to discover a network breach dropped to 229 days in 2013 from 243 in 2012. This improvement is incremental relative to the drop from 416 days in 2011. However, organizations can unknowingly be breached for years. The longest time an attacker operated undetected in a network before being discovered was six years and three months in 2013.
  • Organizations are yet to improve their ability to detect breaches
    In 2012, 37 percent of organizations detected breaches on their own. This number dropped only minimally, to just 33 percent in 2013.
  • Phishing emails largely look to capitalize on trust in IT departments
    44 percent of the phishing emails observed in attacks investigated by Mandiant sought to impersonate the IT departments of the target’s workplace. The vast majority of these emails were sent on Tuesday, Wednesday and Thursday.
  • Political conflicts increasingly have cyber components that impact private organizations
    In the past year, Mandiant responded to an increased number of incidents where political conflicts between nations spawned cyber-attacks that impacted the private sector. Specifically, Mandiant investigated incidents where the Syrian Electronic Army (SEA) compromised external-facing websites and social media accounts of organizations with the primary motive of raising awareness for their political cause.
  • Suspected Iran-based threat actors conduct reconnaissance on energy sector and state governments
    Multiple investigations of suspected Iran-based network reconnaissance activity indicates that threat actors are actively engaging in surveillance activities at energy sector companies and state government agencies. While these suspected Iran-based actors appear less capable than other nation-state actors, nothing stands in the way of them testing and improving their capabilities.

Click here to request a copy of the report.

Let us know your thoughts by leaving a comment below.

APT1: The State of the Hack One Year Later

| By | Advanced Threat Trends, Business of Security, Executive Perspectives, Security Perspective

A little over a year ago, Mandiant released a report that brought the term “Advanced Persistent Threat” (APT) into the public conversation and made these types of targeted attacks top of mind for government and commercial organizations around the world. Recently, FireEye COO, Kevin Mandia took the stage at RSA USA 2014 to take a look back and share his perspective on the activities that led to the release of the APT1 report and the aftermath.

While the initial report caused a media frenzy, unquestionably, the most important part of the story is the aftermath. Mandiant released the report to elevate the dialogue and address the frustration of organizations that were throwing money at cybersecurity problems and still facing attacks. Yet, the results were not what we expected.

Watch the video below for Kevin’s full speech and feel free to drop a comment below to continue the discussion.

RSA USA 2014: Continuous Monitoring, Protection, and Vigilance

| By | Business of Security, Executive Perspectives, Security Perspective, Technology

The advanced threat landscape was a hot topic at last week’s RSA Conference, where industry influencers, peers, customers, and partners came together to look at today’s security challenges and help solve them.

At the event, FireEye chief security strategist Richard Bejtlich sat down with Mike Scutt, incident handler at FireEye. They discussed how customers benefit from the powerful addition of Mandiant to the FireEye Threat Prevention Platform.

Their exchange zeroed in on FireEye Managed Defense one of the first products to come about from the Mandiant integration. Managed Defense enhances FireEye Continuous Monitoring capabilities with a greater level of intelligence. This new family of services leverages the Mandiant professional services group to provide vital context about cyber-attacks and detailed advice about how to prevent, detect, contain, and resolve them.

Managed Defense offers three levels of service, tailored to customers’ in-house resources and risk tolerance: Continuous Monitoring, Continuous Protection, and Continuous Vigilance. All three service tiers help subscribers identify attackers, understand their intentions, and draw up a step-by-step action plan.

Click below to listen to the full podcast recorded live from the show floor at RSA USA 2014:
Richard Bejtlich Interviews Mike Scutt

Live from RSA USA 2014: Talking Threat Analytics with David Bianco and Mike Reeves

| By | Business of Security, Executive Perspectives, Security Perspective, Technology

During the recent RSA USA 2014 conference, FireEye Chief Security Strategist Richard Bejtlich sat down with David Bianco and Mike Reeves, two members of the FireEye threat analytics platform team. The trio discussed the Threat Analytics Platform (TAP), a new service from FireEye that blends real-time threat intelligence with data from existing SIEM and log-collection tools. By better leveraging the security alerts and event data they’re already generating data, TAP subscribers can identify threats and speed up incident response.

Whereas most intelligent analysis tools take months — if not years — to provide value, David Bianco notes that TAP can provide “extra context for events. You can find an entire story of an attack inside your systems instantly.”

Listen to the full podcast live from RSA USA 2014 here and check back soon for our next featured interview:
Richard Bejtlich Interviews David Bianco and Mike Reeves on TAP

Live from RSA USA 2014: Talking Security with Martin Brown, Chief Security Portfolio Architect at BT Security Enterprise

| By | Business of Security, Executive Perspectives, Security Perspective

The excitement and buzz at the RSA Conference has everyone talking security and we are no exception. In fact, during the conference, we are gathering up industry leaders and influencers and asking them to provide their perspectives on the biggest issues in cybersecurity in 2014 for our podcast series hosted by FireEye Chief Security Strategist, Richard Bejtlich.

On the first day of the conference, Richard sat down with Martin Brown, Chief Security Portfolio Architect at BT. Richard and Martin discussed the state of the security industry, new threats on the horizon, and what role next generation security products play within these advanced cyber threats.

Brown explains how anti-virus alone is not enough for organizations and that there needs to be a blend of conventional and non-conventional solutions with skills and process to deal with targeted attacks. He uses the analogy of the footprints in the sand. Detecting the footprints, analyzing the shoe size, determining the weight of the person all can be determined with traditional products. But if you look out to sea you notice the “ripples in the water.” These rings are developing from the center point. Traditional tools can’t determine what caused the ripple effects, but newer technologies, like FireEye, can rewind time and look back to see what originally caused the ripple effect.

Listen to the full podcast and make sure to check back soon for our next featured interview:
Richard Bejtlich Interviews Martin Brown, Chief Security Portfolio Architect at BT Security Enterprise

RSA 2014: New Thinking to Narrow the Security Gap

| By | Business of Security, Executive Perspectives, Security Perspective

Attacking the gap and preparing for the new frontiers in security is our focus for the 2014 RSA Conference. Around the show floor, in our booth, and in the conference tracks, you’ll hear from FireEye experts on how to address this new frontier. We’ll have updates on the latest threats from our research teams as well as live demonstrations of our new FireEye Security Platform. Find us at our booth and make sure to catch our research team presenting throughout the conference:

  • Kevin Mandia, SVP and COO for FireEye, Inc., will be presenting on the New Frontiers in Security on Tuesday, February 25 at 2:40 PM. Listen in as Kevin joins a group of industry experts to discuss how organizations must rethink their security approach in this Security Mash-Up panel session.
  • Also on Tuesday, February 25 at 1:20 PM, FireEye’s Zheng Bu Vice President, FireEye Research Labs will present Twilight of Legacy AV Models - A Different Long Tail Story. Malware has a very short lifetime. But how short is it? The findings may surprise you and while large portions of malware objects only appear once, the lifetime of malware forms a very fat-head long-tail chart. The anti-virus industry presents a reactive model, and it performs very badly on the fat-head. In this session Bu will present the study, the challenge and a possible mitigation plan.
  • On Wednesday, February 26 at 12 PM, Amanda Stewart, Malware Research Engineer at FireEye, will dig into techniques to sneak malware past Anti-Virus scanners. APT developers used this technique in a highly-targeted attack against a Fortune 50 company last year. Learn more during this must-see technical session, DLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry.
  • One year after the well-known APT 1 Report, Kevin Mandia will discuss the fallout from exposing China’s espionage effort during the State of the Hack: One Year after the APT1 Report technical session. While there will be other sessions at RSA 2014 around the industry changing APT1 report, come hear directly from the source on the latest approaches attackers are using to compromise organizations and what organizations should be doing to narrow their security gap. Kevin will be speaking on Thursday, February 27 at 3:55 PM.

Don’t forget to stop by our booth located at North Expo #2813 to learn more about the newly expanded FireEye Security Platform, which integrates expertise from Mandiant and is designed to give customers one solution to go from threat alert to remediation. We’ll have live demonstrations of all the new FireEye products. In the mean time, be sure to follow @FireEye for the latest threat research and updates from the company.

Introducing the New FireEye Security Platform - One Solution to Detect, Contain, Resolve, and Prevent Threats

| By | Business of Security, Executive Perspectives, Security Perspective, Technology

I am excited to announce the expansion of FireEye’s MVX-based security platform. The newly enhanced platform incorporates endpoint protection and managed security services from recently acquired Mandiant, as well as new analytics and intrusion prevention capabilities. Each one of these new solutions can drastically improve an organization’s threat posture, and with this new security platform, we can offer our customers one security solution to detect, contain, resolve, and prevent threats. We’ll be showcasing each of these products over the next few weeks and have demonstrations of the entire platform at the RSA conference in San Francisco later this month. In the meantime, here’s what’s new in the platform: Continue reading »