INSIGHTS DELIVERED STRAIGHT FROM THE FRONTLINES OF CYBER ATTACKS

THE VISIONISSUE 07

DEEP DIVE WITH MANDIANT’S EXPERTSQ&A on the latest Security Effectiveness Report

EDITION HIGHLIGHTS

Security Risk Analysis for Remote Working Environments

Breaking in After Hours: Ransomware Trend Intelligence

Threat Intelligence Drives Effective Vulnerability Management

Top 5 Cloud Security Myths Exposed

Mandiant Security Effectiveness Report: Q&A with the Experts 3

Breaking in After Hours: Ransomware Trend Intelligence 8

Behind the Scenes: Crimeware Trend Analysis and Reporting 11

Security Risk Analysis for Remote Working Environments 14

Threat Intelligence Drives Effective Vulnerability Management 19

Top 5 Cloud Security Myths Exposed 22

Customer Profiles: The latest success stories from the frontlines 26

Front and Center with Steven Stone on M-Trends 2020 27

Contact 28

ARTICLES

All articles in this PDF are hyperlinked. Click or tap on a link to navigate to that article

2 THE VISION ISSUE 07

Mandiant Security Effectiveness Report:Q&A with the Experts

The recently released Mandiant Security Effectiveness Report 2020: A Deep Dive into Cyber Reality, reveals a serious gap between assumptions and reality when it comes to security performance.

3 THE VISION ISSUE 07

According to research highlighted in the report, a majority of organizations believe their security controls operate and protect assets as they’re supposed to, when in fact they have already experienced a breach without realizing it.

For this article, we spoke with two vice presidents from Mandiant Security Validation, Tracey Moon (Marketing) and General Earl Matthews (Strategy), to find out how the data was compiled, who the report is for and what some of the key stats mean, as well as what security leaders should do to improve performance going forward.

Can you share some of the findings in the Security Effectiveness Report and what they mean?

Tracey Moon: At a high level, the report validates what the Mandiant Security Validation team has known for years, which is that much of cyber security is built on assumptions. This is illustrated through several startling statistics.

That’s a pretty high number! My guess is that CIOs and CISOs don’t invest in security controls with the expectation that they only work less than half of the time.

Of the remaining 47% of attacks that did NOT succeed, only one-quarter were actually detected, and roughly one-third were prevented. Also, the most alarming statistic is that alerts were sent to security operations for only 9% of the attacks. What this shows is that even when security teams use central SIEM, SOAR and analysis platforms, they still don’t have the visibility they need into the malicious activity that is continuously targeting their networks, applications and devices.

The report makes the case that companies must validate security through ongoing testing and measurement of security effectiveness against the evolving threat landscape. The combination of industry-leading Mandiant threat intelligence and frontline expertise with Mandiant Security Validation empowers organizations to ensure their cyber defenses are operating as expected and continuing to deliver value.

BACK TO ARTICLES >

Across all environments tested, we discovered that 53% of attacks conducted were successful in penetrating the security infrastructure without the organization’s knowledge.

4 THE VISION ISSUE 07

How was the data revealed in the report obtained?

General Earl Matthews: The Security Effectiveness Report offers data-driven analysis and reporting of key security performance metrics, looking at the full attack lifecycle across several global industries. Through thousands of real-world tests performed by the Mandiant Security Validation team in more than 100 enterprise environments, the report offers evidence that security controls lack the effectiveness that organizations expect – across network, email, endpoint and cloud-based security controls.

Who is the Security Effectiveness Report intended for?

Tracey Moon: The Security Effectiveness Report was developed to help any individual concerned with the effectiveness of their organization’s security infrastructure better understand why controls aren’t performing as they should, what the potential risks of this gap in performance are, and what they should do about it. Concern about security effectiveness no longer resides solely with CISOs and their teams given that measurement of security effectiveness is critical to proving value of security and IT investments for boards of directors and corporate executives.

Yet while more and more organizations recognize cyber risk as a business problem, they continue to keep it under the management of IT. So the report not only demonstrates the gap between assumption and reality when it comes to security effectiveness, but also shines the light on the misalignment between business leadership and IT teams, which further exacerbates the problem. The report is intended to give security AND business leaders a better understanding of why ongoing data-driven effectiveness measurement is critical to making important business decisions.

BACK TO ARTICLES >5 THE VISION ISSUE 07

What are some other statistics highlighted in the report, and what do they mean?

General Earl Matthews: The report takes a deeper look at some important areas of security infrastructure based on Mandiant Security Validation testing:

RECONNAISSANCE

Only 4% of reconnaissance activity generated an alert.

48% of the time, controls in place were not able to prevent or detect the delivery and movement of malicious files

97% of the behaviors executed did not have a corresponding alert generated in the SIEM

Exfiltration techniques and tactics were successful 67% of the time during initial testing

54% of the techniques and tactics used to execute testing of lateral movement were missed

68% of the time, organizations reported their controls did not prevent or detect the detonation within their environment

65% of the time, security environments were not able to prevent or detect the approaches being tested

MALICIOUS FILE TRANSFERINFILTRATION AND RANSOMWARE

COMMAND AND CONTROL

POLICY EVASION

DATA EXFILTRATION LATERAL MOVEMENT

BACK TO ARTICLES >6 THE VISION ISSUE 07

These findings and likely underlying causes are detailed in the report, and show why it’s crucial for companies to perform ongoing security validation to combat the alarming reality these statistics reveal.

What are the fundamental components of security validation?

General Earl Matthews: Security validation can quantify the actual effectiveness of your security controls, provide continuous monitoring to take into account any unexpected changes or environmental drift in your underlying infrastructure that may impact the performance of your security controls, and provide confidence that you are proactively prepared for the latest attacks and adversaries. Fundamental components include:

• Adversary coverage

• Validation automation and outcomes

• Business metrics

• Enterprise readiness

Read all the research for yourself. Download the Mandiant Security Effectiveness Report 2020.

Watch clips from the Cybersecurity Effectivesness Podcast:

General Earl Matthews, VP of Strategy,Mandiant Security Validation

Sandra Joyce, SVP, Head of Global Intelligence

GET THE REPORT >

Security E�ectiveness Strategies:How to validate and improve your security posture

ON-DEMAND WEBINAR

WATCH NOW >

BACK TO ARTICLES >

WATCH NOW >

WATCH NOW >

WATCH NOW >

7 THE VISION ISSUE 07

Breaking in After Hours: Ransomware Trend Intelligence

Ransomware is a remote, digital shakedown. Disruptive to the core and costly to resolve, it doesn’t discriminate, affecting organizations from cutting-edge space technology to the wool industry and industrial environments.

8 THE VISION ISSUE 07

Figure 1: Days elapsed between initial access and ransomware deployment

Following investigations into ransomware incidents between 2017 and 2019, Mandiant Threat Intelligence identified a number of common characteristics in the initial intrusion vectors, dwell time and time of day for ransomware deployment, providing enhanced insight trends that are useful for network defenders.

Breaking inOur research has detected several initial infection vectors across multiple ransomware incidents, including Remote Desktop Protocol, phishing with a malicious link or attachment and drive by download of malware. These vectors demonstrate that ransomware can enter victim environments by a variety of means, not all of which require user interaction.

The Timeline from Infection to Ransomware

After a breach occurred, the number of days that elapsed between the first evidence of malicious activity and the deployment of ransomware ranged from zero to 299 days. At least three days passed between the initial breach and the deployment of ransomware in 75% of cases studied. This pattern suggests that for many organizations, if initial infections are detected, contained and remediated quickly, the significant damage and cost associated with a ransomware infection could be avoided.

BACK TO ARTICLES >

05 01 00 150 200 250 300

9 THE VISION ISSUE 07

Ransomware execution was frequently found to take place after hours; in 76% of incidents reviewed, ransomware was executed in victim environments before 8:00 a.m. or after 6:00 p.m on a weekday or over the weekend, using the time zone and customary working week of the victim organization. Some attackers may intentionally deploy ransomware after hours to maximize the potential effectiveness of their operation, believing that any remediation efforts will be implemented more slowly than they would be during normal working hours.

Threat actor innovations have only increased the potential damage of ransomware infections in recent years and this trend shows no sign of slowing down. Financially motivated actors are expected to continue to evolve their tactics to maximize profit generated from ransomware infections. Post-compromise ransomware infections will continue to rise and attackers will increasingly couple ransomware deployment with other tactics such as data theft and extortion, increasing ransom demands and targeting critical systems.

The relief for security professionals is that with post-compromise infections, there is often a window of time between the first malicious action and ransomware deployment. If network defenders can detect and remediate the initial compromise quickly, it may be possible to avoid significant damage and the expense of a ransomware infection.

WATCH THE WEBINAR >

Figure 2: Observed ransomware deployment: work hours vs. after hours

For more information on Mandiant Threat Intelligence research and expert advice on risk mitigation strategies, access our latest ransomware webinar.

BACK TO ARTICLES >10 THE VISION ISSUE 07

Behind the Scenes: Crimeware Trend Analysis and Reporting

Several FireEye teams work constantly throughout the year analyzing frontline data and researching threat actor activity. The work they undertake is vital to the quality of intelligence we provide. Recently, The Vision caught up with Kimberly Goody (Senior Manager, Threat Intelligence) to learn more about how the Crimeware As A Service chapter in M-Trends 2020 was brought to life.

11 THE VISION ISSUE 07

What is your role in compiling the M-Trends report?On the Financial Crime Team we look at what the actors are doing on victim networks through the incident response data and how they’re monetizing these intrusions on forums or marketplaces. My role is to bring these two things together for a full view of the ecosystem for M-Trends.

Who is M-Trends intended for?M-Trends is for everyone. That might sound cliché, but there is a lot of diversity in the report from higher-level breach trends to new developments illustrated by case studies. I refer to this report frequently throughout the year before briefings and use the graphics in meetings.

How do you collect the data used in the report?One of the things that I love about working at FireEye is that we have such a variety and scale of data at our disposal. Every day, we analyze information from places such as underground forums and marketplaces, automated collection systems for malware and incident response engagements.

Once we find a topic that’s interesting, we go to each of these sources and look for relevant data that we’ve collected throughout the year. Sometimes we have already analyzed the data, so we can build directly on that previous work. For example, one of our interns did a project over the summer looking at the sale of illicit accesses in underground forums that we were able to build on for M-Trends

How many people are involved in the process and who are they?Many teams put in a lot of hard work to make this report a reality. To offer some perspective, the articles we wrote would probably not have been possible if it weren’t for the work of our Intelligence Research and Collection, Consulting, Adversary Pursuit, and Managed Defense teams throughout the year. It really is a true team effort.

Kimberly Goody (Senior Manager, Threat Intelligence)

The main question we ask ourselves is, “Where can we add value by marrying our different sources of data together to provide a more complete picture of the story?”

BACK TO ARTICLES >12 THE VISION ISSUE 07

What is the most challenging aspect about compiling the report?One of the articles we worked on this year looked at the role of cyber criminal communities in breaches. In this case, we didn’t want to just say, “Here is what happened to a victim.” We wanted to tell the story outside of the victim environment. Who sold the malware to the attacker? What did the attacker do with the stolen data?

While these are questions that we have hopefully answered already throughout the year, it can be a real challenge because actors aren’t using the names you gave them or even the names you gave to their tools. It can be a bit like finding a needle in a haystack.

What do you enjoy most about compiling the report?M-Trends is a lot of work, but it forces us to look back at what we did over the year. It is easy to lose sight of the bigger picture when you are in the trenches every day. So, I appreciate the opportunity to take a step back and widen my perspective.

M-Trends 2020 contains a host of new information, helping to arm security professionals with details on the latest attacks and threats. Access your copy now.

DOWNLOAD M-TRENDS >

BACK TO ARTICLES >13 THE VISION ISSUE 07

Security Risk Analysis for Remote Working Environments

Due to the communicability of COVID-19, organizations are having to rapidly adapt to limit contact and the risk of person-to-person contamination. Over the past several weeks, organizations around the world have instituted or enhanced their work-from-home policies.

14 THE VISION ISSUE 07

Business units and functions that have never operated remotely before are now required to run in a fully remote mode. It is no surprise, then, that there are security concerns about the risks involved in granting remote access to many more workers so quickly.

As their remote workforce grows, organizations may opt to modify their remote access standards such as removing IP address whitelists, allowing unmanaged devices and moving to a split tunneling solution. Any of these configuration changes should be weighed against new organizational threats and risk appetite.

To help organizations through this decision-making process, FireEye experts have modeled some of the most common approaches to remote access for analysis and review.

The simplest and least secure remote access method, direct access exposes networking protocols such as Microsoft Remote Desktop Protocol (RDP) to the Internet. This is the highest risk method of providing remote access. Most mature organizations prohibit direct access through firewall configurations and restrictions, but even so, security teams must be cognizant of shadow IT operations on third party services and unmanaged cloud platforms.

Traditional threat mechanisms used to gain access to externally facing services include network scanning of external ports and exploitation through brute forcing, credential spraying and spear phishing. They will continue to require monitoring, and their risk is heightened when organizations allow unmanaged devices to have direct access to the network.

Direct AccessInternal Network

Servers

Devices

Employee

Unmanaged Devices

CLOUD

BACK TO ARTICLES >15 THE VISION ISSUE 07

Enterprise StandardGiven the lack of controls and risk of the direct access model in exposing RDP and other remote protocols to the Internet, enterprise organizations have centralized remote access to a few technologies. This implementation enables improved access management, logging and security controls. It is most commonly implemented through a VPN solution or a virtualized desktop interface. VPN solutions can be operationalized as a full tunnel solution or split tunnel. With the significant increase in remote connectivity, many organizations that were full tunnel may migrate to split tunnel to reduce bandwidth.

Risks posed to both VPN and virtualized access include unauthenticated attacks, compromised credentials and compromised systems. Attackers often chain control deficiencies together, which allows them to exploit initial access to a VPN or virtualized desktop to gain further access.

Endpoint Remote Access:Employees will continue to be targeted in phishing emails on a regular basis. In the current climate, security teams should validate that endpoint visibility (of new users and third parties) remains consistent for remote users.

Attacker Lateral Movement:Once an attacker gains access to a remote access solution, be it VPN or a virtualized desktop solution, they will likely attempt to gather credentials and move laterally. To counter them, organizations should ideally restrict network access resources to those that are necessary to perform duties specific to assigned roles.

VPN and Virtualized Access

Employees

Managed/ Unmanaged

Multifactor

Authentication

CLOUD

Internal Network

Servers

Devices

Security tools

Internal Network

DMZ Servers

Remote Access

External Portal

BACK TO ARTICLES >16 THE VISION ISSUE 07

Multifactor Authentication (MFA) Bypass:Fortunately, many organizations have implemented MFA to reduce the success of brute forcing and credential spraying attacks. However, employees should be trained to identify and report unauthorized push notifications.

Unmanaged Device Access:Organizations often conduct limited validation checks to identify unmanaged devices, including attacker systems connecting to remote access solutions. These ”posture checks” performed by VPN solutions may be bypassed by modifying VPN software responses or registry key settings. In addition to attacker systems connecting to the network, security teams should also consider that users may be connecting from unauthorized systems which leave security teams with limited visibility and controls.

Split vs. Full Tunnel Visibility:To handle the increase in remote workers, organizations may be moving from full tunnel to split tunnel VPN configuration. Split tunneling may reduce visibility of unauthorized activity unless appropriate endpoint agents are installed and provide sufficient visibility and controls.

Remote Access Denial of Service:With entire organizations moving to a remote access model, an attacker may be able to generate multiple failed password attempts on an account and lock the user out. If the attacker scripts this action across a significant number of users, they may be able to cause a widespread account lockout.

Zero trust model

Employees

Managed/ Unmanaged

Multifactor

Authentication

CLOUD

Internal Network

Servers

Devices

Security tools

Internal Network

Provisioned applications

Identity provider

External Portal

BACK TO ARTICLES >17 THE VISION ISSUE 07

An emerging model of remote access is the Zero Trust model, which uses an identity provider to grant access to applications and determines authorization rights based on both the user and device. While FireEye experts have seen organizations move toward this model, legacy challenges and exceptions result in either half-implemented solutions or traditional VPN access still provisioned as a backup.

The threats posed to VPN and virtualized models also apply in a Zero Trust model. Endpoint visibility and hardening, MFA bypass techniques and denial of service are amongst the most notable threats. In the Zero Trust model, device trust is a component of authentication and authorization. Therefore, organizations should also consider:

Device Trust Mechanisms:Device trust may be established by using a certificate to validate the device that is managed by the organization. If an attacker gains access to a user’s system, they should not be able to export and reuse the certificate. Solutions should include limited user rights to export a certificate and placement within the Trusted Platform Module (TPM).

Unmanaged Device Access:Unmanaged devices should be granted limited access to data and resources. To implement a true Zero Trust environment, such restrictions should be validated.

Strong, Personal Solutions Based on Best Practices:The acceleration of a work-from-home culture introduces new risks to organizations of all sizes. While each organization needs to take their own unique circumstances into account, the sample implementations and remote access considerations identified offer a step in the right direction to keeping operations both secured and productive.

Organizations must focus on creating a strong set of protections on the edge of their networks, that secure identities and applications regardless of whether they are in the corporate network or the cloud.

For more on how to reduce the ability of unauthorized access in remote working environments, access our latest webinar.

VIEW THE WEBINAR >

BACK TO ARTICLES >18 THE VISION ISSUE 07

Threat Intelligence Drives Effective Vulnerability Management

Organizations value cyber threat intelligence (CTI) because it helps their security teams stay focused on, and ahead of, the most impactful threats. CTI plays a critical strategic and tactical role in tracking, analyzing, and prioritizing software vulnerabilities that could potentially put an organization’s data, employees and customers at risk.

19 THE VISION ISSUE 07

A Different Approach

To help ensure our customers can effectively prioritize vulnerabilities, Mandiant Threat Intelligence takes a different approach to vulnerability classification. Our experienced, insightful analysts consider qualitative factors to focus more on what matters to security operations instead of applying a purely algorithmic solution. Our vulnerability analysts consider a variety of intensifying and mitigating factors when rating a vulnerability, such as actor interest, availability of exploit or proof of concept (PoC) code, exploitation in the wild, ease and reliability of exploitation and software ubiquity.

2019: “Year of the Zero Day”

Zero-day vulnerabilities are especially dangerous due to lack of available patches or workarounds. In recent research, Mandiant Threat Intelligence found that more zero-day vulnerabilities were exploited in 2019 than in any year since peaking in 2016 with 20 exploits. While not every instance of exploitation can be attributed to a tracked group, a wider range of actors appeared to have gained access to these capabilities. Mandiant analysts also saw a significant increase in the number of zero-day exploits from groups suspected to be customers of companies that provide offensive cyber capabilities. Finally, we saw a marked increase in zero-day exploits being used against targets in the Middle East, by groups with suspected ties to this region.

BACK TO ARTICLES >20 THE VISION ISSUE 07

Vulnerabilities Exploited with Increasing Speed

The speed with which malicious actors exploit vulnerabilities emphasizes the importance of patching as quickly as possible. However, the number of vulnerabilities disclosed each year, can make it difficult for organizations with limited resources and business constraints to implement an effective strategy for prioritizing the most dangerous vulnerabilities. Mandiant Threat Intelligence analyzed 60 vulnerabilities that were exploited in 2018 or 2019, or assigned a CVE number during the same period. On average, the vulnerabilities were exploited three days before a patch was available.

For more information on how Mandiant Threat Intelligence can help your organization minimize vulnerability exploits and related threats, visit www.fireeye.com/intel.

Stealth Falcon (aka FruityArmor) is an espionage group suspected to be linked to the Middle East. In 2016, this group targeted a human rights activist using malware sold by NSO group, which leveraged three iOS zero-day vulnerabilities. From 2016 to 2019, this group targeted more zero-day vulnerabilities than any other group.

Example

BACK TO ARTICLES >

WATCH NOW >

21 THE VISION ISSUE 07

Top 5 Cloud Security Myths Exposed

When organizations migrate to the cloud, they don’t just benefit from the agility offered by cloud solutions. Several negative tensions are created, largely due to inexperience working with cloud solutions. This combination of benefits and tensions created several myths about the cloud which are still prevalent today.

22 THE VISION ISSUE 07

Myth #1: The Cloud Is Unsafe

The cloud itself is not inherently unsafe. When used properly, it is no less safe than a typical data center. Throughout the FireEye Mandiant incident responses conducted on public clouds, we have yet to see a case where the cloud infrastructure itself was exploited. Improper cloud configuration or vulnerable customer code has been discovered, but not flaws in the cloud provider’s code or infrastructure. In fact, 94% of small businesses have reported security benefits after moving to the cloud1.

Granting and administrating permissions to customize a cloud environment creates vulnerabilities which tend to be the cause of security issues for many organizations.

Myth #2: My Organization Doesn’t Use The Cloud

The term “cloud” includes the category of software as a service and virtually every organization uses some form of web service, whether it is for human resources, banking, shipping, content management, web hosting or any of the other activities that take place in a modern business. Even if organizational policy does not explicitly permit cloud services, or no overt evidence of cloud service usage exists, your organization may still rely on the cloud.

With projections for the worldwide public cloud services market expected to grow it’s time to finally put these myths to rest.

88% of UK businesses were using cloud services in 20182

Over 90% of businesses in APAC use or plan to use a multi-cloud environment3

By the end of this year, it is predicted that 83% of U.S. enterprise workloads will be in the cloud4

A High Proportion of Businesses Are Already Using The Cloud

88% 90% 83%

1 Microsoft. Driving Growth Together: Small Business and the Cloud

2 Computing.co.uk (Sept 2018) Cloud: The Picture in 2018 and Beyond

3 451 Research (Jan 2019) Going Hybrid: Demand for Cloud and Managed Services Across Asia-Pacific

4 Forbes (Jan 2018) 83% of Enterprise Workloads Will Be In The Cloud By 2020

BACK TO ARTICLES >23 THE VISION ISSUE 07

Myth #3: My Cloud Provider Will Keep Me Secure

Under the shared responsibility model, the cloud tenant is the ultimate custodian of their data and is responsible for safeguarding it. The cloud provider ensures that the facilities are secure, the hardware is not compromised and the underlying software and operating systems of any services offered are secure. It is up to the customer to make sure that virtual machines are patched, applications are not vulnerable and permissions are appropriate.

Safeguarding the cloud consists of three high-level activities:

Protect credentials used to access resources and monitor for compromise

Be vigilant for and guard against misconfiguration

Centralize telemetry data for visibility to support security monitoring to audit trails

Since cloud providers won’t be intimately familiar with every organization’s line of business, it is ultimately the organization’s responsibility to verify that their data is secured.

BACK TO ARTICLES >24 THE VISION ISSUE 07

Myth #4: The Cloud Is Just Someone Else’s Computer

Securing the cloud is not like securing a computer in someone else’s data center. Microseconds of hundreds or even thousands of computers are used to fulfil a simple request. Your file is not stored on just one server in a set location; it goes on dozens of servers. There are storage services, containers and other non-

traditional services to consider in addition to more familiar virtual machines. These services may be comprised of hundreds or thousands of real servers spread across many data centers, all to fulfil a single service request.

The traditional data forensic analysis you used to do on a server still needs to happen—it just happens in a very different way. Additional visibility requirements and more planning are required to provide security controls and instrumentation around distributed and non-discrete computer offerings. These services may have an API to use, but the concepts of IP addresses and operating systems often don’t apply.

Myth #5: Advanced Adversaries Aren’t Attacking The Cloud

Attackers follow data. As data goes into the cloud, so will the attackers. Approximately one quarter of our Mandiant incident response engagements involves assets housed on a public cloud and almost all of them involve the public cloud in some way. The cloud does not hinder threat actors—they easily adapt their tools, tactics and procedures to compromise cloud accounts to get access to confidential data, steal computing resources and spy on targets.

The average organization can move more quickly and lower costs by moving to the cloud, but they should understand that anything of value they put there will be a target and they need to protect resources accordingly. This means they should not only implement basic best practices for cloud security, but also have their security operations ready to actively hunt down advanced attackers that pursue data into the cloud.

To learn more about cloud security, visit: www.fireeye.com/cloud

LEARN MORE >

BACK TO ARTICLES >25 THE VISION ISSUE 07

The latest success stories from the frontlines

CBHS Health Fund Rail Operator

Equifax

CUSTOMER PROFILES

Member-owned Australian health insurance provider CBHS takes their commitment to the wellbeing of their members and their personal data responsibilities seriously. Read why they selected FireEye as their single cyber security vendor to reduce operational complexity and elevate their security posture.

A leading railroad operator transporting agricultural, consumer and industrial products throughout the U.S. has always had a rigorous security posture but wanted to implement a more efficient, proactive approach to their cyber defense. Read why they are now collaborating with FireEye to mitigate future threats.

Equifax is one of the three largest consumer credit reporting agencies in the U.S. handling information on over 800 million individual consumers and more than 88 million businesses worldwide. Learn how they aligned themselves with FireEye solutions and expertise to reduce the complexity of their cybersecurity platform.

Axway

API software developer Axway enables companies to manage their data and exchange it securely between other entities. As their business transitioned to the cloud, they needed a partner who could provide threat intelligence and resources to mitigate their security risk. Find out why they selected FireEye to support their team.

WATCH VIDEO >

READ ON >

WATCH VIDEO >

READ ON >

BACK TO ARTICLES >26 THE VISION ISSUE 07

Front and Center with Steven Stone on M-Trends 2020

FIREEYE CHAT WITH VASU JAKKAL, FIREEYE CHIEF MARKETING OFFICER

Learn all you need to know about the latest cyber threats in the M-Trends 2020 report. Join Steven Stone, Director of Adversary Pursuit, who shares highlights from this year’s report and a behind-the-scenes look at what it contributes to the security community, and how our unique innovation cycle leverages FireEye research and frontline investigations to help you better protect your organization.

WATCH VIDEO >

BACK TO ARTICLES >

VIRTUAL SUMMIT 2020

LEARN MORE >

Gain frontline knowledge to strengthen your organization’s cyber security posture June 9-11, 2020Empower. Evolve. Defend.

LEARN MORE >

27 THE VISION ISSUE 07

We hope you enjoyed this edition. Get the latest cyber security news from the frontlines by reading The Vision online.

contact-us@fireeye.com

www.fireeye.com

vision.fireeye.com

Get in touch to find out how our security solutions can help protect your organisation.

BACK TO ARTICLES >28 THE VISION ISSUE 07