Recent MNDT transcripts
Associated MNDT filings
Andrew Huang | IR |
Charles Carmakal | SVP, CTO Mandiant |
Nick Bennett | VP of Mandiant Strategic Services |
Good morning. Good afternoon and good evening. This is Andrew Huang from FireEye Investor Relations. I'm here with Charles Carmakal, Senior Vice President and CTO of Mandiant and Nick Bennett, Vice President of Mandiant Strategic Services.
During the course of this call, we may make forward-looking statements which are subject the risks and uncertainties that are listed on our website and SEC filings. it Charles. hand I'll that, over to With
my Excellent. flip before to much, Andrew. group we background. as you could And if with the the provide started, want Thanks as I well ex so get to background next slide, just
So DC. CTO Mandiant both I a folks Nick here President work and I'm based number and years. incidents. security and consultants to organizations almost with respond XX And Vice to of out I'm been Senior at for of help other Washington like
also to organizations PWC security before And we've more we've about for the the We try the become across help risk I'm also manage at globe, attacks. that intrusions learned, I a them decade. of security worked breaches investigated mitigate them to risks. what to at help by Mandiant, helping taking resilient was all I
Next slide.
There is working… of and at name Mandiant Nick my And go. Bennett. President Vice I'm Consulting been the I've you
Nick, you just, when I mute,
name and strategic now. virtually And and been of time, Thank for practices objectives. and incident. response. a aspect consultants help transform achieve And that to years significant working XX especially is I've security for consulting Sorry. been amount security remediate incident organizations lead an defenses, offensive involved and almost to security I've Nick from of also team of architecture help at and contain our experience driving I incidents Vice we My investigations years them security I'm I President across to spent after global Consulting in their Mandiant significant Mandiant and cyber Bennett a and every you. Mandiant at also security now of architecture in the that consulting,
expertise the such manage accelerating, hoping back high that navigate next the securely our been like cloud in we've services slide to been cloud for hiring their Charles. helping to advantage things presence. to also to and demand a leverage, these the So of And future, there's you and types assets scale migrating expanding them we're
Excellent. Allright.
to want joined, are the about XX of first or So the minutes from of a about all, updates observed what the so notable you about we've year provided that six ago XX, would've months? my spend as we the may six an next you update have some months. past perspective, For saw one prior an we I of many half talking to threats that what over agenda of for on with
them occur that both we to our work security to the but be transform what to to are also terms and about from talk that want helping since drawing investments then want seeing attacks. to And things maturity going future. actually posture. need months more incident, so talk what talking over some as about order perspective need to as experience, should of of to impact defendable what considerations we're about well about the that in a after organizations a the that in incident are the security do things considerations the to now as thinking then do the security of advanced organizations of I right to risk to they talk organizations some I want that And may become mitigate from we assess cybersecurity six and enhancement and in to do to they the about for we make their the they what breach past that this both boards And a CEOs them that against the incidents response help are the are security respond we're are
right. All Andrew. slide, Next
that are seen fascinating So, of the to see some threats the past we've incredible it's and really an six things months of amount occurring.
enough the around public is restoration the financially ransomware recover we first quite I competitors, deployment the The we cover of processes. way nowadays, type be there's point we a by be nation operations so could be extortion a different see a extortion threat and could wanted sponsor also criminals need threatening and find motivated of disruption eight demands. changes business and doing it data able sometimes to now, range, just just lot and organizations about lot what place, not materially they could the victims, standard information longer ransomware And to and business to able it's got and publish that backups you to that techniques they've things an those so actors the range. like risk really criminal victim because organizations good why many to they've they're there's they're through dynamic about of mean the through no if are describe nowadays. and encryptors But a it calculus figure public don't to is pay what and victim extortent multifaceted organizations leveraging demands extortion to think that we with these operations way I dealing think it's in the the are fairly could a that multifaceted organizations, that pay exposed they're of seven to the stealing are dynamic high to state victims they're the of that sensitive because figure of to convince in data for extortion different reason And actor is a approaching that situation, or when threat disrupting to threat And be times stolen. convince from sometimes the pay other is
threat We and through organization and looking an the to to those amplify the out incident the also victim at We actively journalists victims. to extortion apply to actors see and reaching reaching angle pressure business actors customers see and partners threat out organizations.
that community, substantial lot to going are unfortunately from require extortion And paying dramatically that convince so, the in to and is multifaceted the a ransomware government, unless their changes criminals I a a to security and really motivated And businesses, monetize actors are different demands of way the organizations intrusions. support of again, lot there's this something trying threat as ways well as from which and of one changes in now victim number to we're going lot continue and see from think financially which to continue.
The that the new an second point I activity cover Government. intrusion to ongoing a by and is wanted of wave Russian
to similar most And attackers what's number party wave a organizations that's be actor the has So, in but the it's many The year to are activity this that been fifth interesting recent against actively to party to of that about Europe somewhat wave as parts activity with you going XXXX, wave the, most a the the of in but States last intrusions what organizations. terms party fourth the wave seeing third world. solar we're referred compromises, attack is organizations, organizations these third access and intrusions, conduct December and of another what's starting investigating winds from happened this of threat of attack. see are which behind Middle intrusion United party nowadays East that was the sometimes of to in of and continuing way we're activity, the in variety to them actually organizations, significant getting of compromise, we're about familiar of interesting really fascinating activity recent and other in
they get much the their seen is targets in chain more or what path so past. the we've in expanded And ultimately to intended the which attack than much
able and a And to different so, into we organization, different to that may the organization, and actively access gets access organization being number so hops intrusion one multiple investigate ultimately to see break taking to that organizations a access smaller to that of proven pretty into activity difficult to them right get digging is the intended attackers in a are the target this are be attacker to now. their get which there's
years of to identify able vulnerabilities noticed these of some there's age vulnerabilities noisy. of that to intrusions organizations. -- China-based but of five perhaps five by One notable operate We by a we known, Earlier groups I've been compared -- the half ways government contracted conducting they exploit and activities. exploitation previously intrusions. in continue were behalf MSS saw pretty variety have Chinese they years either as able are also actually employees they actually software pretty been well contractors to these the entity China's or year, of do entities There's this might we intrusions US also a loud, new are as and of seeing defense as that's There's to of were the out attackers of very that ago, work government to number VPN very maybe that to access thing as were be intrusion threat on a actors. see as China vulnerabilities that that is different about nowadays intrusion impacting get
As you organizations, lot there's a invested into intrusions compromise. evidence, of a
operators, do don't conducted that intrusions. it these they care caught, of don't the they ones attribution. the to Nowadays, that are they many about and want caught get be to get want known do they if Chinese They,
available And to time using make available, and try so difficult, commercially they're spending to intrusions. penetration cracked effort facilitate reduce to footprint testing by money more available publicly their much tools tools to a attribution of commonly lot and to of their versions help or and try
insider increased to in past them the clients months, manage monitor six governments attempting we've our that and rise organizations address collect across individuals demand the globe. from of certain also and help comes threat issue intelligence problem. Part the from insider a the and threats seen Over of to from you, work
in actors side see major have work associated certainly actions internet. of intrusions government are learn are from by perhaps then organizations steal from globe them allegations organizations a threats, look China's salaries can make extort in the typically openly organizations or and got the in and known commercial the to Thousand employees organizations and world, but they insiders. beyond paid that also the we government, they have some from where US example, as looking ways to involved researchers with that we employment income, insider threat the been data to seeing and are that for, that and on addition what's for Chinese are industry collaborate with the trying across their of estate other Talents the For US notable very leaders Program some which Chinese or professionals they nationals other sponsored notable And
tools were are but insider a many Some are find we to the we past manage the vulnerabilities. is activity of vulnerability patch also day real, are final and real threats. in a available saw the circles, threat essentially as weren't seeing available ways this in to no that the spike perhaps effective point and by are the noticing where but available trying zero of months And is and real, more organizations six exploit the knowledge And what's or that is we a publicly a known then an just the the monitor vendor. of but increase over around small to vulnerability threats, the exploitation vulnerability knowledge insider there them
of compromising we were vulnerabilities a Microsoft or entities to Excel dozens we and these Microsoft of a maybe And where actually so, Exchange and year, March in technology saw and vulnerabilities on this learned as the year, and commonly Secure of earlier example that state FTA Pulse sometimes use hundreds exchange actors entities did impacted. mass platforms and this sponsored criminals, from well exploitation, in saw as over about other, XXX,XXX variety entities
over think So years. that this the be we continued trend going next several do to a is
right, All please. activity. fascinating pretty So slide,
solution. So I organizations I remote wanted very a event few common the to attack popular about monitoring cyber-security first want notable against leveraged is and that large of an cover that a management talk events to and number a
Our RMMs that businesses were million initially zero decryor Evil this some enterprise. believed about on the the did estimates, also threat amounts or motivated to the on of for a to an group don't weekend. console of exploit large amount able that by actor of the anybody they initial of that for impacted it's of across other this extortion communications, had the a technology were threat because they computers because was particular is that after were demand The services would they criminal was which interesting vulnerabilities notable asking then impacted get that actually in that they by this this at was again, disrupt able decrypter access in year, they asked of So had that those internet out company organization different or get over a it's were very bullalicious that running incidents. a $XX administrative well their what they security money, name that a solution and organizations publicly is Evil was a that estimated to anticipated thousand it pushed thousand they we've monitor for $XX of on is Our this as July And software series million goes software vulnerabilities for solution. and universal with organizations to seen X a impacted roughly Florida-based as directly they that the lot highest And help known I million around least a made financially asked identified few all think $XX managed asked used July providers, manage RMM that but was to organizations based in day publicly provide this north across private solution. to and money actor very What ever And $XX security million. RMM shortly organizations the essentially dealt for incident asked X for and that by the the endpoints universal a to laughable for for security
Our in shortly a in operators. that discounted off been What's Russia demanded million. is demand surge President we by fairly $XX surprising what saw event $infrastructure call communication And that sites, cGroup the essentially the very so. right by just from action Biden were we disruptive sites against their disappeared in essentially particularly or group bat, where President internet happened to Putin Europe, the, all the organizations communications, months almost basically and unprecedented really called is including from criminals for the ransomware the after very internet given also knew have the Eastern on So to notable generated attacks the and about they that victim set and the from that perceived infrastructure shaming extortion actively the internet disappeared Evil two and disappeared was talking lost that that up internet,
this still to whether few surprisingly two countries immediate to were the that there Evil trying the were to resume, and pretty but of who talked were or a it's see resurfaced infrastructure were we're presidents Our and that intrusions actions Now days ago, not the, going some have about problem assess observed. notable
the RM very happened interesting that was about that that event in this this for the notable hasn't of the Evil because on Xnd started organizations. this The decrypter incidents thing that distributing other Our to it impacted really and is is a software, associated The the was technology like organization July product with past, all made available. made decryptors
from and several said as preventative think really that critical Dark that, we get is extortion critical notable fact safe this In threat Congress, organization that was in the they a environmental testified did of people that the the early threat impact changing think to actor but of there's event from from as infrastructure. and of changing measure, organization up the of the the too globe, systems very across access group the as this to perspective, reasons they close this what lot provider very the they all But a encrypted. cyber pressure a different to game that the to safety infrastructure CEO the US they a person a the much lot network operators And of over all critical the infrastructure shop a in a event digital that organizations that provider pretty positive safety think the this side, decrypter lot event Justice goes the before essentially please. certainly because a from And didn't Andrew, as did network Bitcoin from very infrastructure paid they receive attention the pay impacted provided because of a about the The human few actually got a a and just very the of days, dollars And way based an quite paid a what organization, currency to $X against Department about a or a US security to to said the incident result understand which Bitcoin slide, down is the a a threat. confirmed well notable perspective. was. the and, result, from was to a watershed everyday notable is safety government. of a security clearly vendor next about for of dark the didn't is lot that day they Side, that was shut actor action just government really of this United want people million that Now currency name ago, potential decryptor attention they digital from What's watershed very cool event that recovered actor and demand. notable States months And were about talk that this that happened perspective. outcome is and the behind day, that and threat a were by that million perspective. of compromised a able next is I I and they the, the the
that is offensive take do think desire So shows interested operations the threat extent. criminal government, of this lot some something, to US the criminal a when disrupt have they and what to operators and can actors against when it I they actions
hopeful we're that in all the actions I United And we government, really a move proud very was think, again, future. positive this this more and something see of so that States the like by
slide Next please.
have do so the quite place are help but And, happening their want they they're out they more about organizations CEOs happened they knowledge assess I again, as spend security, team do lot actually perspective, that well how think they reach event minutes advice. that and to are questions company do Because or in the clients their security through of in they a of are can these reach doing they a is as and industry lot we Y, against a guys we're the the around and security break spending but test map actually Z? times CEOs risk we get spend will from I conversations the of but be lot their a they from like basis by board attempt dollars what asked a they different to for suscepttive a company there one common in assess, to the to say, of out out a to board know, having first actually event major board the one in that this understand and spending their of the that you something us CEOs see making have. could sector members environment good cyber the does to adequate of maturity major want impacted and security that have real And And sure defenses. when network get lot they world and right mapping answer see were that the effectiveness they is on we that spend to from with help how susceptibility hand, to into of Part boards, mitigate spending perspective, be CFOs like controls weekly in hey, a defend a place we us? really there's what their cyber also to more. I to at a us really lot intrusions whatever do was don't conversations they by actually to that program security to leading especially the what of understand, the be their members how assessing So which incidents perspective. and of and are there's How of to and probably Should is considered similar practices, by are the talking less, to right ways security investments intrusions or Because a course or how on and effective security? smarter also few millions They X, ask really want by and ideally, right most about can I'm understand it of compare test questions. peers? our the their of amount? hiring of does cyber to ways
way find exercises organization attempt to paths what's effective the conducting known so to great, to data. aren't understand and are guys vulnerabilities, into be to or into what good that That's to for ways to Red right there's, that as ones, could by, very there find better. so a in hiring misconfigurations, Team the part, get the the are so investments is find to done if cybersecurity, hack all the And organization we things working and things access that to being find find that avenues are happens most or but to the made sensitive usually
could attackers, Mandiant place, is their what attacks engage platform, can very organizations as so to better at figuring advantage which help we to mature what at help hacking, really moving is done against slide, companies only but better just missed conducting companies at to them purple these that also and teaming that team And not Mandiant repeatable detect you teaming, red to through stop on place, help much controls what that able and help of it that the respond do. world over security are look needs are them that the the on ethical organizations this people processes, enables that security help were we see respond they by be to testers things exercises, a the out to do we incidents and the better do to in so where to so get detections our at better Mandiant get right this And depending on attackers better attackers and And and these, what better? that what security to next one seeing capability real validation out just to the Andrew. do was we're scale that an ongoing way automate that basis better through get as do themselves how defending are we're do trying in to specifically
Another question that systems we us certainly they get that asked there's from to prepare we that And, see CEOs are they're and to a we it critical extortion? board and destroyed. we're recover long and are or And management some do first coaching ask members ask their the boards but think as first fascinating what what asking that all gave the the I other for from and would gives. it's question time organizations business questions applications is questions of asking of the need lot to if this, how management perspective, to ask multifaceted and kind a and response helps for I technical that take is help of really to how ransomware responses
is no have idea. I response the Sometimes
it is, hours. yeah, Sometimes might take the few a response
paying a Because say, Sometimes of test or your few or I a few break every what a times that's may organizations systems encryptors, go maybe them weeks if threat DR through take lot world months. to may of hours, response to mind maker to a ultimate decision for hold into how have organization to figuring of the few the the thing take few there think single it days it? actually also real to out event might actually server you is if It's understand is when able demand. challenge is, And actually keep out hitting it or some times including would important recover a happen I a and really to true the in hold not may for the be server. quickly the so situation. be deploy organizations able those attackers actually you and and touch in assumptions actors to who would people extortion what lot that lost assumptions they're to available to ransom of a one true, And of it's not
Some by to the committee. want decision organizations make
decisioning and It's went appoint extent single Some the to that CEO assign process or be was also in which of by the organization, be to them what the to decision management? just to informed board should perhaps important Maybe should a thresholds dollar the make board they to involved. involved within the wants about decision. individual the that made certain understand, in there's get
questions, not are but have a to months. with good companies organizations. to figure of most ransom with really communications that's provides, out organization extortion it's Mandiant victim the going ransoms there's answers to capability that kind important threat really resources So also over and of capability a deal company to and dedicated the that it's And with those XX to some negotiations that understand behalf could negotiate on actors deal and because specialize again, are organizations to help then help next XX the if has other
high just important some asked, that are level I So it thought share to and with these was just community. the were again, questions it
of what we're understood -- you that are members of what's the on So to. and the mind talking some out CEOs board there
some Andrew. today's going over it slide, to cover the my threats. of to colleague, ways to I'm found that And Nick, hand Next against
the that And Charles defender's already Charles. bit to of deeper into some the or little Yeah. talked threats victims Charles said, a in Thank Great. I'm perspective the dive you, through. going as
based So some for configurations, then advantage penetration turn took taking that at architecture serious you've the few ransomware really of today, every in is to on implement reviews and and deep Charles of organizations do of to active not those deploy validation true tests, needed environment directory. key abusing time, encryptors news, now. security directory are and the processes program measures it's public about on a on-premise environments secure pretty I've they and some directory last part access I'm on years XX significant case intrusions investigating old proactively assessments active need of that breach the the scale. to dramatically the the advantage underscores breach one was exercises still exceptions roadmap earlier, resources. teams And of read obtain active and maybe has the XX thing providers, to victims' red validation active later. namely And weakness dive up years impactful been What the an robust and process for model cloud operate they a of bit and attackers and of that this of their of assessments and still a directory architecture, into findings the is ransomware active still the and platforms the over identity in the not Virtually to changed understand really of but course touch their directory holistic, in that security build touching rise to privileges those that the play of their little single like attackers operational a some going truly that and to a escalate any
in because to there implementing interconnected components. programs zero off had operating with start far was and infrastructure are the that is organizations organizations reality seamlessly where allow to came most of security would and are architecture, a cloud but architecture. that on-premise that the trust move zero from in baked trust to some And robust organizations very more these much they hybrid promise technologies security most today, although So environments from
think a I In process a fact, reasons. environments. of in of few true their has And for lot that's securing complicated different cloud cases, that
terminologies is existing on understand premise and those party integrated they've security with And environments of other teams and teams environments and don't security integrated learn a lot technologies platforms been that, all with that et needed concepts that comes of even into I third those think frankly and have deeply cloud IT and of architectures, IT different new different, and these teams cetera. then appreciate in interconnections. to One and organizations quite ways really
escalation over and back being hide of four, cloud just and a another. forth creative this between on-premise to were to cloud for lead environments privileges, the front SRV one defenders able and up from escalation the of having between we directory about, cloud talking identity the led five, that about abusing escalate the these is two, that easily created really a to groups privilege the environments time. just like and privilege technology access the has compromised pivot to talked on attacks like maintain So attackers part different to, in Charles their active environment earlier, environments way their platforms. And or Russian it's significant And
or what physical the of are -- is of assessments information but truly we the to architecture planes with there And where validation do the environment, the the assessments, to cloud So security towards impacts underscores just models, comes In And utilize intersecting model future. when biggest it and then case threats practically on-premise dive Charles resulting words ransomware need in to is in think And case security again, world. well. to especially I not organizations heart to and zero a of breaches, finally, the seen talked study third connecting technology some their deep for a again, understand IT for with holistic, architecture operational when or with other integration the with their where we specific and the then roadmaps exercises, proactively especially technology, OT. it those infrastructure cyber attack organizations to or build about in are that as things those parties. have like trust
steps like the environments infrastructure, been has computing or there's a found OT ransomware or healthcare up environment, IT org once couple separate competence. One reasons. the critical segregating had manufacturing taken if the historically things or is even to an organizations. And of environment. ends a and we IT for it usually environments, priority those So just one absolutely least But impacting those for is what energy and infrastructure for in at event OT of other that's
just down be IT even greater later. a back impact of much more is bringing environments. the practically, their environment will sometimes to still going OT to needed just be like And ransomware precaution, segmentation, there shutting bet that something victims think to lack their as just uncertainty it second how then willing OT are fallen down frankly, when there's proactively impactful and may that has up in a when an that and on of event and that you environment So a but often has piece ransomware segmentation, situation environment because much the just proactively you and is than your caused when you're entire confidence properly quite are shut IT in assets to some to much operate
to for but of idea nothing made IT absolutely new, this segmenting and prevalence attacks ransomware very very, of theoretical real. more has used what So organizations, be risk, some of OT a the
for So needs the to keeping controls and environments, those separated, the to the past I was what, And box And bucket of kind attack proactive like and with be fall the a security that from SEP human the build the in far testing really a event down in operating driven, of ransomware. in some things to confidence needs also more IT environments practicing control there architecture. to OT separate There of so need organizations organizations environments. those environment talked proactive, shutdown into them of check in in IT their this. be cases about of destructive
detection are, that do controls security detected of along portions and prevent I activity. cyber detecting those by seen most fail have environments program that and to needle significant defense, the investigate, tool at that something just gaining has completely organizations do effective important where detection complicated analysis every themselves. lot haystack. can do to And the when in a problem times, on failed responding they impossible issue to And may sets single defense is insource and not fail repeatedly own to in skills to did think based led and we've we access who that the ways. kill how successful identifying so. they that that organizations problem is outsourcing that And they an their or are on this what Almost security the to and intractable things of are for analysts a of that attacker need somewhere similar things failing lacking raising, security chain and right and information so attacker some It's And amount and historically the really from feel or just of finding promises of where about to attacker Cyber conversely, breach to more an run a just actually attackers that by it's tool organizations organizations on an it's knowledge things, it's area combat investigating being to that this So program Again, need. they And hire focused and activity. their products. perform need of organizations they the overwhelmed somewhat the to need deliver be MSSPs on and the program their talent. do to retain will effective.
of them And accelerators for do challenges. effective I and concept to to what to tackle I those concepts can into like the defense. challenges they cyber to efficient of more that with organizations areas different use by organizations And So think it's run possible those are this that mean I solutions make accelerators. one in is overcome use
this to are outsourcing done have and well So use it but outsourcing of strategically. example a that is great thinking effectively, organizations
all, be It skill attacker things of doing staff at what than the those doing, landscape, might specialized So your sets. intelligence attackers effective those are what etcetera. things determining that might include also outsiders first are more of to include threat are knowledge going and
when team advantage organizations, They doesn't like apply environment. that, into malware your capabilities, hard is is building few They positioned to it's advantage. knowledge but gathering, analysis most have better your should sense and those etcetera, those keep areas. do and or a things in-house and going better So your anomalies. in-house and to identify environment in with of a where have well-practiced to in a learn much employees team lessons, your your outsource skillsets to hunting detection distinct intelligence make areas because be have your will very certain resources resources where conversely other happy to very to expensive. them And entire should you human resources And take also
So designed Mandiant specifically it can functions know, at of in to outsource so help us seamlessly, more for make some order things at. and so do we've you organizations strategically to organizations that solutions we're to that our to best
our When need where we expertise providing demand. defense our intelligence those the and of threats things for to manage their Intel we're like find we talent. microservices part to can and forensics malware or customers offering, that consume gathering may use of training retaining challenge things without like real or as been allow advantage have knowledge So attackers so environments, and program, analysis functions customers on have really
automation. great in Another accelerator example of an his
for capital people it human And is and more the to make those those expensive. that them. the mundane So responsible incredibly harder tasks, is repeatable keep retain you humans to happy
solutions just making of defense automate you finding tackle and specifically we've efficient critical those program to tasks designed some cyberdefo to the effective. that. our So ways know, is to Again, help organizations
which security are accelerated purpose. things advantage just invested for for sets components you validation, know, last leverage detection, manual to those which of that, it the, when like design some of to on tool of Again, comes customers automates problem solve validation, and the defense, limited to helps and touch capital. that the automated So allow in specifically And those human this analysis automates resources, the intelligence. organizations having is our finally, what especially
Now, intelligence, use and to resources. leveraging focus of organizations initiative, it their use threat well efficient that the that you matter prioritize on make just they're to things more
if exercises very it's go. for over program are mentioned going it's where think I critical where mapping critical lapse directory program, active security go security et the still discovered, are our therefore dive truly the to time. robust controls you a security two assessments everything earlier investment their go time time is the to so absolutely areas I environments. pro on in organization it's areas of allowing changes and the And and do part and programs next to deep processes technologies program lapse, although, road that measure new demonstrate some beyond over built operational number of organizations of and cloud resiliency may ensuring There effectiveness over unavoidable, and more, weakened I can Even like but validation program emphasize to cetera. to important vulnerabilities are validation two, A just and technical did an to return slide. really the You security security specific
detect So respond those identify And a on and both be their validation controls. program part landscape so a over organizations focus to protect tasks that the continually sea organizations robust their well can program and time, ability just to correct. preventative when as technologies efforts helps those as to really can their large that such deviations to should course validation, validation organize a, of activity endless focused of a potential as security comes of it efforts And have could validation on. attack they
resources in defense leveraging landscape challenges maximize that the they effectively to intelligence effectiveness and have. cyber the to that similar threat this are the So do knowledge of organizations the of
controls. to for and cetera. human may to finally, driven driven purple the human testing controls penetration target and And that exercises, beings environments, human that security attacker and So intelligence a trying relevant to there's that always what approach things what place focus break on, break team, most red led like validation the where tooling simulated are and impact teaming to be exercises, end and to validation going trying techniques are into what et
not when sort ingenuity capital So but replacement you're, for experts expertise and there a, expensive. is that tasks, a viable those there's human extremely you that when of matter really subject have doing
our our manage environment customers a in for their solution way on that a that in be do integrating scale. it provide and at augmented validation in to order Mandiant advantage human capital why to robust that a validation focused exactly validation in and and the validation have is to tooling to mechanism program, we operationalize automation has attacker to So with That's that security intelligence. automatically scale
to go can You next the slide.
are of the are of the years an part over a assuming ago, time need program, still more ensured been know, robust you here has you preventable. are resiliency prepare I've organizations. think done security ethos mitigated, It for robust but This So XX are be breaches that built that validation inevitable. that We everything breaches you has Mandiant the most with and compromised. impactful said, to program, for inevitable the since point, event breaches organization can this I started to
practicing event preparing go that you and that but to plans them. the actually So compromised, and beyond that for above needs means the and developing also are preparation them, documenting
are Charles attackers rise earlier. that this some there's the Now, bit leveraging also and on questions strategic little was a of the, great preparing ransomware and Charles very think touched critically prevalence on communication but be for, that of issues tactical pieces a the And should organizations important. I example touched
the bring recover most business within The subset. the successful attacker So the, across victims look one differentiated if it's and it rise just of where victims was specifically, between probably organizations. planning this the And the that been of you recovery most ransomware for look environment, subset you resiliency backup. need systems number encryptors for victims, impact those for those ransoware, at of testing thing that environment entire highest ever in because at ability down to and of the of is from was the deploying their ransomware it's
the but has plans, of to or or can your challenges it's been getting the that So ones in at you effective organizations very that have line and ones systems back have recover be when time backup. that developed have to tasks be things have like millions some from halt. been means want proactively just doing of works has, completely that And entire individual these the but applications first active operational through and breached an prepared, be plans, need organizations not don't thought those technically dollars environment stationations, scale rebuilding retituting those operational. servers this, it's and are also track the that those through damages the documented challenging and And in for before most directory rebuilding workforce business grounded
do And a slide. summarize going that, think do You the before but can today. key takeaways we some wanted next we're in the minute go from I here, to to Q&A to of I just
in do directory, we the an stone very the of architecture and assume their And themselves importantly hardening as organization a for need have And for in finally, some automation wild, we've really over also intractable and how even during a through that need continued those to security like everything and automation adapt about cyber and it there's face driven tooling abusing underscores about of walked a going their Charles a to the defense leveraging human utilizing threat significant like aggressive all, attacks achieve you time, still proactively is right therefore exercises, part attackers stepping accomplish allow response. organizations of side, prioritize And have providers the common be and as attackers of but it to can goals. cloud accelerators strategic the strategizing compromised need achievable to effective seeing feel outsourcing resiliency been number organizations and to promise leverage assessing first program intelligence. at just technologies theme easily position So just active with been now a of that. And be the if had latest program really that, the some planned to validation things for identity problems you organizations to breach that be of and and There's by just goals. that on zero trust of we next our practicing things position organizations your and future, but solutions, robust those achieving is scale. to and needed do is help ensure the not the validation of you'll programs to
the pass and I'll next I'll back you to go to you. Andrew can So it
Great.
So questions. right now have we two
Charles, like everything anytime it on you've away soon. ransomware is is going not for first said, seems The based
pay and talk do a can considerations when has a recommend not weighing breached to been pay? about in of decision So companies don't the pay companies that ransom, for you or some company pay? is asked you the that And or
you'd look, some to dealing I'll actually all never you and to tell do questions of online to and your back through published answer get you, your pay? data think reasons that be resilient the to from always publishing about pay. to not own And business or world to a restoration or and pros the of need times should they perhaps actor the and or to you the and you encourage And should stole, robust there your back you a the recommend around have information. environment you'd a on compelled be data data but pay the is never the learning the pay, acceptable threat that it's a your to demands, the, clients have You that and get going accelerate how recover? also organization steal could are it's systems not stolen the actually that data not Yeah unfortunately, given behavior to before the the to we internet. internet, wouldn't And criminals, a to paying to want on actually able paying clear our conversation the look, because almost threat pay pay timing, question. you're recover you an you your actor don't and you you to about of minimize you is situation and of grew and more never up through we did processes really make them be when or are, backup is real event, pay that and know, And lot a protected network own. likelihood quickly great how terrorist because attacker people criteria health why find that we And want that bad do to to tend to with go can on is it's variety assumption that that, the understand ways ability online
that the it's obligation information And can on showing that up feels everything so do of it's, to feel internet. that minimize or likelihood possibly organization to you the their the
are sanctioned to treasury? by department you want You actor are to the paying? United if it's they the also Is of who pay. then illegal understand If it, States
it protocols certainly some And but could the need there's associated manage you Now, you need follow clearance you get to that. if do that. with kind to think that to to risks of to, about
actual impact paying. what understand is to the want of You not
pay that are that be or through. you when you impact a hospitals line so lot the so, criteria taken you Look, of I'll where emergency clients, have potentially offline, cities you on not offline of many services they think have bad because taken different tell literally they about backups. And there's are that and our could lives go
In know, is lady problem fact, to actually, our you pay a to times lot a the lot of really accelerate backups, clients they're that good that but their have recover looking systems. their of
to And so to want do be parallel. things they able in
or backup processes, because peace just also to much they're to some they a but going paying on perhaps the able want you quicker feel they be a, have restore to data decrytor restoration they're because want that able to know, they to through published they, help paying be So of to they're the to mind. leverage want or their perhaps they internet don't recover be they
is option available. and discussions pay do that's the that They, only go they out usually robust of lots like, we nobody this clear, unfortunately conversation feeling very because the discussion situation. a like walks a through. again, very It's to should So feel yes, ever
outcomes we're no with. find that Yeah, And variables pay of very we dealing clear. sometimes, that all there's just because the don't
seems then in validation company great And you, decide you're of boards getting What who And customers interested is the Thank pass? validation. for common to Charles. pushback aren't concept follow is like from Nick a the the idea. one most up
validation think and I there think education why there's about so to I has it company concept comes when it's boards, been an process important. of the Yeah, certainly,
of maybe not weaknesses security in ways different their and I of of assessments is and I potential boards assessments where sort the a some educating the when clearly and deep they're where are understanding of about historically talked types those versus are security think we've organizations of of what the think architecture about that to kind roadmaps of the just issues sort value in dive, of some around building assessments where process boards for. should understanding be kind what gone be in form where one those and begin the their them validation where and of those using environment talk maybe begin, of their through kind traditional exercises they what environment. more they end, should this using they we have delineated of executives And terms of I other
I definitely terms there's program education starting that about different dividends to traction I So measure last people's program of helping starting is what at just the an But pay in more boards we're get process, think been the a that. years think and that over understand it's, to of lot few one understanding and how find and of challenge weaknesses tools exposure effectiveness the the into to and face validation their that. fits that there their in they have they their different
a one But, know a way, when different I hey, get to lot agree newer we other see when relatively, have of have about the needs have know is but fix it's we some problems to things we some I they somewhat and pushing times awareness And of organizations, the there's lot of perspective, back concept say, we the pretty that by of cybersecurity lot threats. from some surprising trends do way by to push a that be think and and organizations the things. some on of And excited it there's they we some clients hear, I because of may thinking and I happen. I education my common Yeah. it's that certainly educate a -- think
now, want some of to to kind validation some right organizations to of to try they on. know be fixed build focus they they so And program fix things to want the that and later have want that
there's -- from interested sometimes they a or quarters because it And things and few now, the issues address of there while year defer address. known years now, a to or some feel and limitations they of need terms be they So they're immediately they have. they to that in in funding that know resourcing two other to to it, they time that maybe obviously need from maybe to able are
educating we've little validation it it incredible things just sort of And tool that that change think people of the also I ensuring been response, not in about I the add a resiliency, maybe return program on but but to of is over the presentation, mentioned on be that can showing an the also kind one bit for to time. showing and investment that during is and security validate
stakeholders validation the of they're changes by sort even impact program, of that, having. So that are in able to of to the the large and organizations a really that making of beginning of kind more implementing the they're roadmap beginning sort it's demonstrate a
Great.
the have. we I think that's questions all
will Charles. our you, our In have be threat event Nick, October, thank Thank So next we and in analyst CDS. in for November. briefing presentation you your
So thank you for all your time.
much. Thanks so Excellent.
We use cookies on this site to provide a more responsive and personalized service. Continuing to browse, clicking I Agree, or closing this banner indicates agreement. See our Cookie Policy for more information.