Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
Inside the Sony Breach
Novetta CEO LaMontagne on Lessons Learned from the AttackSecurity vendor Novetta recently led an independent investigation into the 2014 Sony breach. What lessons were learned, and how do they apply to today's threat landscape? Novetta's Peter LaMontagne shares key findings.
Operation Blockbuster is the name of the investigation into the breach, which Novetta attributes to an entity known as the Lazarus Group, which may be responsible for several other major breaches.
LaMontagne, CEO of Novetta, explains the reason behind the investigation:
"We wanted to help our customers understand at a technical level what exactly happened with the Sony hack, why it was significant and, most importantly, we wanted to ensure that our customers were equipped with the right technical resources to examine their own networks and protect their information assets."
Novetta agrees with initial reports attributing the Sony attack to threat actors based in North Korea. "And what was really significant about the nature of this attack is that we saw simultaneously occurring: this notion of a ransomware approach; actual vandalism of wiping discs; as well as counter-intelligence, or stealing information," he says. "This notion of a multi-pronged attack being coordinated by a single actor is really inconsistent with most threat-actor groups that we see."
In an interview about the investigation and lessons learned, LaMontagne discusses:
- What was unique about the Sony attack;
- The attackers' methodologies;
- How these lessons apply to incidents we see today.
LaMontagne is responsible for establishing and guiding Novetta's corporate strategy as well as overall performance.
Before the formation of Novetta, he served as Senior Vice President and an executive lead in the cybersecurity practice at CACI. Prior to CACI, he was President and CEO at Paradigm Holdings, Inc., a private equity backed cybersecurity and digital forensics firm acquired by CACI in September 2011. At Paradigm, he built an advanced cyber defense capability with a sharp focus on countering advanced persistent threats, including penetration testing and malware reverse engineering. From 1999 through 2006, he worked at ManTech International, where he played a leading role in strategic planning, acquisitions, and execution of the growth strategy, including support for the IPO and follow-on offering in 2002. LaMontagne began his career by serving as a US Foreign Service Officer and was posted at the U.S. Embassy in Beijing, China from 1993 to 1996 and is a Mandarin linguist.