1) What is the difference between internal detection and external notification? What does the trend show us?
2) What does “dwell time” measure? What type of attacks have skewed the more dramatic reduction in dwell time?
3) In the section “APT Named in 2019”, what makes an APT unique in their behavior over time compared to other threat actors?
4) Figure 4 on page 27 shows a breakdown of TTPs used by APT 41. What is CVE-2019-3396? Here is the National Vulnerability Database description:
5) Review the Highlights in the section “The Pulse of Security” on page 29. Should defenders spend time understanding publicly available attacker tools
and malware or is that a waste of time because attackers will just use their own stuff?
6) What were the five most common malware families involved in FireEye investigations in 2019?