Breach Analytics for Google Cloud Chronicle

Breach Analytics for Google Cloud Chronicle

Share post

Mandiant announces Mandiant Breach Analytics offering for Google Cloud Chronicle. Mandiant Breach Analytics combines Mandiant's industry-leading threat intelligence with the power of Google Cloud's Chronicle Security Operations suite.

The offering is SaaS-based and leverages threat intelligence gathered from Mandiant's "cyberfront" incident response operations.
Customers can use it to quickly identify indicators of compromise (IOCs) and reduce the impact of an attack.

Attackers spend an average of 21 days on the victim's network

Attackers are becoming increasingly sophisticated and aggressive in their tactics, targeting organizations of all sizes and industries. This is reflected in the global average dwell time – the time between the start of a cyberattack and its identification. This dwell time in the victim's network is 21 days on average. Being able to quickly detect and respond to an attack is critical to ensuring business operations.

With Mandiant Breach Analytics, organizations can shorten the dwell time of attackers. To do this, Chronicle continuously monitors incidents for current relevant indicators (IOCs) and uses contextual information and machine learning to prioritize hits. With an active threat insight, organizations can take quick action and minimize the impact of targeted attacks while reducing costs compared to traditional approaches.

Strengths of Client Breach Analytics

  • Strengthening of cyber resilience: Powered by the tenant Intel Grid, Breach Analytics leverages the most up-to-date information on attack methods and leads. Combined with the expertise of Mandiant's world-class incident responders, analysts and threat experts, this threat intelligence can be leveraged without time-consuming and costly security engineering.
  • Insights into attack activity in IT environments: Breach Analytics' advanced automation and contextual decision models intuitively adapt to the customer's unique IT environment. This happens regardless of the size of the company, the industry or the security mechanisms used in the cloud, on-premise or in a hybrid model. The module automatically analyzes current and historical logs, events and alerts in Chronicle in real-time for matches to IOCs as they are discovered.
  • Analysis of security data in the cloud: Leveraging Google Cloud's hyper-scalable infrastructure, security teams can analyze security telemetry and retain that data for significantly longer than the industry standard—at a fixed and predictable price.
  • Building resilience against top threats: Breach analytics is designed to help organizations identify incidents as soon as they occur. This shortens attacker dwell time and allows organizations to quickly return to normal business operations.
  • Reduction of costs of the current procedures: Many organizations rely on manual checks and processes or a traditional SIEM framework to identify attacks. These methods suffer from the lag of threat intelligence content: It can take months or years for information from analysis of successful attacks to flow into threat intelligence reports and feeds. In addition, simple matching rules often result in either a large number of false positives or miss targeted attacks. Breach Analytics can deliver huge productivity gains by automating IOC reconciliation and prioritization.

“When news of the latest active vulnerability breaks out, companies often frantically try to find out if they've been compromised as well. This adds a significant amount of time and resources to manually searching for IOCs,” said Mike Armistead, Mandiant's head of Mandiant Advantage Products.

Breach Analytics finds attacks

“Mandiant Breach Analytics solves this problem by automatically analyzing IT environments for signs of an active attack. To do this, Mandiant's current findings on threats and their prioritization are used. The integration with Chronicle Security Operations can deliver immediate value to mutual customers, helping them reliably detect attacks and respond to them quickly.”

More at Mandiant.com

 


About Mandiant

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.


 

Matching articles on the topic

Wireless security for OT and IoT environments

Wireless devices are becoming more and more common. This increases the number of access points through which attackers can penetrate networks. A new ➡ Read more

Professional cybersecurity for SMEs

Managed detection and response (MDR) for SMEs 24/7, 365 days a year. The IT security manufacturer ESET has expanded its offering ➡ Read more

Prevent malicious software from starting

A cyber protection provider has added a new feature to its security platform. It improves cybersecurity by preventing the launch of malicious or ➡ Read more

Pikabot: camouflage and deceive

Pikabot is a sophisticated and modular backdoor Trojan that first appeared in early 2023. His most notable quality lies in ability ➡ Read more

Ransomware-resistant WORM archives for data backup 

A data archive is a must for every company. Few people know: An active WORM archive can help to streamline data backup, ➡ Read more

Danger of election manipulation through cyber attacks

Cyberattackers are attempting to influence elections around the world using generative AI technology. The latest findings from the Global Threat Report ➡ Read more

Detect and defend against threats

In today's digitalized business landscape, combating threats requires a continuous, proactive and holistic approach. Open Extended ➡ Read more

Backup for Microsoft 365 – new extension

A simple and flexible Backup-as-a-Service (BaaS) solution extends data backup and ransomware recovery functionality for Microsoft 365, reducing downtime ➡ Read more