Mandiant announces Mandiant Breach Analytics offering for Google Cloud Chronicle. Mandiant Breach Analytics combines Mandiant's industry-leading threat intelligence with the power of Google Cloud's Chronicle Security Operations suite.
The offering is SaaS-based and leverages threat intelligence gathered from Mandiant's "cyberfront" incident response operations.
Customers can use it to quickly identify indicators of compromise (IOCs) and reduce the impact of an attack.
Attackers spend an average of 21 days on the victim's network
Attackers are becoming increasingly sophisticated and aggressive in their tactics, targeting organizations of all sizes and industries. This is reflected in the global average dwell time – the time between the start of a cyberattack and its identification. This dwell time in the victim's network is 21 days on average. Being able to quickly detect and respond to an attack is critical to ensuring business operations.
With Mandiant Breach Analytics, organizations can shorten the dwell time of attackers. To do this, Chronicle continuously monitors incidents for current relevant indicators (IOCs) and uses contextual information and machine learning to prioritize hits. With an active threat insight, organizations can take quick action and minimize the impact of targeted attacks while reducing costs compared to traditional approaches.
Strengths of Client Breach Analytics
- Strengthening of cyber resilience: Powered by the tenant Intel Grid, Breach Analytics leverages the most up-to-date information on attack methods and leads. Combined with the expertise of Mandiant's world-class incident responders, analysts and threat experts, this threat intelligence can be leveraged without time-consuming and costly security engineering.
- Insights into attack activity in IT environments: Breach Analytics' advanced automation and contextual decision models intuitively adapt to the customer's unique IT environment. This happens regardless of the size of the company, the industry or the security mechanisms used in the cloud, on-premise or in a hybrid model. The module automatically analyzes current and historical logs, events and alerts in Chronicle in real-time for matches to IOCs as they are discovered.
- Analysis of security data in the cloud: Leveraging Google Cloud's hyper-scalable infrastructure, security teams can analyze security telemetry and retain that data for significantly longer than the industry standard—at a fixed and predictable price.
- Building resilience against top threats: Breach analytics is designed to help organizations identify incidents as soon as they occur. This shortens attacker dwell time and allows organizations to quickly return to normal business operations.
- Reduction of costs of the current procedures: Many organizations rely on manual checks and processes or a traditional SIEM framework to identify attacks. These methods suffer from the lag of threat intelligence content: It can take months or years for information from analysis of successful attacks to flow into threat intelligence reports and feeds. In addition, simple matching rules often result in either a large number of false positives or miss targeted attacks. Breach Analytics can deliver huge productivity gains by automating IOC reconciliation and prioritization.
“When news of the latest active vulnerability breaks out, companies often frantically try to find out if they've been compromised as well. This adds a significant amount of time and resources to manually searching for IOCs,” said Mike Armistead, Mandiant's head of Mandiant Advantage Products.
Breach Analytics finds attacks
“Mandiant Breach Analytics solves this problem by automatically analyzing IT environments for signs of an active attack. To do this, Mandiant's current findings on threats and their prioritization are used. The integration with Chronicle Security Operations can deliver immediate value to mutual customers, helping them reliably detect attacks and respond to them quickly.”
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.