Mandiant

Threat Sweeping

Are you compromised? How did the attacker get in? What systems are involved? How entrenched are the attackers? Intrusions in a production network are like needles in a haystack. Mandiant tells you when you’ve been successfully breached by sweeping every endpoint and monitoring network activity for indicators of compromise.

Endpoint Sweeping: Sweeps tens of thousands of endpoints in hours for evidence of compromise.

Network Threat Detection: Identifies active attacks including beaconing, command and control activity and data theft.

Threat Intelligence: Detects with the latest host- and network- based intelligence from Mandiant’s experience on the front lines.

Covers the Largest Environments: Quickly locates every system accessed in a breach, even if compromised independently.

Identifies All Evidence of Compromise: Finds known malware, general malware behaviors and non-malware attacker tactics.

OpenIOC Support: Investigate with your own custom indicators or with those shared by others using the OpenIOC standard.

Threat Scoping

Where did the attack start? What are they trying to steal? What’s the attacker’s next move? When you’ve been breached the investigation needs to be fast, penetrating, precisely targeted and stealthy. Mandiant helps you quickly understand the scope of an attack by remotely investigating compromised machines so you can stop it before critical loss occurs.

Deep-Dive Forensics: Perform a thorough analysis of any host over the network to determine what attackers are doing.

Memory & Disk-Based Analysis: Comprehensive memory- and disk-based examination ensures you get a complete picture.

Identify Data Exfiltration Staging Sites: Uncover when and where attackers are staging data in preparation to steal it.

Find Attackers When They Cover Their Tracks: In-depth raw disk forensics uncovers hidden, deleted and partial files.

Develop New Indicators of Compromise: As you uncover new attacker tactics develop IOCs to look for them everywhere.

Remediate in the “Strike Zone”: Get full situational awareness of an attack so you don’t tip off the attackers when you act.

Threat Containment

How do you kick the attackers out? When should you take action? How will you know that you are secure? Different threats require different responses. Mandiant directs your response with actionable guidance based on our experience on the front lines.

Actionable Analysis: View details of each incident including what systems the attackers are on and what they are doing.

Containment Recommendations: Understand what actions need to be taken (and when) in order to contain the threat.

Track Incident Response Metrics: Track your progress for key IR metrics including time-to-containment and total incidents.

Mandiant Surge Support: Access Mandiant surge support when incidents get too large for you to handle on your own.

Threat Intel Management

How do you tell a targeted attack from a commodity threat? Responding to determined attackers requires that you be as smart as their last attack. Mandiant helps you learn from every attack – not just your own. If we’ve seen it before (and chances are we have) we’ll be looking for it on your network.

Mandiant Threat Intelligence: Access Mandiant’s proprietary library of indicators of compromise (IOC).

Create & Edit Your Own Intel: Develop your own custom indicators using the OpenIOC format.

Share Threat Intel: Share indicators of compromise from your malware analysis with other Mandiant users.

Automate Malware Analysis: Analyze malware samples to understand their risk and generate new indicators.

Search for Compromise Based on the Latest Intel: Mandiant lets you search for new threats right away – not just read about them.

The Mandiant Platform

Detect, Respond & Contain Advanced Targeted Attacks

Managing Your Next Security Breach Should Be Routine Business

Mandiant Platform

Threat Sweeping

Threat Scoping

Threat Containment

Threat Intel Management