Mandiant, Inc.
announced the general availability of Mandiant Breach Analytics
for Google Cloud's Chronicle. Mandiant Breach Analytics combines
Mandiant's industry-leading threat intelligence with the power of the
Google Cloud Chronicle Security Operations suite to help organizations
improve security effectiveness and reduce business risk.
Threat actors continue to escalate the sophistication and aggressiveness
of their attacks, targeting businesses of all sizes and across all
industries. With global median dwell time-defined
as the duration between the start of a cyber intrusion and when it is
identified-averaging 21 days, being able to quickly discover and respond
to a breach is critical to maintaining business operations. Mandiant
Breach Analytics is designed to enable organizations to reduce attacker
dwell time by continuously monitoring events in Chronicle for current,
relevant indicators of compromise (IOCs) and applying contextual
information and machine learning to prioritize the matches. With active
insight into threats, organizations can rapidly take action to mitigate
the impact of targeted attacks, while reducing the cost of current
approaches.
Mandiant Breach Analytics can empower organizations to:
-
Strengthen cyber defense posture: Fueled by the Mandiant Intel Grid,
Breach Analytics leverages up-to-the-moment breach intelligence and
expertise gleaned from Mandiant's world-class incident responders,
analysts and threat hunters, enabling organizations to put that
intelligence into action without timely and costly security engineering.
-
Gain insight on breach activity in IT environments: Breach
Analytics enhanced automation and contextual decision models can
intuitively adapt to a customer's unique IT environment-regardless of
the organization's size, industry or security controls deployed in the
cloud, on-premises, or hybrid. The module automatically analyzes current
and historical logs, events and alerts for matches to IOCs as they are
discovered in real time.
-
Analyze cloud-scale security data: By leveraging Google Cloud's
hyper-scalable infrastructure, security teams can analyze security
telemetry and retain that data much longer than the industry standard at
a price point that's fixed and predictable.
-
Build resilience against the threats that matter most: Breach
Analytics is engineered to allow organizations to find incidents as they
occur, reducing dwell time and enabling organizations to quickly get
back to normal business operations.
-
Reduce the cost of current approaches: Many organizations rely on
manual inspection and processes, or traditional SIEM rule matching to
identify IOCs. These methods suffer from the lag of threat intelligence
content - it can take months or years for information from breaches to
make it into threat intelligence reports and feeds. Further, simple
matching rules either create volumes of false positives or miss targeted
indicators. Breach Analytics can deliver tremendous productivity gains
by automating IOC matching and prioritization.
"When news breaks on the latest active breach, organizations frequently
find themselves scrambling to determine if they've been compromised as
well, exacerbating time and resources by manually hunting for IOCs,"
said Mike Armistead, Head of Mandiant Advantage Products at Mandiant.
"Mandiant Breach Analytics solves this problem by automatically
analyzing IT environments for signs of an active breach leveraging
Mandiant's up-to-the-minute insight on and prioritization of threats.
The integration with Chronicle Security Operations can deliver immediate
value to our shared customers, helping them to rapidly detect and
respond to a breach."