Mandiant Builds on SIEM, Adds Threat Intelligence for Google Cloud Chronicle Security Operations

Highlights:

• Mandiant Breach Analytics combines Mandiant’s industry-leading threat intelligence with the power of the Google Cloud Chronicle Security Operations package to assist enterprises in enhancing security effectiveness and minimizing business risk.
• With active threat intelligence, enterprises may swiftly reduce the impact of targeted assaults while minimizing the cost of their current techniques.

Mandiant, Inc. stated that Mandiant Breach Analytics for Google Cloud’s Chronicle is generally available. Mandiant Breach Analytics combines Mandiant’s industry-leading threat intelligence with the power of the Google Cloud Chronicle Security Operations package to assist enterprises in enhancing security effectiveness and minimizing business risk.

Threat actors continue to increase the sophistication and ferocity of their attacks against organizations of all sizes and sectors. With a global median dwell time— the time between the beginning of a cyber attack and its discovery — of 21 days, the ability to promptly detect and respond to a breach is crucial for continuing corporate operations. Mandiant Breach Analytics is meant to shorten attacker dwell time by continually monitoring events in Chronicle for current, relevant indicators of compromise (IOCs) and using contextual information and machine learning to rank the matches. With active threat intelligence, enterprises may swiftly reduce the impact of targeted assaults while minimizing the cost of their current techniques.

Mandiant Breach Analytics can empower organizations to:

Boost cyber defense posture: Breach Analytics, powered by the Mandiant Intel Grid, makes use of the up-to-the-moment breach intelligence and know-how gathered from Mandiant’s elite incident responders, analysts, and threat hunters, enabling organizations to act on that intelligence without the need for time-consuming and expensive security engineering.

Gain insight into IT environment intrusion activity: Regardless of the organization’s size, industry, or security policies installed in the cloud, on-premises, or hybrid, Breach Analytics’ increased automation and contextual decision models can intuitively adapt to a customer’s specific IT environment. The module automatically examines current and historical logs, events, and alarms for matches to IOCs in real-time, as they are identified.

Analyze cloud-scale security data: Using Google Cloud’s hyper-scalable infrastructure, security teams may analyze security telemetry and preserve that data far longer than the industry norm at a predictable cost.

Develop resiliency against the most significant threats: Breach Analytics is designed to enable enterprises to detect incidents as they occur, lowering dwell time and allowing organizations to return to regular business activities swiftly.

Reduce the expense of current methods: Many firms depend on human processes and inspections or conventional SIEM rule matching to find IOCs. The threat intelligence content lag hinders these techniques; breach-related data may take months or even years to appear in threat intelligence reports and feeds. Simple matching methods can miss targeted signs or generate large numbers of false positives. Breach Analytics may significantly increase efficiency by automating IOC prioritization and matching.

Mike Armistead, Head of Mandiant Advantage Products at Mandiant, said, “When news breaks on the latest active breach, organizations frequently find themselves scrambling to determine if they’ve been compromised as well, exacerbating time and resources by manually hunting for IOCs. Mandiant Breach Analytics solves this problem by automatically analyzing IT environments for signs of an active breach leveraging Mandiant’s up-to-the-minute insight on and prioritization of threats. The integration with Chronicle Security Operations can deliver immediate value to our shared customers, helping them to detect and respond to a breach rapidly.”