Mandiant Breach Analytics empowers enterprises to gain insight on breach activity in IT environments

Mandiant released Mandiant Breach Analytics for Google Cloud’s Chronicle. Mandiant Breach Analytics combines Mandiant’s threat intelligence with the power of the Google Cloud Chronicle Security Operations suite to help organizations improve security effectiveness and reduce business risk.

Threat actors continue to escalate the sophistication and aggressiveness of their attacks, targeting businesses of all sizes and across all industries. With global median dwell time—defined as the duration between the start of a cyber intrusion and when it is identified—averaging 21 days, being able to quickly discover and respond to a breach is critical to maintaining business operations.

Mandiant Breach Analytics is designed to enable organizations to reduce attacker dwell time by continuously monitoring events in Chronicle for current, relevant indicators of compromise (IOCs) and applying contextual information and machine learning to prioritize the matches. With active insight into threats, organizations can rapidly take action to mitigate the impact of targeted attacks, while reducing the cost of current approaches.

Mandiant Breach Analytics can empower organizations to:

• Strengthen cyber defense posture: Fueled by the Mandiant Intel Grid, Breach Analytics leverages up-to-the-moment breach intelligence and expertise gleaned from Mandiant’s world-class incident responders, analysts and threat hunters, enabling organizations to put that intelligence into action without timely and costly security engineering.
• Gain insight on breach activity in IT environments: Breach Analytics enhanced automation and contextual decision models can intuitively adapt to a customer’s unique IT environment—regardless of the organization’s size, industry or security controls deployed in the cloud, on-premises, or hybrid. The module automatically analyzes current and historical logs, events and alerts for matches to IOCs as they are discovered in real time.
• Analyze cloud-scale security data: By leveraging Google Cloud’s hyper-scalable infrastructure, security teams can analyze security telemetry and retain that data much longer than the industry standard at a price point that’s fixed and predictable.
• Build resilience against the threats that matter most: Breach Analytics is engineered to allow organizations to find incidents as they occur, reducing dwell time and enabling organizations to quickly get back to normal business operations.
• Reduce the cost of current approaches: Many organizations rely on manual inspection and processes, or traditional SIEM rule matching to identify IOCs. These methods suffer from the lag of threat intelligence content – it can take months or years for information from breaches to make it into threat intelligence reports and feeds. Further, simple matching rules either create volumes of false positives or miss targeted indicators. Breach Analytics can deliver tremendous productivity gains by automating IOC matching and prioritization.

“When news breaks on the latest active breach, organizations frequently find themselves scrambling to determine if they’ve been compromised as well, exacerbating time and resources by manually hunting for IOCs,” said Mike Armistead, Head of Mandiant Advantage Products at Mandiant. “Mandiant Breach Analytics solves this problem by automatically analyzing IT environments for signs of an active breach leveraging Mandiant’s up-to-the-minute insight on and prioritization of threats. The integration with Chronicle Security Operations can deliver immediate value to our shared customers, helping them to rapidly detect and respond to a breach.”

The offering is available to Chronicle Security Operations users, with additional SIEM integrations planned.