TMCnet News

Mandiant Equips Security Teams to Find and Stop Advanced Attacks When They Are Just Beginning with Launch of New Product Offering
[February 25, 2013]

Mandiant Equips Security Teams to Find and Stop Advanced Attacks When They Are Just Beginning with Launch of New Product Offering


SAN FRANCISCO --(Business Wire)--

Mandiant®, the leader in security incident response management, today announced the launch of its newest product, Mandiant for Security Operations. The new release enables security teams to detect, analyze and resolve security incidents in a fraction of the time required using conventional approaches. In addition to identifying compromised devices using Mandiant's proprietary intelligence, Mandiant for Security Operations helps security teams triage suspected incidents faster. It is the first and only solution that can automatically investigate endpoints for Indicators of Compromise (IOC) based on alerts generated in network security solutions, SIEMs and log management applications. Users receive the information they need, when they need it, to make rapid, accurate decisions about suspected incidents so they can stop the most critical attacks in their tracks.

"Organizations spend millions of dollars to build secure networks to keep would-be attackers at bay. Despite these investments, determined attackers continue to routinely compromise well-secured organizations and steal their intellectual property and financial assets," said Mandiant's Chief Technology Officer, Dave Merkel. "Mandiant for Security Operations allows front-line security analysts to make better and faster decisions about suspected security incidents, identify and stop targeted attacks when they begin and ensure efforts are focused on the most important issues."

Mandiant for Security Operations is an appliance-based solution that utilizes a lightweight agent deployed on endpoints to perform the following tasks:

  • Search for Advanced Attackers & the APT (News - Alert). Host-based Detection Indicators of Compromise (IOCs) provided by Mandiant identify known threats based on proprietary intelligence; users can also create their own IOCs to look for compromised endpoints. 
  • Accelerate Triage of Suspected Incidents. Automatic collection of evidencefrom endpoints and integration with SIEM solutions provides security analysts with pre-staged information about endpoints within the context of their existing workflow.
  • Find Out What Happened, without Forensics. Agents deployed to endpoints continuously monitor and record key events to establish a timeline for suspected incidents by correlating alerts with past events.  
  • Immediately Detect Compromised Devices. Instantly notifies users when a Detection IOC identifies a compromised device, eliminating the need for security teams to perform additional analysis to determine if they are valid.  
  • Eliminate Blind Spots. Innovative Agent Anywhere™ technology works through network address translation (NATs) and across public networks to monitor the endpoints your network detection products can't see and ensure all endpoints in the organization are covered.
  • Search for the Most Dangerous Threats. Integrates with advanced malware detection and other devices monitoring your perimeter so you can identify the most dangerous threats of all - those that are already present on your network.  
  • Contain Endpoints. Take non-destructive action to isolate compromised devices and deny attackers access to systems while still allowing remote investigation.



Mandiant for Security Operations is compatible with all SIEM solutions using the Common Event Format (CEF). In addition, technical partnerships with FireEye (News - Alert) and Palo Alto Networks guarantee pre-configured and certified interoperability with those companies' network-based solutions.

Mandiant will be conducting demonstrations of this new product in Booth #2439 at RSA (News - Alert) Conference 2013 in San Francisco. More information about Mandiant for Security Operations can be accessed online at www.mandiant.com/products.


About Mandiant

Mandiant is the leader in security incident response management. Headquartered in Alexandria, Virginia, with offices in New York, Los Angeles, San Francisco and Reston, Virginia, Mandiant provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and the world's leading law firms. The authors of 12 books and quoted frequently by leading media organizations, Mandiant security consultants and engineers hold top government security clearances and certifications and advanced degrees from some of the most prestigious computer science universities. To learn more about Mandiant visit www.mandiant.com, read the company blog, M-unition™ http://blog.mandiant.com, follow on Twitter (News - Alert) @Mandiant or Facebook (News - Alert) at www.facebook.com/mandiantcorp.


[ Back To TMCnet.com's Homepage ]