FireEye Stories

The Intelligence Sources That Fuel Mandiant Advantage

On average, cyber security attacks can go undetected for 56 days, according to FireEye’s M-Trends 2020 report. This represents an improvement over the 78-day global median dwell time in 2019, however, 56 days is still enough time to do plenty of damage.

Cyber threat actors are constantly changing their approach and becoming trickier to uncover. Gone are the days when MD5, AP or Domain threats were publicly announced to stop or detect threat actors. By the time the threat details are published in open source or public forums, the actors have usually moved on, leaving teams to waste time and other resources on outdated information.

In today’s dynamic business environment, real-time threat data backed by advanced research is required. With the newly launched Mandiant Advantage: Threat Intelligence, we are now delivering unmatched, up-to-the-minute intelligence that provides security operations with real-time data directly from the front lines. While finished intelligence remains an important enabler for risk decision makers to understand major threat actors, motivations, targets and key tactics, operations teams need turnkey actionable and up-to-the minute access to threat intelligence to respond fast and accurately. Mandiant Advantage is able to deliver that threat intelligence in real time to modern security teams.

To build highly-trusted security intelligence, Mandiant relies on four different sources.

  1. Breach intelligence through Mandiant incident response engagements. Every year Mandiant executes more than 850 engagements worldwide, feeding Mandiant threat researchers deep, end-to-end insight about the specific ways malicious actors penetrate organizations around the globe and the tactics and malware they use to compromise data and systems.
  2. Operational intelligence from Mandiant Managed Defense. Mandiant has five dedicated Security Operations Centers (SOCs) tasked to proactively find and reveal unidentified threat activity. Mandiant investigates these in customer environments, ingesting nearly 100 million events annually, actively validating in excess of 21 million cyber security threats.
  3. Machine intelligence from FireEye security solutions. FireEye products protect millions of devices across all industries worldwide, identifying global malicious activity targeting enterprise users and corporate assets. This machine intelligence is extracted from 15,000 network sensors in 56 countries, recording tens of millions of malware detonations per hour and scanning 65 million emails per day.
  4. Adversarial intelligence by Mandiant researchers. Our teams deliver thousands of customer-driven intelligence research initiatives whereby we are asked to investigate unique potential threats in relation to an organization. These drives our research department to continuous review requirements and stay in lockstep with emerging threat-risk visibility needs. Also, Mandiant deploys more than 300 analysts speaking more than 30 languages across 25 countries to produce intel reports that detail threat activities discovered in the wild and on the dark web.

Expertise aggregated over 13 years of investigations and red team exercises has created unrivaled threat modeling methodologies and lead to Mandiant’s ability to deliver specialized intelligence about criminal threat actors, vulnerabilities and their exploits.

One other area Mandiant is able to deliver on is attribution. By continuously evaluating threat activity clusters from a variety of sources, Mandiant experts not only uncover new malware or attacks, they also will link it back to existing clusters and shape actor profiles. A dedicated team of “fellow analysts” continually track actor activities and develop actor profiles, with an assessment of the risk they pose to organizations. This assembly of analysis helps security organizations to protect against threat actors and make the necessary changes to their IT landscape with accuracy, relevance and quality based on a combination of Mandiant's data sources and expertise. 

A full view and timely understanding of actors, malware, vulnerabilities and adversarial behaviors provides valuable cyber defense insights both when responding to an attempted attack or when proactively assessing external threats. Mandiant not only has the most relevant front-line threat data, but our attribution and analysis provides customers with the additional insights they need to prevent, detect and respond to the threats that matter to them.

Head over to our website to learn more about Mandiant Advantage: Threat Intelligence and try it for free.