
Security Validation Technology
Counter the evolving threats to government networks and infrastructure
Start validating cybersecurity effectiveness with evidence-based data, realize ROI from your cybersecurity strategy, and measure against cybersecurity KPI's.

Introduction to Security Validation
Meet your new end-to-end cybersecurity strategy and validation process
Mandiant Security Validation instruments IT environments at scale to test the effectiveness of network, endpoint, email and cloud controls. Continuously execute tests and analyze results to proactively alert on drift from a known-good baseline and validate control configuration. The end result is you are now equipped with evidence demonstrating if an environment's controls are actually delivering the desired business outcomes.
How Security Validation Technology Works

Consultation
Schedule a meeting with a technical advisor and account consultant to learn more about your unique needs.

Evaluation
We will formulate an ideal combination of the main platform, additional modules, and actors.

License & Implementation
Licensing Mandiant Security Validation is straightfroward and your director is available within weeks.
The Director
Your primary interface to validate all aspects of your platform
The director can be thought of as the "central brain" of Mandiant Security Validation. The director is available as a SaaS platform (our cloud or yours), or as an on-premises solution in both virtual appliance and installable software formats.


Integrations
250+ Integrations with industry-leading technologies
The Director seamlessly integrates with an organization's defensive stack across network, endpoint, email and cloud controls. These integrations enable the director to continuously validate how effective controls are and where they are misconfigured.
Actors
Replicate realistic attacks across a range of type and sophistication
Mandiant Security Validation actors perform tests in the production IT environment to validate and assess controls effectiveness. Actors come in four primary control types to ensure test safety and provide a granular, in-depth understanding of defense posture.


Network Controls
Network controls inspect network traffic and act as both the source and destination of a test, sending traffic between each other to see how the network control responds.

Email Controls
Email controls counter phishing, emails containing malware, and data leaving the production IT environment. Tests include Microsoft Exchange, Office 365, and others.

Endpoint Controls
Endpoint actors execute tests within a user context to measure access to resources, attempt privilege escalation, exfiltrate data, and other behaviors across the kill chain.

Cloud Controls
Cloud actors test commonly deployed AWS and Azure controls. Virtual host and API options are available, depending on cloud platform and services being tested.

Effectiveness Validation Process (EVP)
Validate that your controls are working properly against threats as configured with detection, alert, miss, and prevention rates in real time
As the Director instructs Actors to run tests, it continuously validates by querying the controls in the environment to determine what they are seeing, which are blocking, what detection events are generated, and if those events are properly formatted and make it through the network maze to their destination. Once at their destination - likely a SIEM, log management platform, or analytics engine - the Director validates that the events are properly timestamped, correctly parsed, and if the correlation rules and threat models defined actually generate an alert.
Dashboards & Reports
Rest safely with an accurate understanding of your overall cybersecurity posture
The Director analyzes the results of the tests run in the environment and provides reports designed to enable customers to measure and validate where their effectiveness is today, manage the dynamic environment and evolving threat landscape on a daily basis, and show improvement over time with real, evidence-based data.

Advanced Modules
Additional components applied with Mandiant Security Validation for enhanced security posture and special use cases.
Threat Actor Assurance Module (TAAM)
Combine the latest threat intelligence from our partners with Mandiant Security Validation to automatically test defenses against ever-evolving threat actor behaviors, visualize results, and enable your business to achieve optimum protection.

Advanced Environmental Drift Analysis (AEDA)
AEDA performs automated and continuous analysis of this Effectiveness Validation Process (EVP) compared to the known-good baseline across a customer's business zones. AEDA constantly analyzes the environment for drift and proactively bringing it to your attention before it is too late.

Protected Theater
Protected Theater is not required for testing endpoint controls, but it offers the ability to safely perform potentially dangerous and destructive tests on customers' endpoint defenses with real malware to determine what threats their endpoint controls will and will not block.

Cloud Theater
Cloud Theater is a Mandiant-hosted external actor that can be used for ingress and egress tests like malware download, C2 traffic and data exfiltration. Some organizations choose to host their own external Actors, while others use a mix of Cloud Theater and their own hosted Actors.
Frequently Asked Questions
Have a question that hasn't been answered here? Get in touch with us today.
Whitepaper
Automate Testing Against MITRE ATT&CK
By automating MITRE ATT&CK emulations, your team is freed from labor intensive, manual testing. Begin generating results within hours of initial implementation by leveraging our security content library and mapping tools.

Faster Implementation
Begin generating results within hours by leveraging our security content library and mapping tools.

Save Time & Money
Free your team from labor intensive, manual testing by automating MITRE ATT&CK.

Identify Gaps Sooner
Easy to understand dashboards provide visualized data over time against your known baseline.

More Accurate Results
Our robust library of attacks across all 12 threat vectors fully represent the attack lifecycle.

Increase Confidence
Continuously validate your defense coverage by safely executing attack behaviors.

Best in Class
While most companies focus on basic subset coverage, we provide full depth of the adversary landscape.

Advanced Module
Threat Actor Assurance Module (TAAM)
Add TAAM today to make the latest threat intelligence actionable. Integrates with leading threat intelligence providers and allows for highly detailed threat actor testing within MITRE ATT&CK framework.

Automate Integration
Information is automatically retrieved and collected from third party threat intel integrations, with consolidated actor

MITRE ATT&CK Ready
Tactics, techniques, and procedures are mapped to the MITRE ATT&CK framework.

Perform Tests
Security defenses are tested with the same behaviors used by your adversaries.

Present Results
Gain an accurate understanding of which threat actor groups could compromise your organization.
Featured resources for Leadership & Board
Interview
Jeff Vinson - Texas Healthcare Provider
Interview
Steven Edwards - United American Life Insurance
Report
2020 Mandiant Security Effectiveness Report
Starting security validation from scratch?
Chances are you're ignoring
valuable security data that can be gathered via instrumentation.
Future-proof your security posture today.