Frequently Asked Questions
Have a question that hasn't been
answered here? Get in touch with us today.
Does Mandiant Security Instrumentation Platform
require integrations to work?
No. Mandiant SIP does not require integrations to
work. It can run tests and provide basic results without them.
However, integrations are essential to providing evidence of the
effectiveness of cybersecurity controls. Most organizations are
leveraging as little as 25% of the prevention functionality of their
controls due to misconfiguration, weak out-of-the-box configurations
and environmental drift. Mandiant SIP's integrations enable it to
provide the customer a prescriptive set of steps to quickly optimize
those controls. Without this level of visibility, it is impossible to
clearly understand the results of tests.
Platforms that simply provide a list of attacks that
are "blocked or not" do not provide the complete picture an
organization needs to make decisions and, worse, encourage a path
forward based on inaccurate assumptions.
Are integrations complicated to install and configure?
No. Mandiant SIP leverages the control’s native APIs
for the integration, making it quick and easy to set up. Integrations
are provided “out of the box” with the Director, so there is nothing
to install. Typically, all that is required for configuration is a
valid, read-only user account and password from the control.
What types of controls does Mandiant SIP test?
Mandiant SIP can validate the effectiveness of
network, endpoint, email and cloud controls. Common network controls
tested include next-gen firewalls (NGFW) and traditional firewalls
(FW), intrusion detection systems (IDS), intrusion prevention systems
(IPS), malware sandboxes, web application firewalls (WAF), proxies and
data loss prevention (DLP) systems. Common endpoint controls tested
include tools like anti-virus (AV), host-based intrusion prevention
systems (HIPS), software firewalls, and detection and response tools
(EDR). Beyond traditional endpoint controls, Mandiant SIP can also be
leveraged to validate user and group policies, as well as Active
Directory Group Policy (GPO) and even identify and access management
Does Mandiant SIP test endpoint controls?
Yes. Verodin can test controls on Windows, Mac and
Linux endpoints. Tests can be run in the context of a user leveraging
the host’s command line interface or even tools like Powershell on
Does Mandiant SIP have a rest API?
Yes. The Director is effectively an API server that
the web UI is built off of. Mandiant has a fully documented REST API
and is committed to making 100% of SIP’s functionality available,
accessible and executable from the REST API.
Does my team need to be "mature" to get
value from Mandiant SIP?
No. Mandiant's customers range from mid-market
organizations with a security team of 2-3 employees and a technical
CISO all the way up to the largest Financial Services and Oil &
Gas companies in the world. SIP is both powerful and extremely easy to
use. For less mature organizations, Mandiant SIP provides a platform
to maturity. SIP enables their defenders to be more offensive and
helps guide them along the path of ultimately providing the evidence
needed to know their cybersecurity controls are effective.
Is Mandiant SIP a Breach and Attack Simulation (BAS) tool?
The Breach and Attack Simulation (BAS) “category”
has a pretty loose collection of vendors that don’t fall into more
traditional categories and, in some situations, are not even
competitive. This is not unusual for early markets and, over time,
will likely break into at least three more distinct categories:
companies focused on providing the business evidence of controls
effectiveness, companies providing an attack simulation tool for the
purpose of essentially becoming "vulnerability scanning
2.0", and companies specifically focused on advanced threats and
realism of using those advanced threats for high-skill training.
Mandiant provides the ability to quantify if
cybersecurity controls are effective and properly offsetting the
business’ risk as intended. To do this, we focus on validating that
controls are correctly configured, identifying where controls can be
optimized, quantifying control gaps and overlap, and then continuously
validating the environment against a known-good baseline in order to
detect and quickly remediate environmental drift.