
Threat Actor Assurance Module
Test your controls against real threat actors
As featured in:





Integrate Threat Intel
Seamlessly integrate with leading third-party threat intelligence platforms to produce data.

Populate Library
Generate a detailed library of known threat actors, how they operate, and run evaluations and sequences.

Test & Evaluate
Safely and continuously perform tests in your own environment to protect against known threat actors.
Enhanced Defense
Make the latest threat intelligence actionable
The world is under near constant attack from cyber criminals, state-sponsored actors, and other entities that have the potential to impact the safety and security of your organization. With Mandiant Threat Actor Assurance Module (TAAM), you control whether or not you are prepared to meet today's most formidable cyber adversaries.

Take Security Validation to the next level with Threat Actor Assurance Module (TAAM).


Enhanced Defense
Information is automatically retrieved and collected, with consolidated actor profiles.

Perform Tests
Security defenses are tested with the same behaviors used by your adversaries.

MITRE ATT&CK
Tactics, techniques, and procedures are mapped to the MITRE ATT&CK framework.

Present Results
Gain an accurate understanding of which threat actor groups could compromise your organization
Introduction
Welcome to the Threat Actor Assurance Module (TAAM)
This award-winning product is a supplemental module for the Security Instrumentation Platform. TAAM allows your organization to proactively leverage existing threat intelligence and validate security posture against specific threat actors.


Dashboard
Visualize security controls performance against real threat actors
The TAAM dashboard provides a visualization of how your security controls perform against various Threat Actors. Each panel is populated based on the results of actions that have been run.
All users can resize, move panels, and update panel options and dates. Admins can update the default, system-wide dashboard, and organize panels as they see fit.
Integrations
Connect to third-party threat intelligence platforms
By default these sync every 24 hours – you can have them paused, change the frequency of the sync. The information coming in is slightly different based on what's available.

Threat Intelligence Integration Partners / Compatbility:






Threat Actor Library
Populate your library with a selection of known threat actors
Threat actor library is populated by retrieving information from your Threat Intelligence Integration Platforms (TIPs) or by manually creating a Threat Actor Profile.
Information for each threat actor is consolidated into unique threat actor profiles, including threat actor tactics, techniques, procedures, aliases.
Threat Actor Profiles
Understand your adversaries in actionable terms
From a threat actor profile, you can run evaluations and sequences that are related to that threat actor and jump to the most recent job results.
Customer Story
A healthcare customer discovered major inconsistencies with their defenses in different parts of their network from attacks by APT41, a dual espionage and criminal threat actor that commonly targets their industry. TAAM allowed them to focus on improving their defenses against this attacker and demonstrate preparedness to their leadership.


Captive IOC
Safely evaluate performance without triggering actual botnets
Captive IOC (Indicators of Compromise) Actions allow for the safe evaluation of defensive performance related to blocking communication with publicly-routable destination addresses for a threat actor, using proxy/nat communication rules between actors.
What's your Threat Actor 2.0 strategy?
Challenged by how to validate
your security against today's most advanced threat actors?
Our
industry experts stand ready to help.