Mandiant Threat Intelligence is now offered on the Google Cloud Platform and provides users with visibility into the latest threats with curated cyber threat intelligence. With industry-leading expertise, world-class threat intelligence, and planet-scale analytics for security operations, Google Cloud customers can now better protect their systems and data. Mandiant Threat Intelligence provides robust cybersecurity services to help organizations protect their data and infrastructure from cyber threats. Here are some key aspects of Mandiant Threat Intelligence in Google Cloud:
- Threat Detection and Response: Mandiant offers advanced threat detection capabilities, enabling organizations to identify and respond to security incidents swiftly. This includes real-time alerts and actionable insights to mitigate threats.
- Threat Intelligence Reports: Organisations can access detailed intelligence reports that provide in-depth analysis of cyber threats, attacker tactics, techniques, procedures (TTPs), and emerging vulnerabilities.
- Security Operations: Mandiant supports the security operations of organizations by enhancing their incident response capabilities. This includes threat hunting, digital forensics, and post-incident analysis.
- Integration with Google Cloud Security Services: Mandiant integrates seamlessly with Google Cloud’s security services, such as Chronicle, Google Cloud’s security analytics platform. This integration helps to aggregate and analyze vast amounts of security data to identify potential threats.
- Expertise and Support: Clients benefit from Mandiant’s experienced cybersecurity experts who provide strategic guidance, incident response support, and tailored security solutions to meet specific organizational needs.
- Proactive Defense: By leveraging Mandiant’s intelligence, organizations can adopt a proactive approach to cybersecurity, identifying and addressing vulnerabilities before attackers exploit them.
Overview of Mandiant Threat Intelligence
Log in to the Mandiant Advantage Threat Intelligence dashboard. The home page provides a high-level overview of all the intelligence available on the platform.
Actor Activity: Tracks changes in observed activity over time based upon an aggregation of threats from victim environments and tactics techniques and procedures or TTP. Other topics in the dashboard are Top Malware by Indicators, Most Active Vulnerabilities, Activity Trend, Top Actors by Indicators, and Latest Reports.
You can adjust the time of observation for all overviews on the home page.
Within these topics on the dashboard, you can click on an entity to be taken directly to the corresponding page in the platform.
Move to the Navigation bar on the top of the home page, and click on the Explore tab to dive down into different categories of information available on the platform.
Click on Actors from the drop-down list of Explore—mendiant over 340 threat actors at any one time. But you can use the Filters and Search bar to select the industry and region and see the threats targeting organizations. If you follow certain actors they will be saved on a special dashboard for quick viewing. You can pivot to the page for more details. Also, you can easily navigate to MITRE ATTACK to see the Mitre TTPs associated with this actor.
Click on the Indicators tab to sort the results for specific actors.
Return to the Explore tab and click Campaign from the drop-down list. Here the Mandiant depicts the most recent actor activity. Helping teams to better prioritize mitigation and response action in preparation for the next attack.
Navigate to the Explore tab and select Malware and Tools. Mandiant provides information for over 5200 malware and tools that you can filter. And you can pivot directly to the page for any malware listed here. Mandiant additionally provides the YARA rules which can also be downloaded.
Again go to the Explore tab and select MITRE ATTACK. Here you can use the filters and search bar to create a profile. You can either select actors one by one or click on ADD ALL and Next to view the Mitre heat map of adversary TTPs. This heat map shows the number of selected actors associated with each technique or sub-technique to aid in prioritizing mitigation efforts.
Select Vulnerabilities from Explore. Mandiant tracks 235,000 known vulnerabilities. Mandiant provides a matrix that exemplifies how Mandiant uses the combination of risk ratings and exploitation states to help drive vulnerability prioritization. This vulnerability is critical with exploitation which confirms why they occur.
Anything in the top right corner of this graph should get your immediate attention and be patched as quickly as possible.
Conclusion
With Mandiant’s world-class intelligence and advanced tools, organizations can quickly understand the threat landscape, proactively set security strategies, and prioritize mitigation.
Metclouds Technologies can provide advanced cybersecurity solutions to detect, analyze, and respond to cyber threats in your cloud.