Mandiant is a platform dedicated to support SOC teams, provided by American company under the same name. Its primary task is to help in measuring effectiveness of implemented security control systems, provide analysts with up to date information about cybercrime, attack vectors and successful recognition of publicly accessible assets owned by Client. Mandiant platform consists of three modules: Advantage, Attack Surface Management and Security Validation. Together they increase security, by identifying vulnerabilities in internal network (Security Validation) and external dangers (Attack Surface Management). Both are supported by data accessible in Advantage module, gathered thanks to Mandiant analysts.

To find out more about Mandiant: 

Description of technology


Mandiant Advantage - Threat Intelligence system, supplied by real world data collected by Mandiant Incident Response Teams. They are specialists supporting companies in answering to security breaches all over the world. Mandiant Advantage allows SOC team analysts, to access complete data about APT groups, their strategies and techniques, the course of the attack and consequences of successful breach. This module can be accessed by Web interface, browser extension and can be integrated to SIEM/SOAR, EDR environment.

Mandiant Attack Surface Management - system responsible for identifying publicly accessible network resources. It automatically scans Client’s assets and Internet to discover technology, servers and potential attack vectors. Scans can be run by providing IP address, domain name, certificate, email address, GitHub account or CIDR network block. After scan finishes Client is given list of located resources containing software versions and vulnerabilities, that might be used against them. It allows keeping software up to date easily.

Mandiant Security Validation - Breach and Attack Simulation class system, allows to carry out attacks on isolated machines in Client’s network securely. As a result, it is a utility, that allows security teams to track and analyze responses of implemented security measures to real world threats. Simulations are carried out on dedicated elements provided by Mandiant. To receive as reliable results as possible, those elements reflect configuration of Client systems (software versions, operating system settings and its version). Attacks can be performed on Linux based OS, Windows and MacOS. This module allows Client to automate tasks and perform tests both manually and periodically with given parameters.

Helpful files