Mandiant
To find out more about Mandiant: https://www.mandiant.com/
Description of technology
Mandiant Advantage - Threat Intelligence system, supplied by real world data collected by Mandiant Incident Response Teams. They are specialists supporting companies in answering to security breaches all over the world. Mandiant Advantage allows SOC team analysts, to access complete data about APT groups, their strategies and techniques, the course of the attack and consequences of successful breach. This module can be accessed by Web interface, browser extension and can be integrated to SIEM/SOAR, EDR environment.
Mandiant Attack Surface Management - system responsible for identifying publicly accessible network resources. It automatically scans Client’s assets and Internet to discover technology, servers and potential attack vectors. Scans can be run by providing IP address, domain name, certificate, email address, GitHub account or CIDR network block. After scan finishes Client is given list of located resources containing software versions and vulnerabilities, that might be used against them. It allows keeping software up to date easily.
Mandiant Security Validation - Breach and Attack Simulation class system, allows to carry out attacks on isolated machines in Client’s network securely. As a result, it is a utility, that allows security teams to track and analyze responses of implemented security measures to real world threats. Simulations are carried out on dedicated elements provided by Mandiant. To receive as reliable results as possible, those elements reflect configuration of Client systems (software versions, operating system settings and its version). Attacks can be performed on Linux based OS, Windows and MacOS. This module allows Client to automate tasks and perform tests both manually and periodically with given parameters.