SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Mandiant Breach Analytics now available for Google Cloud Chronicle
Thu, 20th Oct 2022
FYI, this story is more than a year old

Mandiant Breach Analytics is now available for Google Cloud’s Chronicle Security Operations suite to assist enterprises in ensuring their security is robust and minimises business risks.

Mandiant Breach Analytics brings together the company’s threat intelligence and the power of Google Cloud Chronicle Security Operations suite and comes as part of its mWISE Conference 2022.

Mandiant notes that threat actors are becoming increasingly sophisticated and aggressive in their attacks, targeting enterprises of all sizes throughout every industry.

In addition, the company acknowledges global median dwell, which it defines as the duration between the beginning of a cyber intrusion and when it is identified.

It says that currently, global median dwell sits at an average of 21 days and that being able to find and respond to a breach quickly is crucial to ensuring business operations are maintained.

Mandiant Breach Analytics is intended to give organisations the means to reduce attacker dwell time by continuously monitoring events in Chronicle for current, relevant indicators of compromise (IOCs) and applying contextual information and machine learning to prioritise the matches.

Further, active insights into threats provide businesses with the ability to quickly take action to mitigate the impact of targeted attacks while bringing down the cost of current approaches.

“When news breaks on the latest active breach, organisations frequently find themselves scrambling to determine if they’ve been compromised as well, exacerbating time and resources by manually hunting for IOCs,” says Mike Armistead, Head of Mandiant Advantage Products at Mandiant.

“Mandiant Breach Analytics solves this problem by automatically analysing IT environments for signs of an active breach leveraging Mandiant’s up-to-the-minute insight on and prioritisation of threats.

“The integration with Chronicle Security Operations can deliver immediate value to our shared customers, helping them to rapidly detect and respond to a breach.”

Enterprise benefits of Mandiant Breach Analytics include:

More robust cyber defence posture

Powered by the Mandiant Intel Grid, Breach Analytics uses up-to-the-moment breach intelligence and expertise gleaned from Mandiant’s incident responders, analysts and threat hunters, enabling organisations to put that intelligence into action without timely and costly security engineering.

Gain insight into breach activity in IT environments

This offering includes enhanced automation and contextual decision models, which allow it to intuitively adapt to a customer’s unique IT environment, irrespective of the size of their organisation, industry or security controls deployed in the cloud, on-premises, or hybrid.

The module also automatically analyses current and historical logs, events and alerts for matches to IOCs as they are discovered in real-time.

Analyse cloud-scale security data

Using Google Cloud’s hyper-scalable infrastructure, security teams are able to analyse security telemetry and retain that data much longer than the industry standard at a price point that’s fixed and predictable.

Build resilience against the biggest threats

Breach Analytics has been designed to allow organisations to find incidents as they occur, reducing dwell time and enabling them to quickly resume their regular business operations.

Minimise the cost of current approaches

Noting that many companies rely on manual inspection and processes, or traditional SIEM rule matching to identify IOCs, Mandiant says these methods suffer from the lag of threat intelligence content. As a result, it can take months or years for information from breaches to make it into threat intelligence reports and feeds.

Moreover, simple matching rules either create volumes of false positives or miss targeted indicators. Breach Analytics can deliver superior productivity by automating IOC matching and prioritisation.

The offering is available to Chronicle Security Operations users, with Mandiant planning additional SIEM integrations.