Press Releases

St. Louis, MO., Jan. 27, 2010, DOD Cyber Crime Conference (Booth 210) – MANDIANT, the information security industry’s leading provider of incident response and computer forensics services and solutions, today announced formal distribution of its inaugural M-Trends report at the U.S. Department of Defense: Cyber Crime Conference 2010 in St. Louis.

M-Trends spans seven years of lessons learned on the front lines of intrusion investigations for the U.S. government, defense industrial base and commercial organizations. The 29-page report details malware capabilities and techniques and other highly complex and sophisticated attack schemes used by the Advanced Persistent Threat (APT) across a breadth of organizations. Content presented in M-Trends has been derived by MANDIANT from unclassified environments and sanitized to protect victim identity and data.

"M-Trends breaks new ground in the understanding, information sharing and continuing evolution of the APT and other sophisticated threats and attacks targeted at government and commercial organizations," said MANDIANT Executive Vice President Michael Malin. "MANDIANT is pleased to give back to the industry through M-Trends, sharing perspectives and insights that advance the collective good and protect our nation’s infrastructure, assets and interests."

APT attacks, cited as the subject of recent high-profile commercial investigations, are an orchestrated deployment of sophisticated and perpetual attacks that have systematically compromised computer networks in the public and private sector for years.  The APT hides in plain sight and avoids detection by making outbound connections using common network ports and services, providing remote access to critical infrastructure controls and sensitive information.

Cover-to-cover, M-Trends features a comprehensive executive summary; a section on APT attack trending and correlation; illustrative case studies from government, defense industrial base and commercial environments; and what to expect if you are a victim of the APT.

Following is an excerpt from the Conclusion of M-Trends:

The APT isn’t just a government problem; it isn’t just a defense contractor problem; and it isn’t just a military problem. The APT is everyone’s problem. No target is too small, or too obscure, or too well defended. None is too large, too well‐known, or too vulnerable. It’s not spy‐versus‐spy espionage. It’s spy‐versus‐everyone.

Classic "prevent and detect" techniques do not effectively counter the APT. They can easily defeat normal defenses. The enemy successfully evades anti‐virus software, network intrusion detection and under-equipped incident responders. They use sophisticated techniques to conceal their presence: hiding malware on their target’s own hosts and exfiltrating data in its own network traffic.

The APT’s goals are twofold. Of course, they steal information to achieve economic, political and strategic advantage. But more importantly, they establish and maintain an occupying force in their target’s environment, a force they can call on at any time. When the APT wants additional data from a target, they don’t need to re‐establish a presence. They simply call on their existing assets, locate, steal and exfiltrate the data they need.

To download a copy of M-Trends, please visit http://www.mandiant.com/products/services/m-trends
. 
In addition to real-world experience as incident response and forensic analysts, MANDIANT consultants and principals have completed advanced degrees from some of the most prestigious computer science universities; authored seven books on incident response and computer forensics; and hold top government security clearances and industry certifications. MANDIANT also maintains a firm commitment to providing high-quality training and breakthrough freeware development.

MANDIANT Intelligent Response™ (MIR), the company’s flagship software, is the security industry’s first enterprise-grade incident response management solution. MIR accelerates the collection and analysis of data in support of incident response, electronic discovery and corporate investigations. Combining the knowledge of expert incident responders and enterprise software engineers, MIR enables precise data collection and advanced analysis in a highly scalable, multi-tier, modular appliance-based solution.

For the latest on MANDIANT’s industry-leading service and solution offerings, dynamic career opportunities, and a wealth of company resources, visit the company’s new and enhanced web site at www.mandiant.com.