Mandiant® - Detect. Respond. Contain.

Mandiant for Security Operations™

What It Is.

Mandiant for Security Operations is an appliance-based solution that helps security teams connect the dots between what is happening on their network and what is happening on their endpoints. It actively sweeps your endpoints for signs that advanced attackers, including the Advanced Persistent Threat (APT), are in your environment using Mandiant’s Indicators of Compromise (IOC). When other security solutions, such as SIEM, network security and log management tools alert you to a potential incident, Mandiant for Security Operations can verify what devices have been impacted so you can contain compromised devices and resolve the incident.

Mandiant Platform

Find & Stop Advanced Attackers

Request a Call


  • Automatic Host Triaging

    Evaluate & prioritize network alerts.
  • Bi-Directional Integration

    Works with SIEM, network & log management.
  • Agent Anywhere™

    Broad endpoint coverage that works through NAT.
  • Endpoint Containment

    Isolate compromised devices & deny attackers access.

What It Does.

Mandiant for Security Operations provides the complete picture required to find and scope targeted attacks as they are unfolding. It searches for advanced attackers using Mandiant’s proprietary intelligence and also generates new Indicators from alerts triggered by network security solutions, log management solutions and SIEMs. These auto-generated Indicators analyze the impacted endpoints, quickly find other devices affected by the incident and allow you to isolate and contain the compromised devices.

Search for Advanced Attackers & the APT

Host-based Detection Indicators of Compromise identify threats missed by antivirus solutions including advanced attackers and the APT.

Integrate Endpoint Security with Network Security

Seamlessly integrate with your SIEM and existing network security devices monitoring your perimeter to learn about current attacks and search for compromised endpoints.

Accelerate Triage of Suspected Incidents

Automatically retrieve evidence from endpoints related to events flagged by perimeter monitoring solutions so security analysts can immediately triage alerts and escalate incidents that pose the greatest risk.

Find Out What Happened without Forensics

Agents continuously monitor network, file and registry activity for key events so organizations can establish a timeline for suspected incidents without time consuming disk acquisition or forensic analysis.

Cover All Endpoints

Innovative Agent Anywhere™ technology works through NATs and across public networks to ensure all endpoints in the organization are covered.

Contain Endpoints

Take non-destructive action to isolate compromised devices and deny attackers access to systems while still allowing remote investigation.