Mandiant for Security Operations™
What It Is.
Mandiant for Security Operations is an appliance-based solution that helps security teams connect the dots between what is happening on their network and what is happening on their endpoints. It actively sweeps your endpoints for signs that advanced attackers, including the Advanced Persistent Threat (APT), are in your environment using Mandiant’s Indicators of Compromise (IOC). When other security solutions, such as SIEM, network security and log management tools alert you to a potential incident, Mandiant for Security Operations can verify what devices have been impacted so you can contain compromised devices and resolve the incident.
Find & Stop Advanced Attackers
“With Mandiant, we believe we can determine the scope of an attack so that we can respond faster, limit losses and minimize the disruption to our ongoing business.”
-- Global Security Architect, Manufacturing Company
Automatic host triaging based on alerts from your network & SIEM devices connects the dots to your endpoints so you can follow up on the most important alerts immediately.
Freeze attackers in their tracks by isolating compromised devices with a single click while preserving your ability to remotely investigate the endpoint.
Automatic Host TriagingEvaluate & prioritize network alerts.
Bi-Directional IntegrationWorks with SIEM, network & log management.
Agent Anywhere™Broad endpoint coverage that works through NAT.
Endpoint ContainmentIsolate compromised devices & deny attackers access.
What It Does.
Mandiant for Security Operations provides the complete picture required to find and scope targeted attacks as they are unfolding. It searches for advanced attackers using Mandiant’s proprietary intelligence and also generates new Indicators from alerts triggered by network security solutions, log management solutions and SIEMs. These auto-generated Indicators analyze the impacted endpoints, quickly find other devices affected by the incident and allow you to isolate and contain the compromised devices.
Search for Advanced Attackers & the APT
Host-based Detection Indicators of Compromise identify threats missed by antivirus solutions including advanced attackers and the APT.
Integrate Endpoint Security with Network Security
Seamlessly integrate with your SIEM and existing network security devices monitoring your perimeter to learn about current attacks and search for compromised endpoints.
Accelerate Triage of Suspected Incidents
Automatically retrieve evidence from endpoints related to events flagged by perimeter monitoring solutions so security analysts can immediately triage alerts and escalate incidents that pose the greatest risk.
Find Out What Happened without Forensics
Agents continuously monitor network, file and registry activity for key events so organizations can establish a timeline for suspected incidents without time consuming disk acquisition or forensic analysis.
Cover All Endpoints
Innovative Agent Anywhere™ technology works through NATs and across public networks to ensure all endpoints in the organization are covered.
Take non-destructive action to isolate compromised devices and deny attackers access to systems while still allowing remote investigation.