Identify Advanced Threats
Mandiant’s Threat Assessment is a unique service that allows organizations to evaluate their networks for the presence of advanced attack group activity. Threat Assessments have helped organizations identify and address issues that, in some cases, had existed for years and resulted in the theft of valuable intellectual property.
Overview of Services
Designed for Targeted Organizations
Over the past several years advanced attack groups – often backed by organized crime syndicates and nation states – have targeted government agencies, defense contractors, financial services firms, research labs, retailers, law firms, energy companies, transportation companies and many others. These advanced attackers develop custom malware and use tactics that can often be difficult to detect using conventional approaches.
Mandiant has conducted hundreds of investigations where advanced attack groups have compromised well-guarded networks and removed valuable information. During the course of these investigations, Mandiant has developed specialized knowledge about how advanced attack groups operate. The Threat Assessment couples that intelligence and experience with Mandiant’s proprietary technology to determine if attackers are currently in the environment or have been active in the past.
Deploying Network- & Host-Based Inspection Technology
Proprietary technology is deployed at Internet egress points and on host systems such as servers, workstations and laptops.
Assessing Environment Using Intelligence from Prior Investigations
Mandiant has developed a detailed library of Indicators of Compromise (IOCs) that utilize host-based artifacts and network traffic signatures to identify the presence of attackers. Mandiant consultants apply these IOCs to evaluate servers, workstations and laptops within the network for evidence of current and past attacker activity.
Assessing Environment for Anomalies
Mandiant consultants use their knowledge of the attack groups and their tendencies to assess the hosts and network traffic for evidence of attacker activity. In this case the focus is on “edge analysis” – systems that have different attributes than the vast majority of other similar systems in the environment.
When Mandiant identifies Indicators of Compromise or anomalies, consultants draw on skills that range from forensic imaging to malware and log analysis to either confirm it reflects malicious activity or eliminate it as a false positive.
At the conclusion of the Threat Assessment, Mandiant provides a detailed report that summarizes the approach taken and the findings.