Mandiant® - Detect. Respond. Contain.

Threat Landscape

Attackers Get Through Conventional Safeguards Every Day

Malware Only Tells Half of the Story

When your defenses are circumvented you want to be the first to know. To respond, you need evidence of the compromise. While malware is an element, 46% of compromised machines have no malware on them. To scope and combat targeted attacks you need to
find all evidence of compromise.

  • Unauthorized Use of Valid Accounts

  • Trace Evidence & Partial Files

  • Command & Control Activity

  • Known & Unknown Malware

  • Suspicious Network Traffic

  • Valid Programs Used for Evil Purposes

  • Files Accessed by Attackers

Evidence of Compromise. It’s Much More than Malware.

It's a "Who" not a "What";
Targeted Attackers Are Professional,
Organized & Well-Funded.

When a determined attacker has targeted you they can be relentless. They pick their targets for a reason. They know what they are looking for and they move with lightning speed to get what they want.

Targeted

Targeted malware and spear phishing are just the latest tools attackers use to initiate an intrusion. While the attacker only needs to succeed once, security organizations must prevent 100% of attacks – an unrealistic goal.

Persistent

Once inside, persistent attackers execute a series of activities to entrench themselves and compromise your systems. If you manage to kick them out, rest assured they will be back.

The Facts Speak for Themselves

There is no such thing as perfect security. Attackers get smarter and change tactics all of the time.
Companies who have made responsible and sustained investments in IT continue to be compromised.

100%

of victims have up-to-date anti-virus software

63%

of breaches are reported by
third parties

243

median number of days advanced attackers are on the network before being detected

100%

of breaches involved stolen credentials

Different Threat Actors Have Different Motivations... And Tactics

To combat advanced attackers you need to know what they are looking for and how they operate.
Mandiant understands the threats you face because we’re on the front lines every day.

Nuisance Threats
Nuisance Threats
Objective:

Launch Points & Nuisance

Examples
  • Botnets
  • Spam
Characteristics

Neither targeted nor persistent.

Targets
  • Anyone, including individuals, small companies and large enterprises.
Economic Espionage
Economic Espionage
Objective:

Economic Advantage

Examples
  • Advanced Persistent Threat
Characteristics Targeted Persistent
Targets
  • Virtually any industry with an emphasis on blue chip companies.
Organized Crime
Organized Crime
Objective:

Financial Gain

Examples
  • Credit Card Theft
Characteristics Targeted Persistent
Targets
  • Enterprises that process credit cards or handle money such as retailers, banks & credit card processors.
Hacktivists
Hacktivists
Objective:

Defamation & Public Policy

Examples
  • Anonymous
  • LulzSec
Characteristics Targeted
Targets
  • Any organization.