Know the threats that matter right now.
Mandiant Threat Intelligence gives security practitioners unparalleled visibility and expertise into threats that matter to their business right now. Our threat intelligence is compiled by over 385 security and intelligence individuals across 29 countries, researching actors via undercover adversarial pursuits, incident forensics, malicious infrastructure reconstructions and actor identification processes that comprise the deep knowledge embedded in the Mandiant Intel Grid. Threat Intelligence can be delivered as a technology, operated side-by-side with your team, or fully managed by Mandiant experts.
Understand Active Threats to You and Your Peers
Improve defenses by understanding cyber crime actors, motivations and behaviors targeting your organization.
Prioritize Resources to Address TTPs that Matter
Prioritize vulnerabilities and exposures by exploitation state and risk rating.
Operationalize Threat Intelligence through Mandiant Advantage
Leverage the Mandiant Advantage Platform to operationalize and optimize threat intelligence and easily integrate with third party tools.
The Forrester Wave™: External Threat Intelligence Services, Q1 2021
Get an evaluation of the 12 most significant vendors that offer external, threat intelligence services and see why Forrester named Mandiant a leader.
What Makes Us Different
Why Mandiant Threat Intelligence will tell you more about your adversaries than anyone else
Over the last 15+ years, we have gained a reputation as the industry’s premier incident responder, attending 1000+ incident response engagements annually.
Mandiant Threat Intelligence deploys 300+ intelligence analysts and researchers located in 23 countries. We collect up to 1 million malware samples per day from more than 70 different sources.
We monitor approximately 4 million virtual guest images deployed globally in 102 countries, generating tens of millions of sandbox detonations per hour, confirming 50,000 - 70,000 malicious events per hour.
Our Managed Defense team performs detection and response services for over 300 customers from four international Cyber Threat Operations Centers.
Ransomware: Attackers' top choice for cyber extortion
Ransomware is one of the most active and profound threats facing organizations today across all industries and sizes. Years after WannaCry attacks impacted businesses across the globe, stealthy ransomware infections continue to dominate headlines and board discussions. In this panel session, a team of experts discuss the business imperatives of which senior IT leaders should be aware.
Explore Our Cyber Threat Intelligence Subscriptions
Investigate publicly known threats with insights from Mandiant experts.
Included in free:
- Global dashboard
- Public intelligence and descriptions
- Actor, malware, and vulnerability info
- OSINT indicator with IC_Score
- Mandiant news analysis
Register for Mandiant Advantage Free
Mandiant Threat Intelligence offers both free and paid subscriptions. To register, all we need are a few details.
Download the browser plug-in
Once you have registered, you can download the browser plug-in from the Google Chrome Web Store or Firefox Browser Add-ons.
We provide weekly, in-person updates for executive decision-makers on emerging cyber crime trends.
Explore the other Mandiant Advantage Modules
Threat Intelligence FAQ
CTI is refined insight into cyber threats. Intelligence teams use credible insight from multiple sources to create actionable context on the threat landscape, threat actors and their tactics, techniques and procedures (TTPs). The effective use of CTI allows organizations to make the shift from reactive to becoming more proactive against threat actors.
Proactive security refers to the use of credible threat intelligence to understand the malware and TTPs threat actors use and the vulnerabilities they exploit to target specific industries and regions. Organizations use this intelligence to implement, configure and adjust security tools and train staff to thwart attacks.
A threat actor is a person or group of people who conduct malicious targeting or attacks on others. Typically motivated by espionage, financial gain or publicity, threat actors may conduct a full campaign alone or work with other groups who specialize in specific aspects of an attack.
Assuming we all agree that a “threat” is defined as a plan or inclination to attack as opposed to an “attack” which is an existing or previously successful breach. Identifying active threats can be done using threat intelligence which will help provide context into the threat actors and malware impacting your specific region or industry. Another method to identify active threats is by scanning the open, deep and dark web for chatter around your organization, personnel, technology or partners. By identifying threats like these security professionals can proactively adjust their defenses to block or reduce the impact of a potential attack.
- Strategic – High level trends used to drive business decisions and security investments
- Operational – Contextual information on impending threats to the organization, used by security professionals to understand more about threat actors and their TTPs.
- Tactical – Understanding of the threat actor TTPs, used by security professionals to stop incidents and make defensive adjustments.