Know the threats that matter right now.

Mandiant Threat Intelligence gives security practitioners unparalleled visibility and expertise into threats that matter to their business right now. Our threat intelligence is compiled by over 500 threat intelligence analysts across 30 countries, researching actors via undercover adversarial pursuits, incident forensics, malicious infrastructure reconstructions and actor identification processes that comprise the deep knowledge embedded in the Mandiant Intel Grid. Threat Intelligence can be delivered as a technology, operated side-by-side with your team, or fully managed by Mandiant experts.

Understand Active Threats to You and Your Peers

Unify

Improve defenses by understanding cyber crime actors, motivations and behaviors targeting your organization.

Prioritize Resources to Address TTPs that Matter

Shield

Prioritize vulnerabilities and exposures by exploitation state and risk rating.

Operationalize Threat Intelligence through Mandiant Advantage

Automate

Leverage the Mandiant Advantage Platform to operationalize and optimize threat intelligence and easily integrate with third party tools.

ANALYST REPORT

Forrester WaveTM: External Threat Intelligence Service Providers, Q3 2023

Get an evaluation of the 12 most significant vendors that offer external threat intelligence services and see why Forrester named Google a leader.

What Makes Us Different

Why Mandiant Threat Intelligence will tell you more about your adversaries than anyone else

Breach Intelligence

icon

Over the last 15+ years, we have gained a reputation as the industry’s premier incident responder, attending 1,100+ incident response engagements annually.

Adversary Intelligence

icon

Mandiant Threat Intelligence deploys 500+ intelligence analysts located in 30 countries. We collect up to 1 million malware samples per day from more than 70 different sources.

Machine Intelligence

icon

We monitor approximately 4 million virtual guest images deployed globally in 102 countries, generating tens of millions of sandbox detonations per hour, confirming 50,000 - 70,000 malicious events per hour.

Operational Intelligence

icon

Our Managed Defense team performs detection and response services for over 300 customers from four international Cyber Threat Operations Centers.

WEBINAR

Ransomware: Attackers' top choice for cyber extortion

Ransomware is one of the most active and profound threats facing organizations today across all industries and sizes. Years after WannaCry attacks impacted businesses across the globe, stealthy ransomware infections continue to dominate headlines and board discussions. In this panel session, a team of experts discuss the business imperatives of which senior IT leaders should be aware.

Explore Our Cyber Threat Intelligence Subscriptions

Free

Investigate publicly known threats with insights from Mandiant experts.

Included in free:

  • Global dashboard
  • Public intelligence and descriptions
  • Actor, malware, and vulnerability info
  • OSINT indicator with IC_Score
  • Mandiant news analysis

Security Operations

Detect persistent or unseen attacks. Accelerate investigation and response.

Everything in Free plus:

  • Mandiant dynamic host and malware views
  • Indicators and Yara rules
  • MITRE ATT&CK and graph views

Fusion

Build an informed cyber defense strategy with our most comprehensive, all-inclusive threat intelligence subscription.

Everything in Security Operations plus:

  • Mandiant FINTEL reports
  • Vulnerability analysis
  • Dark web monitoring search

Customer reviews validated by

"Lots of vendors say that they have the leading threat intelligence, however, the focus is typically on inputs. Mandiant Advantage is a divergence from the traditional path. By consolidating expertise-backed products and services under Mandiant, customers get a vendor-agnostic view into the effectiveness of outcomes. This pairing makes Mandiant truly differentiated."
IDC logo

Chris Kissell

Research Director at IDC
indicator-confidence-score.jpg
PRIORITIZE THREATS, STREAMLINE INSIGHTS​

Get expert insights and context

Search for threat indicators by IP, URL, domain and file hash to get expert-based indicator confidence score (IC-Score), timing and actor context. Navigate quickly between actors, malware, tactics and vulnerability reports to get a 360-degree view of ongoing threat activity, plus receive daily news analysis with insights from Mandiant specialists to determine which news sources to trust and why.

Intel Reports and Analysis Partial
GO DEEPER

Receive to-the-minute intelligence with analysis

Mandiant’s unique data intelligence gathering, research, curation and dissemination enables organizations to obtain threat actor ahead of other vendors. Based on activity clusters, Mandiant graduates threat actors and provides transparency through ancestry timeline views and graph views.

product screen shot
INTEGRATED INTELLIGENCE​

Browser Plug-in and API

Embed and overlay the most recent threat insights into any web page or security analytics tool, including SIEMs, NTAs and EDRs, with Mandiant’s browser plug-in or API. Reduce the need to pivot between multiple tools by viewing news analysis, indicator scoring and threat context as they appear on the page or click the links to access further detail.

Campaign Timeline Image
THREAT CAMPAIGNS

Anticipate, identify and respond to threats with more confidence

Gain visibility into active threat campaigns affecting your industries, regions and peers with the Threat Campaigns feature in Mandiant Threat Intelligence. It provides actionable insight more quickly, driving better prioritization and mitigation of current and future threats.

Getting Started

STEP ONE

Register for Mandiant Threat Intel Free

Mandiant Threat Intelligence offers both free and paid subscriptions. To register, all we need are a few details.

STEP TWO

Download the browser plug-in

Once you have registered, you can download the browser plug-in for Google Chrome, Firefox or Microsoft Edge

STEP THREE

Activate your browser plug-in

When your browser plug-in has been downloaded, enter your credentials to activate.

Cyber Threat Intelligence Expertise

Get expert assistance with building a sustainable intelligence-led organization and improve your team’s analytical and threat hunting capabilities.

Custom Insights

From dark web monitoring to comprehensive security operations support, find custom intelligence that suits your unique needs and get insights before they are published in reports.

Executive Briefings

We provide weekly, in-person updates for executive decision-makers on emerging cyber crime trends.  

Explore the other Mandiant Advantage Modules

Security Validation

Security Validation

Continuously test and understand the effectiveness of your security controls.

Digital Threat Monitoring

Automated Defense

Visualize malicious targeting from the open, deep and dark web.

Attack Surface Management

Attack Surface Management

See your organization through the eyes of the attacker.

Threat Intelligence FAQ

What is cyber threat intelligence (CTI)? expand_more

CTI is refined insight into cyber threats. Intelligence teams use credible insight from multiple sources to create actionable context on the threat landscape, threat actors and their tactics, techniques and procedures (TTPs). The effective use of CTI allows organizations to make the shift from reactive to becoming more proactive against threat actors.

What is proactive security? expand_more

Proactive security refers to the use of credible threat intelligence to understand the malware and TTPs threat actors use and the vulnerabilities they exploit to target specific industries and regions. Organizations use this intelligence to implement, configure and adjust security tools and train staff to thwart attacks.

What is a threat actor? expand_more

A threat actor is a person or group of people who conduct malicious targeting or attacks on others. Typically motivated by espionage, financial gain or publicity, threat actors may conduct a full campaign alone or work with other groups who specialize in specific aspects of an attack.

How can you identify active threats? expand_more

Assuming we all agree that a “threat” is defined as a plan or inclination to attack as opposed to an “attack” which is an existing or previously successful breach. Identifying active threats can be done using threat intelligence which will help provide context into the threat actors and malware impacting your specific region or industry. Another method to identify active threats is by scanning the open, deep and dark web for chatter around your organization, personnel, technology or partners. By identifying threats like these security professionals can proactively adjust their defenses to block or reduce the impact of a potential attack.

What are the three types of CTI? expand_more
  • Strategic – High level trends used to drive business decisions and security investments
  • Operational – Contextual information on impending threats to the organization, used by security professionals to understand more about threat actors and their TTPs.
  • Tactical – Understanding of the threat actor TTPs, used by security professionals to stop incidents and make defensive adjustments.

Expertise On Demand

Ask an Analyst your most challenging security questions and utilize flexible spending units to access training and consulting services.

Have Questions? Contact Us.

Mandiant experts are ready to answer your questions.
 

Jump To