Combining Intel Forces to Fight the Bad Guys
What’s the best way to get intelligence analysts to geek out? Let them sink their teeth into new piles of data! And that’s exactly what’s been happening here since the FireEye™ and Mandiant® intelligence teams joined forces. Our intel teams have been busy with show-and-tell, talking about the threat groups we’re tracking and their latest tactics. We’ve been swapping best practices and peeking behind the curtain at the vast repositories of data and experience both have amassed.
Our two companies bring a lot to the table when it comes to threat intel and its applications. FireEye recently published a blog post titled, “Getting Smart about Threat Intelligence.” In the post, they talk about the different types and sources of threat intelligence. FireEye and Mandiant collect intelligence on, and apply intelligence to, their products and services in complementary ways.
Mandiant, by virtue of our wealth of experience in incident response, has tremendous insight into how threat actors behave when they’re in a victim’s environment and on the host. Our lens is most focused on tracking threat actors and rooting them out. As a result of this particular focus, we’ve amassed years’ worth of data and knowledge on how malicious actors operate once they have gotten in the door. We know how they maneuver, what they target, and what’s been stolen. From this, we can make meaningful statements about the impacts of breaches and surrounding business risks that make companies vulnerable to cyber targeting.
FireEye focuses on detection capabilities in an earlier part of the kill chain. They too have a robust understanding of the array of threats impacting their customers across private sector companies, government agencies, and global enterprises. FireEye sees threat behavior that we may not see, and vice versa. Their worldwide footprint and ability to monitor different attack surfaces amplifies our intelligence, and ultimately our ability to understand, predict, and thwart the bad guys.
As a result of joining forces, we understand the threats that face our customers from soup to nuts — from identifying the exploit, spear phish or strategic web compromise, to recognizing the signs of lateral movement, understanding the breadth of data theft, and communicating the business risks posed by determined adversaries.
Combined, we can identify and stop threats more quickly, deftly communicate risks to our customers’ networks with greater detail and context, and limit the consequences of malicious activity. Our pairing – both from an analytic standpoint and a visibility perspective — also makes some data-loving, wonky intel analysts very, very happy!