Press Release

Mandiant Breach Analytics for Google Cloud’s Chronicle Helps Automate the Link Between Threat Intelligence and Real-Time Detection

Oct 18, 2022
4 min read
Threat Intelligence

SaaS-based offering operationalizes Mandiant’s frontline threat intelligence to help customers quickly identify indicators of compromise (IOCs) to reduce the impact of a breach

WASHINGTON, D.C. – mWISE Conference – Oct. 18, 2022 – Mandiant, Inc. today announced the general availability of Mandiant Breach Analytics for Google Cloud’s Chronicle. Mandiant Breach Analytics combines Mandiant’s industry-leading threat intelligence with the power of the Google Cloud Chronicle Security Operations suite to help organizations improve security effectiveness and reduce business risk.

Threat actors continue to escalate the sophistication and aggressiveness of their attacks, targeting businesses of all sizes and across all industries. With global median dwell time—defined as the duration between the start of a cyber intrusion and when it is identified—averaging 21 days, being able to quickly discover and respond to a breach is critical to maintaining business operations. Mandiant Breach Analytics is designed to enable organizations to reduce attacker dwell time by continuously monitoring events in Chronicle for current, relevant indicators of compromise (IOCs) and applying contextual information and machine learning to prioritize the matches. With active insight into threats, organizations can rapidly take action to mitigate the impact of targeted attacks, while reducing the cost of current approaches.

Mandiant Breach Analytics can empower organizations to: 

  • Strengthen cyber defense posture: Fueled by the Mandiant Intel Grid™, Breach Analytics leverages up-to-the-moment breach intelligence and expertise gleaned from Mandiant’s world-class incident responders, analysts and threat hunters, enabling organizations to put that intelligence into action without timely and costly security engineering. 

  • Gain insight on breach activity in IT environments: Breach Analytics enhanced automation and contextual decision models can intuitively adapt to a customer’s unique IT environment—regardless of the organization’s size, industry or security controls deployed in the cloud, on-premises, or hybrid. The module automatically analyzes current and historical logs, events and alerts for matches to IOCs as they are discovered in real time.  

  • Analyze cloud-scale security data: By leveraging Google Cloud’s hyper-scalable infrastructure, security teams can analyze security telemetry and retain that data much longer than the industry standard at a price point that’s fixed and predictable. 

  • Build resilience against the threats that matter most: Breach Analytics is engineered to allow organizations to find incidents as they occur, reducing dwell time and enabling organizations to quickly get back to normal business operations.   

  • Reduce the cost of current approaches: Many organizations rely on manual inspection and processes, or traditional SIEM rule matching to identify IOCs. These methods suffer from the lag of threat intelligence content – it can take months or years for information from breaches to make it into threat intelligence reports and feeds. Further, simple matching rules either create volumes of false positives or miss targeted indicators. Breach Analytics can deliver tremendous productivity gains by automating IOC matching and prioritization. 

“When news breaks on the latest active breach, organizations frequently find themselves scrambling to determine if they’ve been compromised as well, exacerbating time and resources by manually hunting for IOCs,” said Mike Armistead, Head of Mandiant Advantage Products at Mandiant. “Mandiant Breach Analytics solves this problem by automatically analyzing IT environments for signs of an active breach leveraging Mandiant’s up-to-the-minute insight on and prioritization of threats. The integration with Chronicle Security Operations can deliver immediate value to our shared customers, helping them to rapidly detect and respond to a breach.” 

The offering is available to Chronicle Security Operations users, with additional SIEM integrations planned.  


Blog post:  

Mandiant Breach Analytics for Chronicle:

About Mandiant, Inc.  

Since 2004, Mandiant® has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud. 

Join the conversation. Follow us on  Twitter, LinkedIn, Facebook, and YouTube

© 2022 Mandiant, Inc. All rights reserved. Mandiant is a registered trademark of Mandiant, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.  

About Google Cloud 

Google Cloud accelerates every organization’s ability to digitally transform its business. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology – all on the cleanest cloud in the industry. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.