Mandiant Digital Risk Protection for Splunk Enterprise Customers

Alexa Rzasa
Oct 11, 2022
3 min read

An organization’s attack surface is ever-changing as digital footprints and cloud adoption grow, new business relationships are conceived, and employees work from anywhere. As a result, every device, application, network service, supplier, or employee can now be a target for initial compromise in the grand scheme of a threat actor campaign.

To mitigate risk, security teams need visibility into the global attack surface and deep and dark web. The required visibility includes establishing and monitoring a complete inventory of assets (known and unknown), how their brand is being discussed on dark web forums, and if there are signs of active or impending campaigns. Additionally, they need the ability to effectively operationalize insights and activity within a centralized platform to neutralize threat actor campaigns before the organization is impacted.

Expanding Splunk + Mandiant Partnership Capabilities

Mandiant is excited to expand its strategic partnership with Splunk by now offering Mandiant Advantage Attack Surface Management and Mandiant Advantage Digital Threat Monitoring through the Mandiant Advantage App for Splunk. The additional offerings available within the app build upon previous Mandiant Advantage Security Validation and Mandiant Advantage Threat Intelligence integrations to help organizations better identify, defend against and mitigate risk.

Through the app, joint customers gain a deep understanding of the adversary, how the adversary sees their organization and if they’re prepared to defend against targeted attacks, as well as the ability to respond to incidents with the help of Mandiant experts.

The app delivers:

  • Mandiant Threat Intelligence derived from intelligence collected by 300+ security analysts across 20+ countries to give organizations relevant threat intelligence so they can focus on the threats that matter to their business now and quickly take action.
  • Mandiant Digital Threat Monitoring to help organizations detect external threats by monitoring the internet, including the deep and dark web, providing early notification of malicious actors targeting an organization and alerts on data and credential leaks for quicker response.
  • Mandiant Attack Surface Management, which continuously monitors discovered assets for exposures and enables intelligence and red teams to operationalize and inform risk management.
  • Mandiant Security Validation to enable customers to gain confidence in their cyber readiness to withstand attacks with continuous validation and measurement of security control effectiveness.
  • Mandiant Incident Response with a click of a button for organizations facing a suspected or active breach.

For more information, read the solution brief.

Digital Risk Protection for Splunk Customers

In addition to point modules, the app also delivers Mandiant’s digital risk protection solution, which combines Mandiant products and services to provide visibility into the initial reconnaissance phase of the attack lifecycle. This early view provides insight into risk factors impacting the extended enterprise and supply chain through attack surface mapping and deep dark web activity monitoring.  Organizations benefit from knowing who is targeting the organization, what they are targeting, and how they are planning to compromise the organization. Through the Mandiant Advantage App for Splunk, customers can:

  • Enrich security alerts with insights into well-known malicious actors, malware families, and map to MITRE ATT&CK for strategic response
  • Create high-level charts in the Splunk visualization tool, based on custom alerts for potential targeting and data or credential leaks.
  • Continuously monitor external assets and cloud resources, assess risk, and prioritize remediation

Download the Mandiant Advantage App for Splunk today.