Components and Architecture of Mandiant Automated Defense

2 min read


Mandiant Automated Defense, a critical component of extended detection and response (XDR) and the Mandiant Advantage platform, features decision automation software pre-built with the reasoning and decision-making skills needed to tackle the complexity and high volume of data facing security teams today. Automated Defense automates the analysis and triage of security data at machine speed with depth and consistency. Its proprietary intelligent decision engine provides built-in reasoning and judgment to make better decisions faster.

Automated Defense evaluates the event data stream in real-time from an organization’s existing security detection sensors and learns about its security infrastructure and network context. The solution can analyze all ingested events and alerts, regardless of volume; to build evidence and context around malicious activity. Automated Defense processes every event, not just alerts labeled “important” or “critical,” and performs extensive checks against an internal repository of context to appropriately escalate incidents

Automated Defense uses probability-based reasoning and provides 24x7 continuous monitoring removing the need to filter, tune-down or ignore security alerts resulting in a significantly reduced number of false positives. Automated Defense eliminates human bias or fatigue of monitoring security alerts and maximizes the effectiveness of security teams by enabling analysts to go threat hunting and other security related activities.

Designed to easily integrate into any security infrastructure, Automated Defense brings additional value to existing investments by providing the capacity to thoroughly analyze all security events that are detected—without any learning mode or security rules to maintain.