It’s an all too common problem in cybersecurity – threats move faster than organizations can keep up with, threat intelligence is telling your security teams what an attacker WAS doing yesterday or is doing RIGHT NOW. With too much information coming in from different feeds, when your security team gets to acting on that intelligence the adversaries have already moved on. This is made worse by the fact that a lot of cyber threat intelligence is not actually intelligence but information and is unfortunately often incomplete and difficult to act on.
As we shared in our recent blogs Mandiant Security Validation integrates its Security Instrumentation Platform with Mandiant’s Leading Threat Intelligence through Threat Actor Assurance Module (TAAM) and Operationalize Threat Intelligence with Security Validation to Improve Cyber Defenses, Mandiant Security Instrumentation Platform (SIP) and Threat Actor Assurance Model (TAAM) represent a paradigm shift in cybersecurity. Now, security professionals can align testing their defenses to the most relevant threat actors to their organizations and their industry.
Bottom line, only with intelligence-led security validation can organizations overcome the all too common challenges and start maximizing and maintaining their defenses against newly emerging adversary attacks, monitor for any decline in performance of defenses against these attackers as they evolve, and gain continuous, detailed evidence of their cyber readiness moving forward.
And while there are many sources of threat intelligence that provide insights into what threat actors are doing, many of these sources only provide a narrow view into organization’s threat landscape. However, Mandiant Threat Intelligence is the industry’s leading source of cyber threat intelligence with the broadest coverage of threat actors. Leveraging Mandiant Threat Intelligence with TAAM provides organizations with the right tools and insights so that they can measure the performance of their controls against the most imminent threats. As a result, they are able to implement measurable improvements to their security controls and cyber preparedness specifically aimed at their adversaries.
For example, a large healthcare customer that provides leading care and research for nearly 100 years was concerned about their readiness for potential Iranian retaliatory cyber-attacks after a US airstrike that killed a top Iranian general. Hospitals are a key target of attackers, and ransomware is devastating to their operations.
Our customer was using multiple FireEye products. Their security team was able to leverage the richness of threat intelligence and integrate the techniques and tactics of the specific Iranian Actors our collective Mandiant teams monitor into the Mandiant Security Validation Platform to generate an immediate situational awareness. Specifically, they were able to deliver a detailed report to their board providing evidence demonstrating 92% overall effectiveness and a remediation plan to address the remaining 8% with the blue team and vendor product teams by the end of the first week. They have also evolved this process into a repeatable report analyzing their readiness against specific emerging APT threat actors.
As evidenced by our customer, with our Mandiant portfolio of Intelligence and Validation, security teams can gain valuable insight and context on which threat actors are most likely to affect an organization or industry, proactively bolster defenses; and improve incident response times so they can respond faster to real threats. As a result, organizations can plan for strategic communications and investment.
Want to know how you can start validating your controls against current and emerging APT attacks, determined adversaries targeting your industry, and those you are regularly defending against? Click here for a DEMO NOW.