Mandiant Threat Intelligence Operations

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)FireEye
Company size (employees)1,000 to 4,999
Type of solutionService

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

Anyone can talk to headlines. It’s our 700+ global intelligence experts that are identifying them first on cyber’s frontlines. Not only does Mandiant routinely unearth evil, it also publicly releases this information aiming to make the world a safer place. The cyber implications of COVID-19 serve as a great example of this. We believe we have a real responsibility to report the facts and communicate insights around what we are seeing regarding COVID-19-related cyber espionage, cybercrime and information operations, without contributing to the fear, uncertainty and doubt (FUD). Some recent examples include:
- State-sponsored ransomware attacks against COVID-19 vaccine researchers
- Vietnamese actor APT32 targeting the Chinese government in response to COVID-19
- Security implications of remote workforces
- Cyber risks of collaboration and online conferencing platforms
- Security and privacy implications of COVID-19 tracking apps

FireEye is the undisputed best in the world at threat intelligence. As we innovate, we have been focused on taking this intelligence to the next level. Introduced October 2020, Mandiant Advantage: Threat Intelligence offers timely, relevant and unprecedented access to Mandiant insights and expertise, delivered through an easy-to-use, SaaS-based management platform. Now emerging intelligence is accessible to all defenders as it is discovered, regardless of the technology they have deployed.

To date, Mandiant Threat Intelligence has identified 41 Advanced Persistent Threat (APT) groups, nation-state intrusion operations and 11 financially-motivated cybercrime (FIN) groups and their tactics. Mandiant recently named FIN11. The longest running malware distribution campaigns Mandiant’s seen among FINs with activity dating back to 2016, FIN11 recently shifted focus to ransomware and extortion. The group has impacted organizations in a wide variety of sectors and global regions. Ransom demands have ranged from a few hundred thousand dollars to $10M. Mandiant recently released the details behind FIN11 within Mandiant Advantage for free.

Brief Overview

Modern cyber operators are sophisticated, well-funded, well-organized and use highly-targeted techniques that leave technology-only security strategies exposed. To identify and stop attackers, organizations need to understand how they think, how they work, and what they want.

FireEye is an intelligence-led company, empowering security teams with forward-looking, high-fidelity, adversary-focused intelligence. For 15+ years, Mandiant Threat Intelligence (part of FireEye) has provided attribution, and information on TTPs, motivations and the identification of emerging attack campaigns. This context informs our customers’ security program strategy, increases operational efficiency, and helps prioritize and accelerate their response to security incidents.

Mandiant knows more about advanced attackers compared to our competitors, because of its industry-recognized expertise and leading threat intelligence sourced from machine, adversary, campaign and victim intelligence. Mandiant routinely releases information about adversaries identified by 700+ highly experienced intelligence analysts and researchers located in 20+ countries. Rest assured that our analysts are working tirelessly around the globe 24/7 to find evil and stop its impacts. We collect, produce, and apply this intelligence, enabling clients to make smarter decisions, quickly and effectively.

Organizations recognize the importance of threat intelligence, but often don’t know what they need or how it should be used. That’s why Mandiant offerings are designed to meet and grow with organizations’ evolving intelligence needs – whether security is someone’s part time job, or organizations have a dedicated threat intelligence team. They are also built to be vendor agnostic to work with the security technology organizations have in place right now.