Mandiant announced the launch of its newest product, Mandiant for Security Operations, at the RSA Conference 2013 in San Francisco.

The new release enables security teams to detect, analyze and resolve security incidents in a fraction of the time required using conventional approaches. In addition to identifying compromised devices using Mandiant’s proprietary intelligence, Mandiant for Security Operations helps security teams triage suspected incidents faster.


It can automatically investigate endpoints for Indicators of Compromise (IOC) based on alerts generated in network security solutions, SIEMs and log management applications. Users receive the information they need, when they need it, to make rapid, accurate decisions about suspected incidents so they can stop the most critical attacks in their tracks.

Mandiant for Security Operations is an appliance-based solution that utilizes a lightweight agent deployed on endpoints to perform the following tasks:

• Search for advanced attackers and the APT. Host-based Detection Indicators of Compromise (IOCs) provided by Mandiant identify known threats based on proprietary intelligence; users can also create their own IOCs to look for compromised endpoints.
• Accelerate triage of suspected incidents. Automatic collection of evidence from endpoints and integration with SIEM solutions provides security analysts with pre-staged information about endpoints within the context of their existing workflow.
• Find out what happened, without forensics. Agents deployed to endpoints continuously monitor and record key events to establish a timeline for suspected incidents by correlating alerts with past events.
• Immediately detect compromised devices. Instantly notifies users when a Detection IOC identifies a compromised device, eliminating the need for security teams to perform additional analysis to determine if they are valid.
• Eliminate blind spots. Innovative Agent Anywhere technology works through network address translation (NATs) and across public networks to monitor the endpoints your network detection products can’t see and ensure all endpoints in the organization are covered.
• Search for the most dangerous threats. Integrates with advanced malware detection and other devices monitoring your perimeter so you can identify the most dangerous threats of all – those that are already present on your network.
• Contain endpoints. Take non-destructive action to isolate compromised devices and deny attackers access to systems while still allowing remote investigation.

Mandiant for Security Operations is compatible with all SIEM solutions using the Common Event Format (CEF). In addition, technical partnerships with FireEye and Palo Alto Networks guarantee pre-configured and certified interoperability with those companies’ network-based solutions.

“Organizations spend millions of dollars to build secure networks to keep would-be attackers at bay. Despite these investments, determined attackers continue to routinely compromise well-secured organizations and steal their intellectual property and financial assets,” said Mandiant’s Chief Technology Officer, Dave Merkel. “Mandiant for Security Operations allows front-line security analysts to make better and faster decisions about suspected security incidents, identify and stop targeted attacks when they begin and ensure efforts are focused on the most important issues.”