At Google Cloud, we’re on a mission to accelerate security outcomes for every organization. Today, we are excited by what our friends at Mandiant have delivered with Mandiant Breach Analytics for Chronicle.
What is Mandiant Breach Analytics for Chronicle?
To help organizations—regardless of size, industry, geography, or security controls deployed in the cloud, on-premises or in a hybrid model—automatically detect a breach faster, Mandiant has built a pipeline to frontline insight and expertise available as detections. Mandiant Breach Analytics answers questions like: Are we compromised? Who's targeting us? What are they after? and find Indicators of Compromise (IOC) in real time based on breach intelligence. It continuously monitors historical and real-time security events data for IOCs as Mandiant finds and qualifies them in Mandiant’s proprietary Intel grid™..
With Breach Analytics, a security analyst can pick a “high priority” event to focus on, check its “IC-Score”; Mandiant’s expert-based confidence score for millions of officially known indicators, plus the latest un-published insights for vulnerabilities.
While not a native capability within Chronicle (today), with Chronicle SIEM’s 12-month retention for all ingest, including high-volume data sources, you are now able to run retroactive hunts to identify the first point of breach, based on this high-fidelity intelligence.
What does this mean for Chronicle Customers?
Mandiant Breach Analytics is an additional offering that enhances Chronicle. It is available as part of the Mandiant Advantage platform directly from Mandiant and on the GCP Marketplace..
Please note: This is not a Chronicle Security Operations feature release, and will not be natively available in the Chronicle SIEM or SOAR console.
Where do I learn more ?
Mandiant’s breach analytics public website
Mandiant Breach Analytics Datasheet
Chronicle & Mandiant Joint Webinars for Customers, and Partners