I use it for cyber threat intelligence. I gather information about newly created domains around the Internet that can be related to my managed company. I monitor these domains for any phishing activities. Additionally, I monitor the dark web and hacker forums for any mention of my serviced company or its users. I also check leaked databases on the Internet and dark web for any leaks of sensitive information.
I have a good database of IOCs and behavior analytics. Once I integrate this with EDR on Enfolds, the tool provides in-depth traffic analysis through Mandiant. It also classifies techniques mentioned in Maitre. This becomes handy when I am doing incident response and working on the manual part.
Our primary use case was monitoring the threat actors that our clients were concerned about. We also used Mandiant Advantage to map the infrastructure that the threat experts were using and monitor all the discussions involving the customer originating from these threat actors.
They're in the process of rebranding with Google. I get access to Mandiant Advantage as well as Manage Defense with our subscription. What they do is they go over, and they grab all the events out of Helix, do all the level one, two, and three checks on it, and then send over whatever is left over, which is typically very little. I utilize it sparingly. The Managed Defense uses that information already and does a lot of the grunt work on the incidents that come in.
Extended Detection and Response (XDR) is an advanced security solution offering more comprehensive threat detection and response by integrating multiple security tools into a unified platform.
XDR addresses the complexities of today’s security landscape by providing greater visibility across networks, endpoints, and cloud environments. Utilizing machine learning and automation, it enables security teams to detect, investigate, and respond to threats faster and more efficiently
What...
I use it for cyber threat intelligence. I gather information about newly created domains around the Internet that can be related to my managed company. I monitor these domains for any phishing activities. Additionally, I monitor the dark web and hacker forums for any mention of my serviced company or its users. I also check leaked databases on the Internet and dark web for any leaks of sensitive information.
I have a good database of IOCs and behavior analytics. Once I integrate this with EDR on Enfolds, the tool provides in-depth traffic analysis through Mandiant. It also classifies techniques mentioned in Maitre. This becomes handy when I am doing incident response and working on the manual part.
We use the solution for threat detection.
Our primary use case was monitoring the threat actors that our clients were concerned about. We also used Mandiant Advantage to map the infrastructure that the threat experts were using and monitor all the discussions involving the customer originating from these threat actors.
They're in the process of rebranding with Google. I get access to Mandiant Advantage as well as Manage Defense with our subscription. What they do is they go over, and they grab all the events out of Helix, do all the level one, two, and three checks on it, and then send over whatever is left over, which is typically very little. I utilize it sparingly. The Managed Defense uses that information already and does a lot of the grunt work on the incidents that come in.