Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives. More fine-tuning is required to handle famous company names. It also handles alerts slowly when there are many open incidents, and sometimes it opens the wrong incident. Optimization on the browser would be very nice.
I have already given them feedback that their UI needs improvement since sometimes there is a lag. The side-by-side depiction of request response and action clogs the screen. Collaboration of data in my view becomes a bit clogged, requiring effort to understand visually.
To effectively utilize threat intelligence, it's important to have a clear plan for translating that information into actions. This involves defining what actions need to be taken, such as escalation procedures, reporting, and further workflows. Mandiant Advantage can integrate with various systems, such as SIEM or SOC tools. For instance, integration with ServiceNow or similar platforms allows SOC teams to receive actionable alerts and response suggestions. This ensures that relevant teams can act promptly when potential threats are detected, streamlining the response process and enhancing overall security operations.
I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform. The free tech search is also super slow and sometimes you have to wait for 20 or 30 minutes to get results. Because of this, I have to use a cloud language that is similar to the SQL language, both of which are quite hard to use. I also think that the user experience is a bit damaged and can be improved since the platform is not as intuitive as it should be.
I don't use the solution very often, and therefore it is hard to say if areas are lacking. They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful. You used to get support via email, which was better.
Extended Detection and Response (XDR) is an advanced security solution offering more comprehensive threat detection and response by integrating multiple security tools into a unified platform.
XDR addresses the complexities of today’s security landscape by providing greater visibility across networks, endpoints, and cloud environments. Utilizing machine learning and automation, it enables security teams to detect, investigate, and respond to threats faster and more efficiently
What...
Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives. More fine-tuning is required to handle famous company names. It also handles alerts slowly when there are many open incidents, and sometimes it opens the wrong incident. Optimization on the browser would be very nice.
I have already given them feedback that their UI needs improvement since sometimes there is a lag. The side-by-side depiction of request response and action clogs the screen. Collaboration of data in my view becomes a bit clogged, requiring effort to understand visually.
To effectively utilize threat intelligence, it's important to have a clear plan for translating that information into actions. This involves defining what actions need to be taken, such as escalation procedures, reporting, and further workflows. Mandiant Advantage can integrate with various systems, such as SIEM or SOC tools. For instance, integration with ServiceNow or similar platforms allows SOC teams to receive actionable alerts and response suggestions. This ensures that relevant teams can act promptly when potential threats are detected, streamlining the response process and enhancing overall security operations.
I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform. The free tech search is also super slow and sometimes you have to wait for 20 or 30 minutes to get results. Because of this, I have to use a cloud language that is similar to the SQL language, both of which are quite hard to use. I also think that the user experience is a bit damaged and can be improved since the platform is not as intuitive as it should be.
I don't use the solution very often, and therefore it is hard to say if areas are lacking. They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful. You used to get support via email, which was better.