Mandiant launches Breach Analytics for Google's Chronicle

Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month.

Mandiant Tuesday launched Breach Analytics, a new threat intelligence product for Google Cloud's Chronicle.

Mandiant, which announced Breach Analytics during its mWISE Conference 2022, said the new offering was designed to more quickly identify indicators of compromise (IOCs) to help customers reduce the effects of a potential attack. Mandiant Breach Analytics is available to users of Google Cloud's Chronicle, a suite of functions that analyzes and indexes the large amounts of security telemetry enterprises generate.

The new offering, the press release said, combines Chronicle's functionality with Mandiant threat intelligence to monitor security events for IOCs while using "contextual information and machine learning to prioritize the matches."

Chris Prevost, senior director of product management at Mandiant, described the benefits of his company's machine learning and IOC gathering techniques in an email to TechTarget Editorial.

"What makes this really interesting is that the IOCs include things we've found in live incident response, managed defense hunting missions and advanced threat research -- e.g., malware reverse engineering -- within hours of discovery," he said. "On top of that, we apply Mandiant machine learning models to prioritize the 'hits,' bubbling up the handful of critical IOCs to take action on."

In active incident response engagements, Mandiant often has restrictions on how much can be shared and when, Prevost said. The new product is designed to take critical signals such as IOCs and share them with Chronicle customers within hours of discovering of them.

Prevost said Mandiant Breach Analytics is intended to act as an early warning system for customers to limit an attacker's dwell time -- the amount of time a threat actor operates undetected in a victim's environment.

"[Breach Analytics] enables security teams to get a head start on investigating critical clues to new and novel threat actor activity before it's too late," he said. "By marrying front-line knowledge of attacker behavior with noisy event telemetry data not typically kept in traditional SIEMs, we believe that our customers will not only reduce attacker dwell time, but will also have the ability to disrupt threat actor activity before the environment has been compromised."

In addition to critical threat signals, Prevost said there might be some cases where Mandiant's Threat Intelligence team will have formal intelligence and attribution for a threat actor, which will be accessible to Breach Analytics users.

Mandiant said Breach Analytics is offered "at a price point that's fixed and predictable" for organizations. Prevost said that price varies depending on the number of users and company size.

The launch of Mandiant Breach Analytics on Chronicle is timely given that Google's $5.4 billion acquisition of Mandiant closed last month. The acquisition marks the latest move for Mandiant after it split from former parent FireEye in 2021, when FireEye's product line and name were sold to private equity firm Symphony Technology Group for $1.2 billion. FireEye originally acquired Mandiant for a similar figure -- $1 billion -- in 2014.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Dig Deeper on Security analytics and automation

Enterprise Desktop
Cloud Computing