Mandiant Threat Intelligence
Know who's targeting you
Get visibility into the latest threats with cyber threat intelligence directly from the frontlines.
Features
Threat intel informed by open-source and frontline experiences
Mandiant Threat Intelligence is the product of 200k+ hours per year spent responding to cyber attacks and open-source threat intel (OSINT). All of this is curated by our 500+ threat intel analysts from over 30 countries who turn this information into human and machine-readable intelligence to help you better understand your threat landscape.
Source: Google Internal Data, December, 2023
AI-powered search summaries
Leverage Gemini in Threat Intelligence, an always-on AI collaborator that provides generative AI-powered assistance in simplifying complex threat intel into easily digestible summaries, so your organization can make informed decisions to help reduce risk faster and more effectively when faced with limited time and resources.
Mandiant Intelligence Expertise
Optimize your ability to consume, analyze, and apply threat intelligence. Leverage Mandiant’s expertise to deliver threat intelligence tailored to your organization in the way you need it.
Cyber Threat Profile assessment
Leverage Mandiant’s expertise with a Cyber Threat Profile assessment. This service will develop a composite picture of the most relevant cyber threats to your organization. You will learn how those threats can materialize to impact you and your partners, now and in the future. A Cyber Threat Profile will help you shape your intelligence-led security strategy and reduce communication gaps between departments.
Threat insights within your existing workflows
Embed and overlay the most recent threat insights into any web page or security analytics tool, including SIEMs, NTAs, and EDRs, with Mandiant’s browser plug-in or API. Reduce the need to pivot between multiple tools by viewing news analysis, indicator scoring, and threat context as they appear on the page or click the links to access further detail.
Expert insights and context
Search for threat indicators by IP, URL, domain, and file hash to get expert-based indicator confidence score (IC-Score), timing, and actor context. Navigate quickly between actors, malware, tactics, and vulnerability reports to get a 360-degree view of ongoing threat activity, plus receive daily news analysis with insights from Mandiant specialists to determine which news sources to trust and why.
Subscription options
| Security Operations | Fusion | ||
|---|---|---|---|
Access types | Mandiant platform and browser plug-in | X | X |
API | X | X | |
Data access | Indicators - open source and Mandiant proprietary | X | X |
Threat actors - open source and Mandiant proprietary | X | X | |
Malware and malware families - open source and Mandiant proprietary | X | X | |
Active threat campaign data and view | X | X | |
Real time dashboards - actor, malware, and vulnerability | X | X | |
Vulnerability | Public/known vulnerability descriptions | Add-on module | X |
Mandiant risk and exploit rating | Add-on module | X | |
Mandiant vulnerability analysis | Add-on module | X | |
Digital Threat Monitoring (DTM) | Dark web monitoring | Add-on module | X |
Research tools and alerting | Add-on module | X | |
Analysis and adversary intelligence | News analysis | X | X |
Strategic reporting - region, industry, trends | X | ||
Adversary motivations, methods, tools, and behaviors | X | ||
Reporting | X | ||
Threat activity alerts, emerging threats, and threat reporting | X | ||
Mandiant research reporting | X |
Access types
Mandiant platform and browser plug-in
X
X
API
X
X
Data access
Indicators - open source and Mandiant proprietary
X
X
Threat actors - open source and Mandiant proprietary
X
X
Malware and malware families - open source and Mandiant proprietary
X
X
Active threat campaign data and view
X
X
Real time dashboards - actor, malware, and vulnerability
X
X
Vulnerability
Public/known vulnerability descriptions
Add-on module
X
Mandiant risk and exploit rating
Add-on module
X
Mandiant vulnerability analysis
Add-on module
X
Digital Threat Monitoring (DTM)
Dark web monitoring
Add-on module
X
Research tools and alerting
Add-on module
X
Analysis and adversary intelligence
News analysis
X
X
Strategic reporting - region, industry, trends
X
Adversary motivations, methods, tools, and behaviors
X
Reporting
X
Threat activity alerts, emerging threats, and threat reporting
X
Mandiant research reporting
X
How It Works
Mandiant Threat Intelligence can help security teams set or adjust their security strategy by providing detailed intelligence on the most relevant malware, vulnerabilities, and the adversaries targeting them, including the tactics, techniques, and procedures used in an attack.
Common Uses
Learn faster with AI-generated summaries
Leverage the power of Gemini in Threat Intelligence
Learning resources
Leverage the power of Gemini in Threat Intelligence
Visibility into threat actor playbooks
Know how the attack will happen before it starts
Learning resources
Know how the attack will happen before it starts
Better understand your threat landscape
Receive to-the-minute intelligence with analysis
Learning resources
Receive to-the-minute intelligence with analysis
Visibility into active threat campaigns
Anticipate, identify, and respond to threats with confidence
Learning resources
Anticipate, identify, and respond to threats with confidence
Direct access to Mandiant expertise
Level-up your security team
Learning resources
Level-up your security team
Put threat intel into your work flows
Streamline the operationalization of threat intel
Learning resources
Streamline the operationalization of threat intel
Pricing
| How Mandiant Threat Intelligence pricing works | Mandiant Threat Intelligence is licensed based on the number of an organization’s employees. Please contact sales for more info on pricing. | |
|---|---|---|
| Threat intelligence | Description | Pricing |
Mandiant Threat Intelligence | Mandiant Threat Intelligence | Mandiant Threat Intelligence has two subscription options: Security Operations and Fusion. Both are licensed based on the number of employees. |
Mandiant Intelligence Expertise | Mandiant Intelligence Expertise services are offered as either perpetual services, which are ideal for organizations that need ongoing access to intelligence and support, or purchased to meet a specific use case. | |
How Mandiant Threat Intelligence pricing works
Mandiant Threat Intelligence is licensed based on the number of an organization’s employees. Please contact sales for more info on pricing.
Mandiant Threat Intelligence
Mandiant Threat Intelligence
Mandiant Threat Intelligence has two subscription options: Security Operations and Fusion. Both are licensed based on the number of employees.
Mandiant Intelligence Expertise
Mandiant Intelligence Expertise services are offered as either perpetual services, which are ideal for organizations that need ongoing access to intelligence and support, or purchased to meet a specific use case.
Get a demo
Contact us
Learn more about threat intel
Find out who's targeting you.
Get a tour of Mandiant Threat Intelligence
Mandiant Threat Intelligence overview
Global Perspectives on Threat Intelligence Report
ETIS Forrester Wave Q3 2023
Business Case
See how customers are staying proactive with Mandiant Threat Intelligence
"Threat intelligence platform you need to have in your organization"
—Info Security Analyst, Finance (non-banking)
Mandiant Threat Intelligence customers have provided their real-world testimonials in Gartner Peer Insights.
Read the reviewRelated Content
Customer embraces intelligence and innovation to reduce the threat of ransomware
Leading IT vendor enhances Security Capabilities with Mandiant
Gartner® and Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
Featured benefits
Prioritize actions based on relevant and timely threat insights
Anticipate threats by knowing the threat actors and their methods
Increase efficiency of the SOC
FAQ
What is cyber threat intelligence (CTI)?
CTI is a refined insight into cyber threats. Intelligence teams use credible insights from multiple sources to create actionable context on the threat landscape, threat actors and their tactics, techniques, and procedures (TTPs). The effective use of CTI allows organizations to make the shift from being reactive to becoming more proactive against threat actors.
How can CTI be used to make security more proactive?
Credible threat intelligence can be used to understand the malware and TTPs threat actors use and the vulnerabilities they exploit to target specific industries and regions. Organizations use this intelligence to implement, configure, and adjust security tools, and train staff to thwart attacks.
What is a threat actor?
A threat actor is a person or group of people who conduct malicious targeting or attacks on others. Typically motivated by espionage, financial gain, or publicity, threat actors may conduct a full campaign alone or work with other groups who specialize in specific aspects of an attack.
How can you identify active threats?
Assuming we all agree that a “threat” is defined as a plan or inclination to attack as opposed to an “attack” which is an existing or previously successful breach. Identifying active threats can be done using threat intelligence which will help provide context into the threat actors and malware impacting your specific region or industry. Another method to identify active threats is by scanning the open, deep, and dark web for chatter around your organization, personnel, technology, or partners. By identifying these threats, security professionals can proactively adjust their defenses to block or reduce the impact of a potential attack.
What are the three types of CTI?
Strategic – High level trends used to drive business decisions and security investments.
Operational – Contextual information on impending threats to the organization, used by security professionals to understand more about threat actors and their TTPs.
Tactical – Understanding of the threat actor TTPs, used by security professionals to stop incidents and make defensive adjustments.
