SecOps Services Summary

Chronicle SIEM: Chronicle SIEM, a cloud native security information and event management (SIEM) solution, enables customers to collect and analyze security telemetry from across their enterprise to power detection, investigation, and remediation of threats. As part of the service, Chronicle SIEM normalizes, correlates, and enriches security data to provide analysis and context on suspicious activity.

Chronicle SIEM includes Google Cloud Threat Intelligence, which is an aggregate threat intelligence service for Chronicle SIEM customers that leverages Google threat intelligence to surface threats in their cloud and on-premise environments. It is supported by Google threat analysts who verify malicious indicators in security telemetry and surface contextualized alerts to customers, allowing them to make an informed response.

Chronicle SOAR: Chronicle SOAR, a cloud native security, orchestration, automation and response (SOAR) solution, empowers security teams to respond to cyber threats in minutes. Chronicle SOAR fuses a unique threat-centric approach, powerful yet simple playbook automation, and context-rich investigation to free up valuable time and enable security team members to be informed, productive and effective.

Google Threat Intelligence: Google Threat Intelligence is a rich and actionable threat intelligence suite combining insights across Mandiant, VirusTotal and other Google properties. It equips security teams with comprehensive context and a cutting edge investigative workbench to proactively protect their networks from cybersecurity threats and understand the evolving threat landscape.

Mandiant Solutions: Mandiant software and cloud solutions help security teams evaluate the effectiveness of their security tools and stay ahead of sophisticated threat actors. Mandiant Solutions are in part made available through the Mandiant Advantage Platform, a multi-vendor XDR platform that delivers transformative expertise and frontline intelligence to security teams.

Mandiant Solutions include:

Mandiant Security Validation enables an organization’s security team to build a continuous and automated validation program that tests the security effectiveness of network, endpoint, email and cloud controls, teams and processes.

Mandiant Attack Surface Management helps organizations discover and analyze their internet assets across today’s dynamic, distributed, and shared environments. This service generates comprehensive visibility of the extended enterprise through continuous discovery that illuminates assets, alerts on risk and enables cyber security teams to inventory their assets and investigate any discovered exposures.

Mandiant Advantage Threat Intelligence gives security professionals critical insights into the latest relevant threats so that they can be better prepared to guard against sophisticated attacks.

Mandiant Digital Threat Monitoring gives security professionals visibility into external threats to their organization on the open, deep and dark web.

Mandiant Managed Services: Mandiant managed detection and response services act as a seamless extension of customers' security teams, delivering continuous monitoring, event triage and threat hunting that is agnostic to customers' endpoint and network tooling. Mandiant Managed Services includes, for example, Managed Hunt for Chronicle.

Mandiant Consulting Services: Mandiant Consulting offers proven global expertise in providing comprehensive incident response, strategic readiness and technical assurance to help customers mitigate threats and reduce business risk before, during and after an incident.

VirusTotal: Security teams are often confronted with an unknown file/URL/domain/IP address and asked to make sense of an attack. Without further context, it is virtually impossible to determine attribution, build effective defenses against other strains of the attack, or understand the impact of a given threat in your organization. Through API and web based interaction with VirusTotal, security analysts can quickly build a picture of an incident, and then use the insights to neutralize other attacks.