Mandiant adds ransomware defence validation to XDR security platform

Mandiant adds ransomware defence validation to XDR security platform

Mandiant Advantage Ransomware Defense Validation tests companies' ability to thwart cyber attacks by selecting and repurposing the most critical ransomware variants to run in production environments.

Credit: Dreamstime

Mandiant is offering a new Ransomware Defense Validation service for its SaaS-based XDR (extended detection and response) platform, Mandiant Advantage, to help organisations measure the ability of their security systems to prevent ransomware attacks.

The subscription service, now generally available, is designed to combine threat intelligence, ransomware reconfiguration capabilities, and an automated validation infrastructure to help security leaders understand how effectively their existing security controls can prevent specific ransomware attacks and multifaceted extortion campaigns.

"Ransomware Defense Validation is based on the most up-to-date and relevant ransomware intelligence and uses real (not simulated) ransomware in a safe manner to test an organisation's security controls for their ability to prevent the encryption of critical data by the relevant ransomware," said Mike Armistead, senior vice president for Mandiant Advantage Products.

Ransomware was the most significant malware threat for enterprises in 2021, according to a recent IBM Security’s annual X-Force Threat Intelligence Index report. Ransomware accounted for 21 per cent of all cyber attacks, more than any other type of malware, according to X-Force.

Validation tests repurpose critical ransomware

The Mandiant Advantage Ransomware Defense Validation service uses Mandiant's ability to repurpose, or modify, ransomware to run in company production environments in order to obtain realistic insights into endpoint security control performance.

For the service, Mandiant selects specific, critical ransomware to be tested, adding new variants on an ongoing basis. The selection process is informed by the company's global threat intelligence team, according to Armistead. The ransomware selected includes the most recent and relevant ransomware types Mandiant's experts encounter such as Conti, Ryuk, and REvil.

"It's important to note that, while ransomware is certainly a significant cyber threat, the actual techniques used by a threat actor to compromise an organisation and execute a successful ransomware attack are not new so many companies just repurpose existing solutions and market them to address ransomware specifically," added Gary McAlum, senior analyst at TAG Cyber. "The Mandiant solution is specifically focused on ransomware."

Although a significant addition to the Mandiant platform, the offering would need consumers to already have (or plan to deploy) a significant Mandiant footprint since the capability is integrated within Mandiant Advantage, according to McAlum.

Live dashboard yields a stage-wise attack analysis

The solution also features a live dashboard that displays an up-to-date view of the ability of an organisation to prevent ransomware from encrypting data under a "Current Readiness" widget. This widget provides the results of the latest validation run, enabling customers to preview a stage-wise report of the ransomware attack's success or failure.

Additionally, the validation results can be pivoted to a more detailed threat intelligence report by enterprise users, should they want to learn more about the tested ransomware.

"I think the concept of visualising the various stages of a ransomware attack and then operationalising that with real-time telemetry from an organisation's security stack and threat intelligence is very intriguing," McAlum said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Mandiantcyber securityransomware



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments