Mandiant Stories

Bringing Clarity to the Government Cyber Security Challenge With AI-Powered XDR

Mike Epplin
Jun 01, 2021
3 min read
|   Last update Aug 23, 2023

Government agencies depend on IT to carry out operations, process essential data and deliver citizen services. Yet the risks to these systems are constantly increasing as security threats evolve and become more sophisticated. According to the GAO, over 28,000 security incidents were reported by federal executive branch civilian agencies to the Department of Homeland Security in fiscal year 2019. That number is almost certainly an under-reporting of the attacks.

One major factor hampering cyber security efforts is that agency front-line security analysts are struggling with too much noise. The proliferation of software-enabled systems and attack surfaces produces a flood of information without context. Every day analysts are bombarded with thousands of security alerts, 45 percent on average false positives. No matter how heroic or dedicated, humans simply cannot scale to meet the enormity of the threat to government networks and data.   

XDR via Mandiant Automated Defense Is the Solution

What’s needed is an Extended Detection and Response (XDR) solution. XDR solutions integrate a set of products unifying control points, security data, analytics, and operations into a single enterprise solution. XDR supports and unifies reporting of multiple attack surfaces—endpoint, email, network, web filters and cloud sensors.

Having acquired Respond Software’s XDR engine late in 2020, Mandiant has rebranded the solution as Mandiant Automated Defense. Mandiant Automated Defense becomes a new part of the Mandiant Advantage SaaS platform, providing an AI-based, cloud-native XDR engine that automates monitoring and triage—the initial investigation on the front end that is critical to catching threats early, before they become a problem.

Mandiant Automated Defense connects the dots amongst disparate, multi-vendor security data at machine speed and scale so that the government analyst can focus on real security incidents without wasting time on false positives. Security teams would be able to detect the latest techniques and tactics at the front end, not just after the attack. In February 2021 alone Mandiant Automated Defense analyzed more than 52 billion customer alerts and reduced that overwhelming flood to less than 700 actual events that required prioritized investigations.

We’ve all seen crime dramas where the police must solve a mystery. What detectives do with physical evidence on a white board, an XDR Engine does with cyber security data—but at machine speed and scale.

Reinforce Existing Security Platforms

Adding Mandiant Automated Defense can immediately improve existing security services and platforms an agency many have in place. Security Information and Event Management (SIEM) systems require rules to be written and constantly maintained to be effective. Security Orchestration, Automation and Remediation (SOAR) platforms can choke on the high volumes of threat data coming in daily and require significant playbook development efforts. Both can be improved immediately by adding an XDR capability, automating response and detection capabilities with the power of AI and ML.

Adding Mandiant Automated Defense to Mandiant Advantage combines our experts and intelligence with decision automation to power threat alert correlation and triage. It’s like inserting a cyborg Mandiant Analyst into your security platform, who learns faster as the threat volume increases.

Deploy the Way You Want With No Vendor Lock

Mandiant Automated Defense offers flexible deployment options—on premises, hybrid assisted model or as a fully managed service. It’s important to avoid vendor lock when choosing the right XDR solution. Like all of the Mandiant Advantage platform, Automated Defense is controls agnostic and supports a broad range of third-party control products, intelligence sources and contextual data.

Mandiant Automated Defense is what front-line government analysts need to meet the cyber security mission. Ready to learn more? Click here to view a detailed datasheet or to request a demo.