Get Value From Your Data

As you might already know, Mandiant goes beyond the classic automated detection strategies applied in the Threat Intelligence industry. Mandiant focuses on identifying and studying common patterns between events, including information on the attackers, the victims, the locations, the timings, etc. They characterize Threat Actors deliver all this information to their customers through reports that are invaluable for any cyber analyst.

While Mandiant provides extremely detailed analysis and insights on threat actors and their tactics, techniques, and procedures (TTPs), QuoLab’s platform transforms the threat data into actionable intelligence. QuoLab & Mandiant’s partnership enable analysts to take proper actions to prevent and remediate against threats, based on insightful analysis and verifiable data. Here’s exactly how this process occurs:

Enhanced Reporting

QuoLab converts raw data from the Mandiant API into a common data model (CDM) that is compatible with its rich toolkit built by cyber operators for operators, turning messy data into professional and easy-to-read reports. This tool makes it easy to select data across the platform (from cases to feeds), analyze and export it as a PDF.

The main focus here is what these reports include and make possible for analysts’ daily operations. Say goodbye to copy-pasting JSON files and other technical artifacts from each system into a word document. The automatic reports published through QuoLab present human-readable information and include a URL that redirects users to our platform, where they can further explore a specific piece of information if necessary.

Graph Analysis

Our Link Analyzer tool facilitates the identification and investigation of patterns and correlations between datasets sourced from Mandiant and other TI providers, events, threat actors, etc. by visually representing the links between all cases, reports, indicators of compromise (IOCs), vulnerabilities and other artifacts normalized and aggregated in the platform.

Sharing and Collaboration

While the main goal of the reports is to facilitate data comprehension and redirect analysts to tools that help them conduct investigations, they can easily be used to share information and update any department or group of people about any events or threats. Our multi-tenant architecture allows to compartmentalize data not only between companies but also departments, teams, and investigations without creating unnecessary silos between each party. Tenant and sub-tenant owners can establish bi-directional data sharing policies that enhance collaboration while preserving full data ownership control.

Seamless Integrations

With two mouse clicks our users can request enrichment reports related to any IOC, send artifacts to a firewall blacklist, a SIEM’s watchlist or simply push them into another system through our bilateral connectors from anywhere in the platform.

The Perfect Match

Transforming threat data into actionable intelligence is a critical step in effectively protecting against cyber threat. QuoLab and Mandiant’s partnership was formed to provide clients with a more comprehensive understanding of the threat landscape and develop an effective security strategy to mitigate the risk of a breach.

If you are interested in reading more articles like this one, be sure to let us know by liking it below!