Our Security Validation platform is informed by Mandiant frontline threat intelligence on the latest attacker tactics, techniques, and procedures (TTPs) to continuously validate and measure the effectiveness of your cybersecurity controls.
Mandiant Security Validation safely processes advanced cyberattack security content within production networks. By design, defenses respond to Security Validation as if an attack is taking place across the most critical areas of networks. The software produces evidence that shows how people, processes, and technologies perform when specific malicious behaviors are encountered, such as attacks by a specific threat actor or attack vector.
Core components
The core Validation components are as follows:
- The Director: The main component of the platform that provides the following functionality:
- Acts as the Integration point for your SIEM and other components of your security stack
- Hosts the Content Library (Actions, Sequences, Evaluations, and Files) used for testing your security controls
- Manages the Actor assignment during testing
- Aggregates testing results and facilitates report creation
- Maintains connections with the Mandiant Updater and Content Services, letting you automatically receive updates to both the platform and its content
- Actors (also referred to as Flex, Endpoint, and Network Actors): The components that safely perform tests in production environments. Specifically, use Actors to verify the configuration and test the effectiveness of:
- Network Security Controls
- Windows, Mac, and Linux endpoint controls
- Email controls
Deployment models
Security Validation offers flexible deployment models to suit your organization's needs. The primary difference between the models lies in the hosting of the Director component.
- MSV (On-Premises Director): In this model, your organization hosts the Director on your own infrastructure. This gives you full control over the environment and data. This is the traditional on-premises (on-prem) offering.
- MA-SV (SaaS Director): In this fully-managed SaaS model, Mandiant hosts the Director in the cloud. This alleviates the need for you to manage the underlying infrastructure, allowing you to focus on your security validation program.
- Google Cloud Hosted Director: For customers who require their data to reside within Google Cloud, we offer a specific Google Cloud hosted option for the Director. In this deployment, the Director is hosted and managed by Mandiant within a dedicated Google Cloud project. This option provides the benefits of a SaaS model while ensuring that your data is processed and stored within the Google Cloud ecosystem, which can help satisfy security and compliance requirements.
Example deployment
The following image provides an example of a common Validation Platform deployment in a customer environment. You can see where Actors have been deployed, what systems would potentially see the traffic for tests run between Actors, and how the Director is the component that receives the information from the systems in the environment based on an integration with a SIEM. The image also clearly shows that tests are run between Actors and not directly on systems in your environment.
Once you have your environment configured and have started running tests, you are able to see your overall Validation Platform deployment and the security technologies that blocked and fired events when tests were run.
Outside the base Validation Platform deployment, there are additional features that may be included in your subscription or on-prem version of Security Validation. These features include:
- Protected Theater: Lets you safely run destructive endpoint tests
- Email Theater: Lets you run email-based tests
- AEDA(Advanced Environmental Drift Analysis): Lets you continuously test your environment and provides early alerts for defensive regressions
- TAAM (Threat Actor Assurance Module): Lets you operationalize your commercial threat intelligence platform
- Cloud Validation Module: Lets you test your cloud security controls