Security Experts:

Mandiant and Palo Alto Networks Partner on Targeted Attack Defense

SAN FRANCISCO – RSA CONFERENCE 2013 - Mandiant and Palo Alto Networks have teamed up to provide customers with a “holistic approach to thwart advanced attackers,” the companies said Monday.

Mandiant will integrate Palo Alto's next-generation firewalls and WildFire malware prevention service into its Mandiant for Security Operations platform, the companies said at the RSA Conference 2013 in San Francisco. The joint offering will give organizations the ability to detect malware, prevent their networks from being compromised, and resolve security incidents on endpoints.

Mandiant for Security Operations will automatically generate Indicators of Compromise based on malware alerts generated by Palo Alto's Wildfire and identify which endpoints have already been infected. The integration would give customers “a significant advantage to creating actionable insights to assess risk, prevent threats, and improve security, Chad Kinzelberg, senior vice-president of business and corporate development at Palo Alto Networks, said in a statement.

“With the integration of the WildFire subscription malware detection service and Mandiant for Security Operations, security professionals will now be able to respond to threats faster and automatically investigate alerts from WildFire so they can confirm and resolve targeted attacks as they are unfolding,” said Dave Merkel, CTO of Mandiant.

Mandiant for Security Operations is an appliance-based offering where security teams deploy a lightweight agent on endpoints to detect, analyze and resolve security incidents in a fraction of the time it takes using conventional approaches, Mandiant said. The platform echoes a common themes at the RSA Conference this year, that a compromise is inevitable and the most important thing the organization can do is to minimize the time between when that compromise occurs and when the security team detects and contains the problems.

Wildfire gives customers one-hour response times for modern malware signatures and integrated, on-box logging and reporting. The enhanced response time ensures that the damage caused by attackers using zero-day malware is mitigated, according to Palo Alto Networks. Wildfire can detect heretofore-undetected malware across all types of applications, not just Web and email.

Mandiant also announced a partnership with FireEye, combining FireEye's threat detection capabilities with Mandiant's visibility into the malware host enables customers to detect advanced malware, accelerate incident response, and prioritize the threats. Organizations will be able to shorten response time to sophisticate threats and improve their ability to address the full extent of attacks, FireEye said

“Organizations are looking for an easier way to confirm suspected incidents so they can rapidly resolve them,” Merkel said.

Fahmida Y. Rashid is a contributing writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.