Co-authored by David Willis and Melissa K. Smith, Senior Director of Strategy & Partnerships at Mandiant
For most companies, security and IT systems are growing in complexity, breadth of scope, and coverage, which consumes budget and staff time. The rapid breakdown of the traditional perimeter in this “new normal” world increases the challenges IT teams and remote users face on a daily basis.
Netskope continues to see threat actors targeting different parts of the enterprise, looking for security gaps between protections in the cloud and the endpoint. Much like the response to any type of crisis, hoarding information in silos is counterproductive to resolution. This is even more true when there is superlative, highly accurate intelligence gleaned by Netskope partners like Mandiant. By sharing information about a threat actor’s activities in targeting particular joint customers, Netskope and Mandiant aim to break down the silos to streamline and automate these customers’ efforts to build effective defenses and prevention capabilities.
Netskope Cloud Threat Exchange (CTE) enables customers and partners to scale and automate their own threat intelligence sharing of globally useful, customer-specific indicators of compromise, surfaced by global human-intelligence leaders like Mandiant.
Solution – Cloud Threat Exchange
Cloud Threat Exchange (CTE) has been deployed to hundreds of customers, helping them get the most out of all of their security investments by sharing customer-specific intelligence with other connected components of their stack. This means that whatever high value intelligence Mandiant has unearthed about targeted attacks is able to be leveraged by other customer systems, including Netskope, connected to CTE. Customers can use this capability to maximize the effectiveness of their protection using automation and orchestration to stop an attack that Mandiant discovered in one “silo,” but that is soon-to-be, or already, applicable to another.
CTE improves the opportunity to stop attacks earlier in the kill chain by making sure that every security measure works in conjunction with one another to coordinate a response. This improves the overall effectiveness of the security because it closes the gaps in conventional security stacks by providing the latest information on emerging threats across all of the organization’s defenses.
As an integrated Cloud Threat Exchange partner, Mandiant is excited to have collaboratively built a plugin to extract Mandiant findings and push them to CTE to be leveraged by joint customers’ Netskope security service edge (SSE) capabilities. Mandiant’s VP of Technology Marshall Heilman states, “We appreciate and fully support the idea of collaboration to keep attackers from being successful despite attempting multiple attack vectors. Netskope and Mandiant turn threat intelligence into global action.”