Mandiant Advantage Ransomware Defense Validation tests companies' ability to thwart cyberattacks by selecting and repurposing the most critical ransomware variants to run in production environments. Credit: undefined undefined / Getty Images Cyberdefense and response company Mandiant is offering a new Ransomware Defense Validation service for its SaaS-based XDR (extended detection and response) platform, Mandiant Advantage, to help organizations measure the ability of their security systems to prevent ransomware attacks. The subscription service, now generally available, is designed to combine threat intelligence, ransomware reconfiguration capabilities, and an automated validation infrastructure to help security leaders understand how effectively their existing security controls can prevent specific ransomware attacks and multifaceted extortion campaigns. “Ransomware Defense Validation is based on the most up-to-date and relevant ransomware intelligence and uses real (not simulated) ransomware in a safe manner to test an organization’s security controls for their ability to prevent the encryption of critical data by the relevant ransomware,” says Mike Armistead, senior vice president for Mandiant Advantage Products.Ransomware was the most significant malware threat for enterprises in 2021, according to a recent IBM Security’s annual X-Force Threat Intelligence Index report. Ransomware accounted for 21% of all cyberattacks, more than any other type of malware, according to X-Force. Validation tests repurpose critical ransomwareThe Mandiant Advantage Ransomware Defense Validation service uses Mandiant’s ability to repurpose, or modify, ransomware to run in company production environments in order to obtain realistic insights into endpoint security control performance.For the service, Mandiant selects specific, critical ransomware to be tested, adding new variants on an ongoing basis. The selection process is informed by the company’s global threat intelligence team, according to Armistead. The ransomware selected includes the most recent and relevant ransomware types Mandiant’s experts encounter such as Conti, Ryuk, and REvil. “It’s important to note that, while ransomware is certainly a significant cyberthreat, the actual techniques used by a threat actor to compromise an organization and execute a successful ransomware attack are not new so many companies just repurpose existing solutions and market them to address ransomware specifically,” says Gary McAlum, senior analyst at TAG Cyber. “The Mandiant solution is specifically focused on ransomware”.Although a significant addition to the Mandiant platform, the Mandiant Ransomware Defense Validation would need consumers to already have (or plan to deploy) a significant Mandiant footprint since the capability is integrated within Mandiant Advantage, according to McAlum. Live dashboard yields a stage-wise attack analysisMandiant’s Ransomware Defense Validation features a live dashboard that displays an up-to-date view of the ability of an organization to prevent ransomware from encrypting data under a “Current Readiness” widget. This widget provides the results of the latest validation run, enabling customers to preview a stage-wise report of the ransomware attack’s success or failure. Additionally, the validation results can be pivoted to a more detailed threat intelligence report by enterprise users, should they want to learn more about the tested ransomware. “I think the concept of visualizing the various stages of a ransomware attack and then operationalizing that with real-time telemetry from an organization’s security stack and threat intelligence is very intriguing,” McAlum says. Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe