Mandiant is the world’s most recognized threat intelligence and incident response organization, acquired by Google for $5.4 billion in September 2022. Now operating within Google Cloud, Mandiant provides frontline intelligence from active breach investigations, adversary tracking, and proactive security services that power Google’s security products and serve thousands of organizations directly.
Services and Products
Mandiant Consulting offers elite incident response, breach investigation, and security transformation services. Mandiant consultants respond to over 1,100 breaches annually, providing the raw intelligence that feeds the company’s threat research. The team is known for investigating the most complex nation-state and financially motivated attacks.
Mandiant Threat Intelligence delivers real-time intelligence on threat actors, campaigns, vulnerabilities, and malware. Mandiant tracks over 350 threat actors and publishes detailed attribution reports. The intelligence platform integrates with Google Chronicle SIEM and third-party security tools.
Attack Surface Management provides continuous discovery and analysis of internet-facing assets, identifying exposures before attackers exploit them. Red teaming and adversary simulation services simulate real-world attack scenarios, including purple teaming and adversary-specific simulations based on Mandiant’s intelligence on active threat groups. Mandiant Academy provides cybersecurity training programs covering incident response, malware analysis, threat intelligence, and security operations.
Notable Investigations
Mandiant built its reputation through groundbreaking public research and breach investigations. The APT1 Report in 2013 was the first public attribution of a Chinese military cyber espionage unit, establishing the model for nation-state attribution. In 2020, Mandiant discovered and led the investigation into the SolarWinds/SUNBURST supply chain compromise attributed to Russian intelligence (APT29). They investigated the mass exploitation of Microsoft Exchange Server zero-days by Hafnium in 2021. The annual M-Trends Report provides statistical analysis of global breach trends and attacker behavior.
Google Cloud Integration
Mandiant intelligence is embedded into Google Chronicle for SIEM, VirusTotal for malware analysis, and Google Cloud security products. The combination of Mandiant’s frontline intelligence with Google’s infrastructure and AI capabilities strengthens both Mandiant’s services and Google’s security platform.
Leadership
Kevin Mandia, the founder, transitioned to a Google Cloud advisor role in May 2024 and is now a General Partner at Ballistic Ventures. Sandra Joyce, formerly Mandiant’s intelligence lead, now serves as VP of Google Threat Intelligence.