Mandiant is synonymous with incident response. The company first gained worldwide recognition in 2013 when it published the APT1 report, directly attributing a Chinese military unit to years of cyber espionage. That level of attribution was unprecedented at the time.
Since then, Mandiant’s investigators have been called in for many of the world’s highest-profile breaches: the SolarWinds supply chain attack, Colonial Pipeline ransomware, and countless others. Their frontline expertise feeds directly into the company’s threat intelligence products and services.
Google acquired Mandiant in 2022 for $5.4 billion, integrating its capabilities into Google Cloud’s security portfolio. Mandiant’s threat intelligence now powers Google’s Chronicle SIEM and VirusTotal, while its consulting teams continue to operate independently on incident response engagements.
The company tracks over 3,500 threat actors and publishes regular reports on advanced persistent threats. Mandiant’s Attack Surface Management product maps external-facing assets, and its Managed Defense service provides ongoing threat monitoring. For organizations facing sophisticated adversaries, Mandiant brings expertise that’s been forged in real-world breaches.
