Mandiant Mtrends Report

Published: 2010-02-07
Last Updated: 2010-02-09 14:01:44 UTC
by Rick Wanner (Version: 1)
2 comment(s)

Once again a lazy weekend to catch up on some reading.  One of the items that came across my email in the last week is the Mandiant Mtrends report.

Mtrends is a fairly concise report on Mandiant's view of the Advanced Persistent Threat (APT).  If you are not familiar with the term, APT refers to organized groups of  professional hackers who have been targeting corporations and governments around the world.  Mandiant has a unique perspective into this issue as one of  few incident handling companies who have been on the front lines of the fight against the APT.

It does require registration to get your copy, but it is a good read.

I have my views on this report, but for those of you who take the time to read this report I would be very interested in your view of this threat, and Mandiant's report.  In your view is this a realistic appraisal of the situation, or just more FUD (Fear, Uncertainty, and Doubt) added to the pile?  Please provide your feedback via commenting to this diary or through our contact page.

-- Rick Wanner - rwanner at isc dot sans dot org

Keywords: Mandiant Mtrends
2 comment(s)


My initial impression is that the entire executive summary sounds like a sales pitch. It's not helped by the fact that the report is sent from a Sales Operations Manager. I'm sure the threat is very real. However, after reading it I feel like I sat through a sales pitch at a vendor conference.

They also repeatedly point the finger at China and hint that it may be government sponsored but offer next to no details aside from "issues stemming from current events in China." Perhaps that's beyond the scope of this paper.

Just my initial feelings. I'll give it another read later on.

One thing I want to question is the time stamp on DNS information changes for malicious domains/IPs. From what I've seen malicious domains/IPs change a lot faster then Day 34 (usually within a week or two). Does anyone else have a rough estimate of information changes? Or is what I have seen an anomaly?

Diary Archives