FireEye Stories

FireEye Mandiant Enhanced Incident Response Retainer Helps Organizations Respond to and Contain Incidents Faster Than Ever

Enhanced SLA Implementation

While organizations of all shapes and sizes possess differing cyber security goals, their need to contain, eradicate and remediate breaches as quickly and effectively as possible is a shared theme across the spectrum. Breaches can cripple business operations and have a devastating impact on brand reputation, making an organization’s incident response a top priority. In the words of Kevin Mandia, FireEye CEO, ‘breaches are inevitable’. Therefore, having a retainer in place with a trusted incident responder is a commonly recommended best practice.

Recognized as a leader in the The Forrester Wave™: Cybersecurity Incident Response Services, Q1 2019 report, FireEye Mandiant leads the pack in cyber security incident response services.

An incident response retainer (IRR) with Mandiant significantly reduces response time and minimizes breach impact by establishing contractual terms before an incident occurs and ensuring direct access to expert incident responders on speed dial. To continuously support this market need, in Q1 2019 Mandiant enhanced its retainer by reducing the standard IRR response time service level (SLA) to a maximum of four hours and added an enhanced maximum two-hour option as well. This service enhancement guarantees rapid engagement with our experts within a matter of hours, not days or weeks—delivering rapid incident response when it matters most.

This enhanced response time also helps organizations across the globe who have direct business operations in any of the 28 member states of the European Union and are affected by Article 33 of the General Data Protection Regulation (GDPR), to meet the 72-hour reporting rule. When the rule is violated, it can result in high monetary penalties. This requirement includes official notification to a supervisory authority 72 hours from data breach discovery.

Similar in nature, the New York Department of Financial Services Cybersecurity (NYDFS) Regulation also calls for a 72-hour reporting period to a supervisory body from the time a financial entity determines an event has occurred—placing more emphasis around the need for a rapid and effective incident response plan.

Businesses that own, license, or maintain personal information about California residents also need to prioritize incident response turnaround and effectiveness due to the upcoming California Consumer Privacy Act (CCPA) that allows consumers to hold businesses responsible for safeguarding their personal information if the organization chooses to collect it—ensuing increased fines and penalties for violations of existing security law.

During an active attack, response times are even more critical. In early 2019, Mandiant responded to numerous ransomware attacks in progress where the victims were externally notified by law enforcement. These adversaries were in the process of encrypting files on the victims’ networks to potentially cripple their business operations. Mandiant responded to these attacks within a matter of hours, neutralized the threat, and contained the incident before ransomware was deployed.

Since Mandiant makes it easier for organizations to respond, contain, and remediate cyber attacks, an IRR can help reduce the number of consumers who could make reports and significantly minimize the volume of breached data when identified and remediated quickly.

Rapid response from a dedicated service provider can aid an organization in meeting these increasingly stringent regulatory requirements. Mandiant gives organizations the ability to quickly identify malicious activity and receive contextual intelligence on those attacks – based on frontline investigation experience since 2004 and purpose-built technology that detects and monitors emerging threat actor TTPs.

Advantages of FireEye Mandiant Incident Response Retainer

  • New! Standard 4-hour maximum response time
  • New! Enhanced 2-hour maximum service level offering
  • Repurpose unused incident response hours on a variety of technical and strategic services to improve your overall security posture
  • Access the FireEye Mandiant purpose-built technology stack during investigation
  • Evaluate and improve your current incident preparedness and response capabilities through the Incident Response Preparedness Service (IRPS)

Learn more about Mandiant’s full range of cyber security services, including our incident response retainer.