Texture Top Right Red 04

Incident Response Retainer

Reduce your incident response time and minimize breach impact with FireEye Mandiant on speed dial

The Mandiant Incident Response Retainer (IRR) gives your organization the ability to quickly identify malicious activity and receive contextual intelligence on attacks — enabling faster and more effective response to cyber incidents.

What are your business and security requirements?

Retainer agreements can be packaged in different ways to match your needs. Consider these factors.

  • Budget. Confirm the number of prepaid hours and the hourly rate for additional hours.
  • Unused hours. Ask what happens if you don’t use your prepaid hours during the contract term.
  • Response Time. Get service level agreement (SLA) details for remote and onsite consulting. 2 or 4 hour SLAs are available.
  • Terms. Confirm the length of retainer—most are 12 months—and payment terms, such as whether you need to pay up-front.
  • Cyber insurance. Consider how your cyber insurance policy reimburses for incident response (IR) expenses and ask your insurer about lower premiums if you can show a proactive approach to cyber security.

Contact Us

Complete this short form to learn more about Incident Response Retainers.

Ramp up response readiness

Get access to elite Mandiant security experts and technologies

Get access to elite Mandiant security experts and technologies

Improve your current incident preparedness and response capabilities with industry-leading expertise and technology.

  • Have Mandiant experts on standby to help when you need it
  • Take advantage of leading-edge advances in cyber security
Accelerate incident response speed

Accelerate incident response speed

React faster and minimize impact with a team of experienced first-responders that will spring into action as soon as a breach is suspected.

  • Get expert response within hours, not days or weeks
  • Have a dedicated malware team on-call
Pre-negotiate terms and conditions

Pre-negotiate terms and conditions

Establish contractual terms before an incident occurs for rapid incident response when it matters most.

  • Eliminate paperwork-related response delays when every minute matters
  • Ensure your first call focuses on action

Declaration process

Declaration Request

Initial request for assistance via web, email or phone. 2 or 4 hour SLAs available for response from Mandiant IR expert.

Initial Triage

A Mandiant IR expert reviews and assesses your situation following the request and recommends a course of action.

Official Declaration

An authorized party from your organization makes the official declaration of an incident under your IR retainer agreement.

Declaration Acceptance

Case is accepted once Mandiant and client deem IR services are needed.

Next Steps

A Mandiant lead will work with you to define initial investigation steps that typically include collecting evidence, talking to your technical teams for their observations and actions taken and determining if we need to deploy our host and network technology. The Mandiant lead then assembles a team based on the size, complexity and technologies of your environment.  

Choice and Flexibility:
What Incident Response Retainer is right for you?

The Incident Response Retainer provides two tracks of service that are designed to suit different needs and budgets.

Tier 1: No upfront costs

Tier 1: No upfront costs

  • Establish terms and conditions for Mandiant Incident Response (IR) services
  • Define hourly rates for all incident response-related services and technologies
  • Make no minimum financial commitment or pay no annual cost
  • Incur costs only if you engage Mandiant Incident Response services
  • Get support based on best effort and current availability
  • Receive no guaranteed service level agreement (SLA)
  • Gain access to the FireEye Mandiant technology stack
Tier 2: Prepaid hours and service level commitment

Tier 2: Prepaid hours and service level commitment

  • Establish terms and conditions for Mandiant Incident Response (IR) services
  • Gain peace-of-mind with a 4-hour SLA
  • Enhanced 2-hour SLA also available
  • Flexibility to repurpose unused hours on a variety of technical and strategic services
  • Gain access to the FireEye Mandiant technology stack
  • Work with Mandiant experts to evaluate and improve your current incident preparedness and response capabilities
  • Access to Incident Response Preparedness Service
Initial response
Service-level agreement
Incident Response Preparedness Service

Triage security issue

Provide initial assessment based on FireEye intelligence and Mandiant experience

Live response analysis of the systems to identify malicious activity

Access to a 24/7 incident response hotline

Initial contact (via email or phone) within four hours: The first contact is with a Mandiant incident responder who can immediately help with triaging the incident

Case is accepted once Mandiant and client deem that incident response services are needed

Enhanced two-hour SLA is also available

Review of existing monitoring, logging and detection technologies

Ensure ability to quickly contain an incident

Review of current network and host architecture

Evaluation of first response capabilities

Collaborative planning for typical response scenarios

Recommendations for areas of improvement

Available consulting services for repurposing prepaid hours include:

Related resources

Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about our
consulting and managed detection and response services.

+1 888-227-2721 +61 281034308 +32 28962867 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1566 +353 (0)216019160 +39 0294750535 +81 3 4577 4401 +03 77248276 +52 5585268207 +31 207941289 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +46 853520870 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914