
Incident Response Services
Resolve cyber security incidents quickly, efficiently and at scale
Your business is your top priority. At best, cyber attacks are a distraction. At their worst, they can cripple your operations.
FireEye Mandiant has dedicated cyber incident responders in over 30 countries to help you quickly investigate cyber incidents and thoroughly remediate the environment, so you can get back to what matters most: your business. On the frontlines of cyber incident response since 2004, Mandiant has investigated some of the most complex breaches worldwide. We have a deep understanding of both existing and emerging threat actors and their rapidly changing tactics, techniques and procedures.
Our consultants combine investigative and remediation expertise with industry-leading threat intelligence and network and endpoint technology to help you with a wide range of activities — from technical response to crisis management. Whether you have 1,000 or 100,000 endpoints, FireEye Mandiant consultants can be up and running in a matter of hours, analyzing your networks for malicious activity. All to help you get back to business as usual with confidence- quickly and efficiently.


Complete cyber incident response
From investigation to crisis management, Mandiant incident response helps resolve all aspects of cyber breaches with industry-leading expertise, from thorough technical investigation to containment and recovery.

Industry-leading cyber threat intelligence
Industry-leading threat intelligence gives investigators the edge, helping understand attacker motivations and the tools, techniques and procedures (TTPs) attackers they use.

24/7 incident response coverage
After-hours coverage provided by FireEye Managed Defense for peace of mind that you are seamlessly protected 24/7 during investigation and remediation.
Cyber Incident Response Features

Frontline expertise
Mandiant has been on the frontlines of cyber incident response since 2004. From cyber espionage to crippling network attacks, Mandiant has the know-how to quickly identify what was compromised, assess the pathway to attack and remediate the breach so you can resume regular business activities.

Rapid response to remediation
Speed of response and analysis is critical to containing an incident and limiting damage. Whether you are a small firm with few endpoints or a global enterprise with 100,000 endpoints, Mandiant experts can start work within hours and rapidly analyze your entire network for signs of malicious activity.

Hands on remediation support
Hands-on keyboard support to help you implement remediation recommendations, assuring thorough a remediation to help you get back to business as usual faster and reduce the risk of future compromise.

Purpose-built technology
Purpose-built FireEye endpoint technology, network sensors, analytics platforms and more, deployed on-premise or in the cloud. Save time and money using only the technology you need with the speed and convenience of cloud accessibility.

Global footprint, local experts
Dedicated Mandiant incident responders in over 30 countries worldwide provide a firsthand local knowledge and native language fluency. In-region experts bring greater regional context as well as rapid response to your on-site security needs.

Dedicated research and reverse-engineering
FireEye FLARE reverse engineers analyze malware and write custom decoders and parsers to provide insight into the capabilities and TTPs used by attackers.

Crisis management
Incident responders have years of experience advising clients on incident-related communications — including executive communications, public relations and disclosure requirements.
Eliminate sluggish incident response
An IDC study examines next-generation security problems and their solutions, providing helpful recommendations to strengthen your incident response programs.
Unparalleled speed to response
In a recent case, Mandiant consultants deployed investigative tools over 18,000 client endpoints and confirmed an attack within four hours of initial engagement. All endpoints were analyzed and the attack contained in under a week. The client resumed normal operations just five days later.
Post-engagement deliverables
At the end of an investigation, you’ll know the full scope of the incident, including:
- Affected applications, networks, systems and user accounts
- Malicious software and exploited vulnerabilities
- Information accessed or stolen
All critical information will be detailed and documented in three actionable reports:
- Executive summary: Summarizes investigative process, major findings and containment/eradication activities.
- Investigative report: Details attack timeline and critical path with a list of affected computers, locations, user accounts and information.
- Remediation report: Details containment and eradication measures and includes strategic recommendations to enhance your organization’s security posture.
Build a Business Case
- Datasheet: Incident Response
- M-Trends 2019: Trends Behind Today’s Most Impactful Breaches and Cyber Attacks
- The Executive’s Breach Response Preparedness Playbook
- 12 Proven Cyber Incident Response Strategies
- Blog: The State of Incident Detection and Response in 2015
- Blog: The Need for Incident Response

Types of incidents Mandiant commonly investigates

Intellectual property theft
Theft of trade secrets or other sensitive information.

Financial crime
Payment card data theft, illicit ACH/EFT cash transfers, extortion and ransomware.

Personally identifiable information (PII)
Exposure of information used to uniquely identify individuals.

Protected health information (PHI)
Exposure of protected health care information.

Insider threats
Inappropriate or unlawful activity performed by employees, vendors and other insiders.

Destructive attacks
Attacks solely intended to cause the victim organization hardship by making information or systems unrecoverable.
Related resources
Report
M-Trends
eBook
The Executive’s Breach Response Preparedness Playbook
Webinar
The Best Way to Assess Incident Response Preparedness
Breached?
If your organization needs immediate assistance for a possible incident or security breach, please contact us.