Incident Response Retainer
Reduce your incident response time and minimize breach impact with FireEye Mandiant on speed dial
The Mandiant Incident Response Retainer (IRR) gives you the ability to quickly identify malicious activity and get contextual intelligence on attacks so you can respond to cyber incidents faster and more effectively.
What are Your Business and Security Requirements?
Retainer agreements can be packaged in different ways to match your needs. Consider these factors.
- Budget. Confirm the number of prepaid hours and the hourly rate for additional hours.
- Unused hours. Ask what happens if you don’t use your prepaid hours during the contract term.
- Response Time. Get service level agreement (SLA) details for remote and onsite consulting.
- Terms. Confirm the length of retainer—most are 12 months—and payment terms, such as whether you need to pay up-front.
- Cyber insurance. Consider how your cyber insurance policy reimburses for incident response (IR) expenses and ask your insurer about lower premiums if you can show a proactive approach to cyber security.
Contact Us
Complete this short form to learn more about Mandiant Incident Response Retainers.
Ramp up response readiness
Get access to elite Mandiant security experts and technologies
Improve your current incident preparedness and response capabilities with industry-leading expertise and technology.
- Have Mandiant experts on standby to help when you need it
- Take advantage of leading-edge advances in cyber security
Accelerate incident response speed
React faster and minimize impact with a team of experienced first-responders that will spring into action as soon as a breach is suspected.
- Get expert response within hours, not days or weeks
- Have a dedicated malware team on-call
Pre-negotiate terms and conditions
Establish contractual terms before an incident occurs for rapid incident response when it matters most.
- Eliminate paperwork-related response delays when every minute matters
- Ensure your first call focuses on action
Declaration process
Initial Assessment
A Mandiant IR expert reviews and assesses your situation following the request and recommends a course of action.
Official Declaration
An authorized party from your organization makes the official declaration of an incident under your IR retainer agreement.
Declaration Acceptance
Mandiant assigns an IR lead to your investigation to serve as your primary point of contact for the duration of the investigation.
Next Steps
The IR lead works with you to define initial investigation steps that typically include collecting evidence, talking to your technical teams for their observations and actions taken and determining if we need to deploy our host and network technology. The IR lead then assembles a team based on the size, complexity and technologies of your environment.
Choice and
Flexibility:
What Incident Response Retainer is right for you?
The three tiers of the Incident Response Retainer service are each designed to suit different needs and budgets. All three tiers provide access to a 24/7 service request hotline/email and Mandiant IR support.
Tier 1: No upfront costs
- Establish terms and conditions for Mandiant Incident Response (IR) services you might need in the event of a cyber incident
- Define hourly rates for all incident response-related services and technologies
- Make no minimum financial commitment or pay no annual cost
- Incur costs only if you engage Mandiant Incident Response services
- Get support is based on best effort and current availability
- Receive no guaranteed service level agreement (SLA) for this tier
- Gain access to the Mandiant technology stack
Tier 2: Prepaid hours and service level commitment
- Establish terms and conditions for Mandiant Incident Response (IR) services
- Gain peace of mind with an SLA that provides a first responder (after declaration acceptance) within 24 hours
- Prepay for a block of Mandiant support hours at a discounted rate
- Purchase additional support hours at a discounted rate
- Flexibility to repurpose prepare fees on a wide range of technical and strategic consulting services
- Gain access to the Mandiant technology stack
- Work with Mandiant experts to evaluate and improve your current incident preparedness and response capabilities
| Initial response |
Service-level agreement |
Incident Response Preparedness Service |
Triage security issue Provide initial assessment based on FireEye intelligence and Mandiant experience Live response analysis of the systems to identify malicious activity |
Access to a 24/7 incident response hotline Initial contact (via email or phone) within eight hours: The first contact is with a Mandiant incident responder who can immediately help with triaging the incident Mandiant first-responder assigned to your case within twenty-four hours |
Review of existing monitoring, logging and detection technologies Ensure ability to quickly contain an incident Review of current network and host architecture Evaluation of first response capabilities Collaborative planning for typical response scenarios Recommendations for areas of improvement |
Available consulting services for repurposing prepaid hours include:
| Technical Services |
Strategic Services |
Education Services |
Incident Response Malware Analysis Intelligence and Attribution Advanced Acquisition Techniques |
| Feature | Tier 1 | Tier 2 | Tier 3 |
|---|---|---|---|
| Pre-negotiated terms and conditions for IR services | Yes Yes | Yes Yes | Yes Yes |
| 24/7 IR service request hotline/email | Yes Yes | Yes Yes | Yes Yes |
| Service level agreement (SLA) | Best effort Best effort | Yes Yes | Yes Yes |
| Discounted Mandiant support hours | No No | Prepaid, with additional hours as needed Prepaid, with additional hours as needed | As needed As needed |
| Proactive Mandiant services | No No | Can apply unused retainer hours toward Mandiant service Can apply unused retainer hours toward Mandiant service | Purchase bundle of proactive service to be delivered during term of the retainer Purchase bundle of proactive service to be delivered during term of the retainer |
| Incident preparedness services | No No | Yes Yes | Yes Yes |
Related products and services
Managed Defense
Extends your security team with experts from FireEye who will monitor your network for threats around the clock.
Response Readiness Assessment
Provides an easy, effective way to evaluate and improve your ability to detect, respond to and contain advanced attacks.
FireEye iSIGHT Intelligence
Combines adversary intelligence with breach victim and machine-based intelligence for a full 360° view of threats.
Related resources
Datasheet
Incident Response Retainer
eBook
Dramatically enhance your organization’s breach response preparedness
Reasons
7 Reasons To Have Mandiant On Speed Dial
Webinar
Breach Readiness: Next Generation of Incident Preparedness
Ready to get started?
Our security experts are standing by to help you with an incident or answer questions about consulting services.