Incident Response Retainer
Reduce your incident response time and minimize breach impact with FireEye Mandiant on speed dial
The Mandiant Incident Response Retainer (IRR) gives your organization the ability to quickly identify malicious activity and receive contextual intelligence on attacks — enabling faster and more effective response to cyber incidents.
What are your business and security requirements?
Retainer agreements can be packaged in different ways to match your needs. Consider these factors.
- Budget. Confirm the number of prepaid hours and the hourly rate for additional hours.
- Unused hours. Ask what happens if you don’t use your prepaid hours during the contract term.
- Response Time. Get service level agreement (SLA) details for remote and onsite consulting. 2 or 4 hour SLAs are available.
- Terms. Confirm the length of retainer—most are 12 months—and payment terms, such as whether you need to pay up-front.
- Cyber insurance. Consider how your cyber insurance policy reimburses for incident response (IR) expenses and ask your insurer about lower premiums if you can show a proactive approach to cyber security.
Contact Us
Complete this short form to learn more about Incident Response Retainers.
Ramp up response readiness
Get access to elite Mandiant security experts and technologies
Improve your current incident preparedness and response capabilities with industry-leading expertise and technology.
- Have Mandiant experts on standby to help when you need it
- Take advantage of leading-edge advances in cyber security
Accelerate incident response speed
React faster and minimize impact with a team of experienced first-responders that will spring into action as soon as a breach is suspected.
- Get expert response within hours, not days or weeks
- Have a dedicated malware team on-call
Pre-negotiate terms and conditions
Establish contractual terms before an incident occurs for rapid incident response when it matters most.
- Eliminate paperwork-related response delays when every minute matters
- Ensure your first call focuses on action
Declaration process
Initial Assessment
A Mandiant IR expert reviews and assesses your situation following the request and recommends a course of action.
Official Declaration
An authorized party from your organization makes the official declaration of an incident under your IR retainer agreement.
Declaration Acceptance
Mandiant assigns an IR lead to your investigation to serve as your primary point of contact for the duration of the investigation.
Next Steps
The IR lead works with you to define initial investigation steps that typically include collecting evidence, talking to your technical teams for their observations and actions taken and determining if we need to deploy our host and network technology. The IR lead then assembles a team based on the size, complexity and technologies of your environment.
Choice and
Flexibility:
What Incident Response Retainer is right for you?
The Incident Response Retainer provides two tracks of service that are designed to suit different needs and budgets.
Tier 1: No upfront costs
- Establish terms and conditions for Mandiant Incident Response (IR) services
- Define hourly rates for all incident response-related services and technologies
- Make no minimum financial commitment or pay no annual cost
- Incur costs only if you engage Mandiant Incident Response services
- Get support based on best effort and current availability
- Receive no guaranteed service level agreement (SLA)
- Gain access to the FireEye Mandiant technology stack
Tier 2: Prepaid hours and service level commitment
- Establish terms and conditions for Mandiant Incident Response (IR) services
- Gain peace-of-mind with a 4-hour SLA that provides a first responder (after declaration acceptance) within 24 hours
- Flexibility to repurpose unused hours on a variety of technical and strategic services
- Gain access to the FireEye Mandiant technology stack
- Work with Mandiant experts to evaluate and improve your current incident preparedness and response capabilities
- Access to Incident Response Preparedness Service
- Enhanced 2-hour SLA also available
| Initial response |
Service-level agreement |
Incident Response Preparedness Service |
Triage security issue Provide initial assessment based on FireEye intelligence and Mandiant experience Live response analysis of the systems to identify malicious activity |
Access to a 24/7 incident response hotline Initial contact (via email or phone) within four hours: The first contact is with a Mandiant incident responder who can immediately help with triaging the incident Mandiant first-responder assigned to your case within twenty-four hours Enhanced two-hour SLA available |
Review of existing monitoring, logging and detection technologies Ensure ability to quickly contain an incident Review of current network and host architecture Evaluation of first response capabilities Collaborative planning for typical response scenarios Recommendations for areas of improvement |
Available consulting services for repurposing prepaid hours include:
| Technical Services |
Strategic Services |
Education Services |
Windows Enterprise Incident Response Intelligence and Attribution Advanced Acquisition Techniques |
Related resources
Datasheet
Incident Response Retainer
eBook
Dramatically enhance your organization’s breach response preparedness
Reasons
7 Reasons to have FireEye Mandiant on speed dial
Webinar
Breach Readiness: Next Generation of Incident Preparedness
Related products and services
Managed Defense
Extends your security team with experts from FireEye who will monitor your network for threats around the clock.
Response Readiness Assessment
Provides an easy, effective way to evaluate and improve your ability to detect, respond to and contain advanced attacks.
Threat Intelligence
Combines adversary intelligence with breach victim and machine-based intelligence for a full 360° view of threats.
Ready to get started?
Our security experts are standing by to help you with an incident or answer questions about consulting services.