Incident Response Retainer
Reduce your incident response time and minimize breach impact
The Mandiant Incident Response Retainer (IRR) gives you the ability to quickly identify malicious activity and get contextual intelligence on attacks so you can respond to cyber incidents faster and more effectively.
Webinar
Breach Readiness: Next Generation of Incident Preparedness
Ramp up response readiness
Get access to elite Mandiant security experts and technologies
Improve your current incident preparedness and response capabilities with industry-leading expertise and technology.
- Have Mandiant experts on standby to help when you need it
- Take advantage of leading-edge advances in cyber security
Accelerate incident response speed
React faster and minimize impact with a team of experienced first-responders that will spring into action as soon as a breach is suspected.
- Get expert response within hours, not days or weeks
- Have a dedicated malware team on-call
Pre-negotiate terms and conditions
Establish contractual terms before an incident occurs for rapid incident response when it matters most.
- Eliminate paperwork-related response delays when every minute matters
- Ensure your first call focuses on action
Declaration process
Initial Assessment
A Mandiant IR expert reviews and assesses your situation following the request and recommends a course of action.
Official Declaration
An authorized party from your organization makes the official declaration of an incident under your IR retainer agreement.
Declaration Acceptance
Mandiant assigns an IR lead to your investigation to serve as your primary point of contact for the duration of the investigation.
Next Steps
The IR lead works with you to define initial investigation steps that typically include collecting evidence, talking to your technical teams for their observations and actions taken and determining if we need to deploy our host and network technology. The IR lead then assembles a team based on the size, complexity and technologies of your environment.
Choice and
Flexibility:
What Incident Response Retainer is right for you?
The three tiers of the Incident Response Retainer service are each designed to suit different needs and budgets. All three tiers provide access to a 24/7 service request hotline/email and Mandiant IR support.
Tier 1: No upfront costs
- Establish terms and conditions for Mandiant Incident Response (IR) services you might need in the event of a cyber incident
- Define hourly rates for all incident response-related services and technologies
- Make no minimum financial commitment or pay no annual cost
- Incur costs only if you engage Mandiant Incident Response services
- Get support is based on best effort and current availability
- Receive no guaranteed service level agreement (SLA) for this tier
- Gain access to the Mandiant technology stack
Tier 2: Prepaid hours and service level commitment
- Establish terms and conditions for Mandiant Incident Response (IR) services
- Gain peace of mind with an SLA that provides a first responder (after declaration acceptance) within 24 hours
- Prepay for a block of Mandiant support hours at a discounted rate
- Purchase additional support hours at a discounted rate
- Gain access to the Mandiant technology stack
- Work with Mandiant experts to evaluate and improve your current incident preparedness and response capabilities
Tier 3: Prepaid services and service level commitment
- Establish terms and conditions for Mandiant Incident Response (IR) services
- Gain peace of mind with an SLA that provides a first responder (after declaration acceptance) within 24 hours
- Prepay for a customizable set of Mandiant consulting services
- Purchase Mandiant incident response support hours at our lowest rate
- Gain access to the Mandiant technology stack
- Work with Mandiant experts to evaluate and improve your current incident preparedness and response capabilities
| Feature | Tier 1 | Tier 2 | Tier 3 |
|---|---|---|---|
| Pre-negotiated terms and conditions for IR services | Yes Yes | Yes Yes | Yes Yes |
| 24/7 IR service request hotline/email | Yes Yes | Yes Yes | Yes Yes |
| Service level agreement (SLA) | Best effort Best effort | Yes Yes | Yes Yes |
| Discounted Mandiant support hours | No No | Prepaid, with additional hours as needed Prepaid, with additional hours as needed | As needed As needed |
| Proactive Mandiant services | No No | Can apply unused retainer hours toward Mandiant service Can apply unused retainer hours toward Mandiant service | Purchase bundle of proactive service to be delivered during term of the retainer Purchase bundle of proactive service to be delivered during term of the retainer |
| Incident preparedness services | No No | Yes Yes | Yes Yes |
Related products and services
Response Readiness Assessment
Provides an easy, effective way to evaluate and improve your ability to detect, respond to and contain advanced attacks.
FireEye as a Service
Extends your security team with experts from FireEye who will monitor your network for threats around the clock.
FireEye iSIGHT Intelligence
Combines adversary intelligence with breach victim and machine-based intelligence for a full 360° view of threats.
Related resources
Data sheet
Incident Response Retainer
Incident Response Retainer Solutions Brief
Webinar
Breach Readiness: Next Generation of Incident Preparedness
Ready to get started?
Our security experts are standing by to help you with an incident or answer questions about consulting services.