Mandiant Incident Response Services
Investigate and remediate computer security incidents
Since 2004, Mandiant has focused on incident response services. It is our primary area of expertise. Mandiant has responded to thousands of breaches across all industries, organization sizes, and technical environments, and provided incident response services to mitigate the effects of many of the largest and most impactful cyber breaches in the past several years.
Mandiant Incident Response Services specializes in investigating intrusions and targeted attacks performed by advanced threat groups. Our consultants use proprietary technology, creative investigative techniques, and intelligence gathered during each investigation to improve our ability to identify the actions of the attacker, the scope of the breach, the data loss, and the steps required to remove the attackers access. We also learn how to better re-secure the network.
As part of Incident Response Services, Mandiant consultants have investigated:
These attackers steal sensitive data that supports a nation-state's economic, political, or military objectives.
Systems used by employees, board members, and other insiders suspected of inappropriate or unlawful activity.
Focused on financial gain, these attackers conduct payment card fraud, illicit ACH/EFT cash transfers, and ATM cash draw-downs at merchants while targeting payment processors and financial institutions.
These attackers tend to be semi-state sponsored and play by their own rules. They are highly sophisticated and financially motivated. These attackers steal sensitive data for personal gain or profit.
What You Get
- Years of investigative experience
- Unparalleled threat intelligence
- Proprietary tools and technology
- Incident management experience
- Remediation experience
This IDC study examines current cyber security issues and provides recommendations to help organizations strengthen their incident response programs.
"...the central narrative stayed the same: far too many organizations were unprepared for the inevitable breach, allowing attackers to linger far too long in compromised environments."
- M-Trends 2015
Incident Response Services focuses on helping organizations recover from data security breaches while minimizing the impact of the event on the organization. Major activities performed during an investigation include:
Assessing the Situation
Each investigation begins by gaining an understanding of the current computer security incident. This also includes understanding what steps you have already taken to investigate or address the situation.
Perform Enterprise Investigation
Leveraging Mandiant and FireEye technologies, we quickly search large, complex networks for evidence of attacker activity.
Providing Management Direction
During each incident response investigation our consultants works closely with your management and internal/external legal counsel to provide detailed, structured, and frequent status reports that communicate findings and equip you to make the right business decisions.
Developing Investigative Reporting
We provide a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences, including senior management, technical staff, third party regulators, insurers, and litigators.
Verifying Client Objectives
The next step is to define objectives that are practical and achievable.
Our consultants collect evidence with forensically sound procedures and document evidence handling with chain-of-custody procedures that are consistent with law enforcement standards.
Mandiant draws on skills that range from host and network forensic analysis across all platforms to malware reverse engineering and log analysis to determine the attack vector, establish a timeline of activity, and identify the extent of the compromise.
Developing Remediation Plans
Incident Response Services includes a comprehensive remediation plan that both eliminates the attackers from the environment and implements new security controls to reduce the likelihood of a recompromise.