Incident Response Services
Resolve security incidents quickly, efficiently and at scale
Your business is your top priority. At best, attacks are a distraction. At their worst, they can cripple your operations.
Mandiant, a FireEye company, has dedicated incident responders in over 30 countries to help you quickly investigate and thoroughly remediate attacks, so you can get back to what matters most: your business.
Mandiant helps protect you with more than a decade of experience responding to thousands of incidents and conducting intrusion investigations. Our consultants combine their expertise with industry-leading threat intelligence and network and endpoint technology to help you with a wide range of activities — from technical response to crisis management. Whether you have 1,000 or 100,000 endpoints, our consultants can be up and running in a matter of hours, analyzing your networks for malicious activity.
The Mandiant difference
Complete incident response from investigation to crisis management
Mandiant helps resolve all aspects and impacts of cyber breaches.
Our services include the thorough technical investigation, containment
and recovery Mandiant is known for. You’ll also have access to crisis
and communications management to handle internal politics, brand
protection and legal liability.
Expertise backed by adversary, victim and MVX-driven intelligence
A broad collection of intelligence sources give our responders the edge they need to confront emerging attacks and attackers. We draw on adversary and product intelligence to understand what tools, techniques and procedures (TTPs) attackers are using, why they’re attacking you, and what they’re after. Victim intelligence allows us to better understand the risks and vulnerabilities typical to your industry and better prioritize our response activities.
Expertise backed by cloud & on-premise technologies
Mandiant brings the full suite of FireEye products to our investigations. This includes on-premise or cloud-based endpoint technology, network sensors and analytics platforms. They are deployed according to the requirements of your threat and environment, whether Windows, Linux or MacOS.
At the end of an investigation, you’ll know the full scope of the incident, including:
- Affected applications, networks, systems and user accounts
- Malicious software and exploited vulnerabilities
- Information accessed or stolen
All critical information will be detailed and documented in three actionable reports:
Executive summary: Summarizes investigative process, major findings and containment/eradication activities.
Investigative report: Details attack timeline and critical path with a list of affected computers, locations, user accounts and information.
Remediation report: Details containment and eradication measures and includes strategic recommendations to enhance your organization’s security posture.
Mandiant in Action:
Unparalleled speed to response
In a recent case, Mandiant consultants deployed investigative tools over 18,000 client endpoints and confirmed an attack within four hours of initial engagement. All endpoints were analyzed and the attack contained in under a week. The client resumed normal operations just five days later.
Mandiant consultants investigate a wide variety of incidents, including:
Theft of trade secrets or other sensitive information
Payment card data theft, illicit ACH/EFT cash transfers, extortion and ransomware
Personally identifiable information (PII)
Exposure of information used to uniquely identify individuals
Attacks solely intended to cause the victim organization hardship by making information or systems unrecoverable
Inappropriate or unlawful activity performed by employees, vendors and other insiders
Protected Health Information (PHI)
Exposure of protected health care information