Texture Top Right Red 02

Incident Response Services

Resolve cyber security incidents quickly, efficiently and at scale

Your business is your top priority. At best, cyber attacks are a distraction. At their worst, they can cripple your operations.

FireEye Mandiant has dedicated cyber incident responders in over 30 countries to help you quickly investigate cyber incidents and thoroughly remediate the environment, so you can get back to what matters most: your business. On the frontlines of cyber incident response since 2004, Mandiant has investigated some of the most complex breaches worldwide. We have a deep understanding of both existing and emerging threat actors and their rapidly changing tactics, techniques and procedures.

Our consultants combine investigative and remediation expertise with industry-leading threat intelligence and network and endpoint technology to help you with a wide range of activities — from technical response to crisis management. Whether you have 1,000 or 100,000 endpoints, FireEye Mandiant consultants can be up and running in a matter of hours, analyzing your networks for malicious activity. All to help you get back to business as usual with confidence- quickly and efficiently.

Complete cyber incident response

Complete cyber incident response

From investigation to crisis management, Mandiant incident response helps resolve all aspects of cyber breaches with industry-leading expertise, from thorough technical investigation to containment and recovery.

Industry-leading cyber threat intelligence

Industry-leading cyber threat intelligence

Industry-leading threat intelligence gives investigators the edge, helping understand attacker motivations and the tools, techniques and procedures (TTPs) attackers they use.

24/7 incident response coverage

24/7 incident response coverage

After-hours coverage provided by FireEye Managed Defense for peace of mind that you are seamlessly protected 24/7 during investigation and remediation.

Cyber Incident Response Features

Frontline expertise

Frontline expertise

Mandiant has been on the frontlines of cyber incident response since 2004. From cyber espionage to crippling network attacks, Mandiant has the know-how to quickly identify what was compromised, assess the pathway to attack and remediate the breach so you can resume regular business activities.

Rapid response to remediation

Rapid response to remediation

Speed of response and analysis is critical to containing an incident and limiting damage. Whether you are a small firm with few endpoints or a global enterprise with 100,000 endpoints, Mandiant experts can start work within hours and rapidly analyze your entire network for signs of malicious activity.

Hands on remediation support

Hands on remediation support

Hands-on keyboard support to help you implement remediation recommendations, assuring thorough a remediation to help you get back to business as usual faster and reduce the risk of future compromise.

Purpose-built technology

Purpose-built technology

Purpose-built FireEye endpoint technology, network sensors, analytics platforms and more, deployed on-premise or in the cloud. Save time and money using only the technology you need with the speed and convenience of cloud accessibility.

Global footprint, local experts

Global footprint, local experts

Dedicated Mandiant incident responders in over 30 countries worldwide provide a firsthand local knowledge and native language fluency. In-region experts bring greater regional context as well as rapid response to your on-site security needs.

Dedicated research and reverse-engineering

Dedicated research and reverse-engineering

FireEye FLARE reverse engineers analyze malware and write custom decoders and parsers to provide insight into the capabilities and TTPs used by attackers.

Crisis management

Crisis management

Incident responders have years of experience advising clients on incident-related communications — including executive communications, public relations and disclosure requirements.

Tales From The Trenches

Mandiant incident response in action

Stopping attacker before ransomware attack is launched

A large insurance company was targeted by an attacker known to deploy ransomware and extort victims for millions of dollars. Mandiant stopped the attacker before ransomware was deployed and confirmed no evidence of data theft.

Forrester New Wave logo

FireEye was named a Leader in the Forrester Wave:
Cybersecurity Incident Response Services, Q1 2019

Eliminate sluggish incident response

An IDC study examines next-generation security problems and their solutions, providing helpful recommendations to strengthen your incident response programs.

Unparalleled speed to response

In a recent case, Mandiant consultants deployed investigative tools over 18,000 client endpoints and confirmed an attack within four hours of initial engagement. All endpoints were analyzed and the attack contained in under a week. The client resumed normal operations just five days later.

Post-engagement deliverables

At the end of an investigation, you’ll know the full scope of the incident, including:

  • Affected applications, networks, systems and user accounts
  • Malicious software and exploited vulnerabilities
  • Information accessed or stolen

All critical information will be detailed and documented in three actionable reports:

  • Executive summary: Summarizes investigative process, major findings and containment/eradication activities.
  • Investigative report: Details attack timeline and critical path with a list of affected computers, locations, user accounts and information.
  • Remediation report: Details containment and eradication measures and includes strategic recommendations to enhance your organization’s security posture.

Types of incidents Mandiant commonly investigates

Intellectual property theft

Intellectual property theft

Theft of trade secrets or other sensitive information.

Financial crime

Financial crime

Payment card data theft, illicit ACH/EFT cash transfers, extortion and ransomware.

Personally identifiable information (PII)

Personally identifiable information (PII)

Exposure of information used to uniquely identify individuals.

Protected health information (PHI)

Protected health information (PHI)

Exposure of protected health care information.

Insider threats

Insider threats

Inappropriate or unlawful activity performed by employees, vendors and other insiders.

Destructive attacks

Destructive attacks

Attacks solely intended to cause the victim organization hardship by making information or systems unrecoverable.

Related resources

Breached?

If your organization needs immediate assistance for a possible incident or security breach, please contact us.

+1 866-962-6342 1800 469 290 0800 296 251 0800 770 55 +1 866-962-6342 80 25 30 75 0800 902383 0800 181 7231 800 900 376 000 8001 007895 1800 903540 0800 871922 +81 3 4577 4401 800 2 5630 1800 81 8007 0800 453 552 0 800 023 2658 800 69 007 800 814 6703 800 101 3079 00 7 981 4207 6215 0900 808 064 020 028 5906 0800 848030 00801 13 6649 001 800 15 6 203 0039 8000 184 619 0808 178 2744 +1 703-996-3012