Texture Top Right Red 02

Incident Response Services

Resolve cyber security incidents quickly, efficiently and at scale

Your business is your top priority. At best, cyber attacks are a distraction. At their worst, they can cripple your operations.

Mandiant, a FireEye company, has dedicated incident responders in over 30 countries to help you quickly investigate and thoroughly remediate attacks, so you can get back to what matters most: your business. Mandiant helps protect you with more than a decade of experience responding to thousands of incidents and conducting intrusion investigations.

Our consultants combine their expertise with industry-leading threat intelligence and network and endpoint technology to help you with a wide range of activities — from technical response to crisis management. Whether you have 1,000 or 100,000 endpoints, our consultants can be up and running in a matter of hours, analyzing your networks for malicious activity.

Mandiant consultants respond to a wide variety of incidents

Intellectual property

Intellectual property

Theft of trade secrets or other sensitive information

Financial crime

Financial crime

Payment card data theft, illicit ACH/EFT cash transfers, extortion and ransomware

Personally Identifiable Information (PII)

Personally Identifiable Information (PII)

Exposure of information used to uniquely identify individuals

Destructive attacks

Destructive attacks

Attacks solely intended to cause the victim organization hardship by making information or systems unrecoverable

Insider threats

Insider threats

Inappropriate or unlawful activity performed by employees, vendors and other insiders

Protected Health Information (PHI)

Protected Health Information (PHI)

Exposure of protected health care information

The Mandiant incident response difference

Complete incident response from investigation to crisis management

Mandiant incident response helps resolve all aspects and impacts of cyber breaches. Our services include the thorough technical investigation, containment and recovery Mandiant is known for. You’ll also have access to crisis and communications management to handle internal politics, brand protection and legal liability.

Expertise backed by adversary, victim and MVX-driven intelligence

A broad collection of intelligence sources give our responders the edge they need to confront emerging attacks and attackers. We draw on adversary and product intelligence to understand what tools, techniques and procedures (TTPs) attackers are using, why they’re attacking you, and what they’re after. Victim intelligence allows us to better understand the risks and vulnerabilities typical to your industry and better prioritize our response activities.

Expertise backed by cloud & on-premise technologies

Mandiant incident response brings the full suite of FireEye products to our investigations. This includes on-premise or cloud-based endpoint technology, network sensors and analytics platforms. They are deployed according to the requirements of your threat and environment, whether Windows, Linux or MacOS.

Eliminate sluggish incident response

An IDC study examines next-generation security problems and their solutions, providing helpful recommendations to strengthen your incident response programs.

Unparalleled speed to response

In a recent case, Mandiant consultants deployed investigative tools over 18,000 client endpoints and confirmed an attack within four hours of initial engagement. All endpoints were analyzed and the attack contained in under a week. The client resumed normal operations just five days later.

Post-engagement deliverables

At the end of an investigation, you’ll know the full scope of the incident, including:

  • Affected applications, networks, systems and user accounts
  • Malicious software and exploited vulnerabilities
  • Information accessed or stolen

All critical information will be detailed and documented in three actionable reports:

  • Executive summary: Summarizes investigative process, major findings and containment/eradication activities.
  • Investigative report: Details attack timeline and critical path with a list of affected computers, locations, user accounts and information.
  • Remediation report: Details containment and eradication measures and includes strategic recommendations to enhance your organization’s security posture.


If your organization needs immediate assistance for a possible incident or security breach, please contact us.

+1 866-962-6342 1800 469 290 0800 296 251 0800 770 55 +1 866-962-6342 80 25 30 75 0800 902383 0800 181 7231 800 900 376 000 8001 007895 1800 903540 0800 871922 +81 3 4577 4401 800 2 5630 1800 81 8007 0800 453 552 0 800 023 2658 800 69 007 800 814 6703 800 101 3079 00 7 981 4207 6215 0900 808 064 020 028 5906 0800 848030 00801 13 6649 001 800 15 6 203 0039 8000 184 619 0808 178 2744 +1 703-996-3012