Incident Response Services

Resolve security incidents quickly, efficiently and at scale

Your business is your top priority. At best, attacks are a distraction. At their worst, they can cripple your operations.

Mandiant, a FireEye company, has dedicated incident responders in over 30 countries to help you quickly investigate and thoroughly remediate attacks, so you can get back to what matters most: your business.

general-man-light-map

Overview

Mandiant helps protect you with more than a decade of experience responding to thousands of incidents and conducting intrusion investigations. Our consultants combine their expertise with industry-leading threat intelligence and network and endpoint technology to help you with a wide range of activities — from technical response to crisis management. Whether you have 1,000 or 100,000 endpoints, our consultants can be up and running in a matter of hours, analyzing your networks for malicious activity.

The Mandiant difference

Complete incident response from investigation to crisis management

Mandiant helps resolve all aspects and impacts of cyber breaches. Our services include the thorough technical investigation, containment and recovery Mandiant is known for. You’ll also have access to crisis and communications management to handle internal politics, brand protection and legal liability.

Expertise backed by adversary, victim and MVX-driven intelligence

A broad collection of intelligence sources give our responders the edge they need to confront emerging attacks and attackers. We draw on adversary and product intelligence to understand what tools, techniques and procedures (TTPs) attackers are using, why they’re attacking you, and what they’re after. Victim intelligence allows us to better understand the risks and vulnerabilities typical to your industry and better prioritize our response activities.

Expertise backed by cloud & on-premise technologies

Mandiant brings the full suite of FireEye products to our investigations. This includes on-premise or cloud-based endpoint technology, network sensors and analytics platforms. They are deployed according to the requirements of your threat and environment, whether Windows, Linux or MacOS.

Post-engagement deliverables

At the end of an investigation, you’ll know the full scope of the incident, including:

  • Affected applications, networks, systems and user accounts
  • Malicious software and exploited vulnerabilities
  • Information accessed or stolen

All critical information will be detailed and documented in three actionable reports:

Executive summary: Summarizes investigative process, major findings and containment/eradication activities.

Investigative report: Details attack timeline and critical path with a list of affected computers, locations, user accounts and information.

Remediation report: Details containment and eradication measures and includes strategic recommendations to enhance your organization’s security posture.

Mandiant in Action:
Unparalleled speed to response

In a recent case, Mandiant consultants deployed investigative tools over 18,000 client endpoints and confirmed an attack within four hours of initial engagement. All endpoints were analyzed and the attack contained in under a week. The client resumed normal operations just five days later.

Mandiant consultants investigate a wide variety of incidents, including:

Intellectual Property

Intellectual Property

Theft of trade secrets or other sensitive information

Financial Crime

Financial Crime

Payment card data theft, illicit ACH/EFT cash transfers, extortion and ransomware

Personally identifiable information (PII)

Personally identifiable information (PII)

Exposure of information used to uniquely identify individuals

Destructive attacks

Destructive attacks

Attacks solely intended to cause the victim organization hardship by making information or systems unrecoverable

Insider Threats

Insider Threats

Inappropriate or unlawful activity performed by employees, vendors and other insiders

Protected Health Information (PHI)

Protected Health Information (PHI)

Exposure of protected health care information