Incident Response Services Datasheet
Handle critical security incidents, resolve immediate issues and put solutions in place to address systemic causes of the incident
Mandiant specializes in investigating large-scale intrusions performed by the most advanced threat groups. Over the course of hundreds of investigations, Mandiant has developed expertise and intelligence that enables its consultants to identify the actions of the attacker, the scope of the compromise and what data was lost—in some of the world’s largest breaches. Mandiant consultants draw on a range of unique skills, experience, and technology to resolve each incident, remove the attacker and re-secure the network.
The Mandiant Difference
Technical & investigative skills developed over the course of hundreds of investigations.
Profiles of key attack groups including their tools, practices and objectives along with corresponding Indicators of Compromise.
Proprietary tools that automate investigative tasks and enable network traffic and host-based artifacts to be rapidly evaluated—even across networks that contain hundreds of thousands of systems.
Law enforcement relationships
Long-standing relationships with law enforcement allow Mandiant to collaborate on investigations and share information when appropriate and approved by our clients.
Experience providing guidance and advice on the business impact of computer security decisions.
Dedicated malware team
A team focused solely on reverse engineering malicious software and researching the latest exploits.
Experience with Multiple Threat Actors
Different attacks require different approaches. Some of the most common situations Mandiant has faced include:
Analyzing systems used by employees, board members and other insiders suspected of inappropriate or unlawful activity.
Investigating payment card fraud, illicit ACH/EFT cash transfers and ATM cash draw-downs at merchants, payment processors and financial institutions.
Addressing the theft of intellectual property, trade secrets and other sensitive data across virtually every industry.
Security incidents can occur at unexpected times. When organizations are confronted with a critical security event, Mandiant’s experienced consultants will verify the nature of the incident, investigate and scope the intrusion and remediate it. Mandiant has conducted investigations across all major industries including:
- Defense Contractors
- Financial Services
Oil and Gas
Mandiant’s Incident Response Services handle critical security incidents, resolve immediate issues and put long-term solutions in place to address systemic causes of the incident.
Mandiant is focused on helping organizations recover from computer security events while minimizing the impact of the event on the organization. The major activities Mandiant performs during an investigation are:
Assessing the situation
Each investigation begins by gaining an understanding of the current situation. How was the issue detected? What data has been collected? What steps have been taken? What does the environment look like?
Verifying client objectives
The next step is to define objectives that are practical and achievable. The goal may be to identify data loss, recover from the event, determine the attack vector, identify the attacker—or some combination of those objectives.
Mandiant consultants collect information with forensically sound procedures and document evidence handling with chain-of-custody procedures that are consistent with law enforcement standards.
Based on the evidence that is available and the client’s objectives, Mandiant draws on skills that range from forensic imaging to malware and log analysis in order to determine the attack vector, establish a timeline of activity and identify the extent of the compromise.
Providing management direction
During each investigation, Mandiant works closely with client management to provide detailed, structured and frequent status reports that communicate findings and equip its clients to make the right business decisions.
Developing remediation plans
Remediation plans vary depending on the extent of the compromise, the size of the organization and the tactics/objectives of the attacker. As part of an investigation, Mandiant delivers a comprehensive remediation plan and assists with the implementation.
Developing investigative reporting
Mandiant provides a detailed investigative report at the end of every engagement that addresses the needs of multiple audiences including senior management, technical staff, third party regulators, insurers and litigators.
Mandiant’s specialized skills and technology have enabled it to resolve some of the most sophisticated attacks including the following situations:
Multiple attack groups
Mandiant frequently faces multiple attack groups working concurrently and independently in the same victim network.
Mandiant routinely reviews tens of thousands of systems for evidence of compromise within the first several weeks of an engagement.
Mandiant has dealt with compromises that have involved up to 25% of all systems within an environment.
Mandiant has implemented remediation approaches in very large networks and in situations where all remediation activities could not occur simultaneously.
Targeted supply chains
Mandiant has investigated intrusions where attackers targeted multiple companies across a supply chain.