Quick navigation

FireEye

Mandiant Incident Response Services from FireEye

Investigate, contain and remediate critical security incidents

Value Proposition

Problem

Your business is your top priority. At best, attacks are a distraction. At their worst, they can cripple your operations. The need to conduct an incident response (IR) can strike at any time. And when an enterprise-level incident transpires, and an incident response is initiated, an organization faces several challenges that can impact the ability to perform a comprehensive investigation as part the cyber incident response.

Solution

Mandiant incident response helps resolve all aspects and impacts of cyber breaches. Our services include the thorough technical investigation, containment and recovery Mandiant is known for. You;ll also have access to crisis and communications management to handle internal politics, brand protection and legal liability. Mandiant has more than a decade of experience at the forefront of cyber security and intrusion investigations. We combine investigative and remediation expertise gained by responding to thousands of incidents with FireEye's industry-leading threat intelligence and cutting edge network and endpoint technology.

Main Activities

Deploy the technology most appropriate for a fast and comprehensive incident response
Investigate initial client-provided leads to start building Indicators of Compromise (IOCs) that will identify attacker activity while sweeping the environment for all indicators of malicious activity.
Crisis management planning: Work with executives, legal teams, business leaders and senior security personnel to develop a crisis management plan
Crisis management planning: Work with executives, legal teams, business leaders and senior security personnel to develop a crisis management plan
Incident scoping: Monitor real-time attacker activity and search for forensic evidence of past attacker activity to determine the scope of the incident

Damage assessment: Identify impacted systems, facilities, applications and information exposure
Remediation: Develop a custom containment and remediation strategy based on the actions of the attacker and tailored to the needs of the business in order to eliminate the attacker’s access and improve the security posture of the environment to prevent or limit the damage from future attacks
Deliver Executive, investigative and remediation reports that withstand third party scrutiny

Key Differentiators

Expertise backed by adversary, victim and MVX-driven intelligence
Expertise backed by cloud & on-premise technologies
More than a decade of experience at the forefront of cyber security and intrusion investigations

Combines investigative and remediation expertise gained by responding to thousands of incidents with FireEye’s threat intelligence, network and endpoint technology
The use of cloud and on-premise solutions allow investigations to begin immediately, while managing client data privacy concerns.
Industry-leading reverse engineers and researchers