Mandiant releases Intelligent Response discovery tools

Mandiant's new set of electronic evidence discovery tools perform post-breach analysis tests to accelerate the response process

Mandiant introduced new incident response automation technology that promises to perform the first set of post-breach analysis tests the IT security company would provide via its breach investigation services.

Having already launched several free forensics applications via its Web site, the breach consulting services provider is hoping to cash in on demand for its incident management skills with the new set of electronic evidence discovery (EED) and corporate investigation tools.

Labeled as Mandiant Intelligent Response 1.0 (MIR) and targeted initially at large enterprises in the financial services, health care, and ISP verticals -- company officials contend that large customers are ready to invest in applications that could save them millions on post-breach analysis services.

"We think large and mid-tier enterprises have the capability to use this technology, those that are fortunate enough to have the type of people who can respond, but who might not have standing armies to do so," said Jim Hansen, chief operating officer of Mandiant. "These are difficult skills that we provide, and these tools allow customers to accelerate the response process before someone like us can get there."

Hansen said that combined with his company's services, the incident forensics applications, delivered in an appliance form-factor, also extend the consulting provider's breach investigation capabilities.

The faster that companies can begin the data mining and incident analysis process after a breach, the more likely they are to discover exactly what type of problem has occurred and deduce whether they might be forced to publicly report any data exposures, the expert contends.

The cost of reporting data incidents -- both in terms of issuing immediate breach notifications and responding to any subsequent impact on business, including regulatory fines -- has created a market where enterprises with high-risk information and compliance concerns are ready to invest in software that may give them a leg up in the investigation process, Hansen said.

"This is a way to begin creating an incident response system with a full audit trail at the push of a button. [It's] something that's going to give teams a head start on the electronic data discovery process," said Hansen. "We're still doing a majority of our business answering response calls, but this product can help investigators get started."

The appliance will also arm incident response teams with analysis documentation that can be submitted as part of any legal activity related to a breach or inquiries about the resulting investigation process itself, he said.

The executive maintains that the set of data aggregation, analytics, and reporting tools represents a new breed of electronic forensics automation software. Rather than competing with existing discovery applications, Hansen said that MIR was built to integrate with and aggregate from those systems with which the product may be linked via its open API, Hansen said.

The individual software modules residing on the Intel-based appliance, which runs on Linux, consist of an endpoint forensic agent, a controller that handles data aggregation and analysis duties, and its console, which offers a Web-based interface that can be accessed remotely over the Web.

For now, MIR will only provide analysis of Windows-based systems, but Mandiant said it is already looking to build versions of the appliance that can be dropped into different environments.

At $86,500, not including additional support and services costs, the MIR appliance is clearly aimed at large customers, but Hansen said that Mandiant is considering development of a cheaper, more lightweight device or software package aimed at smaller environments. The company may even create a version of the tools to be delivered via a software-as-a-service model, he said.

Some industry watchers said the Mandiant system may even allow customers to stay ahead of potential incidents, shifting elements of the electronic discovery process from a reactive measure to a preventative exercise.

"Mandiant Intelligent Response can change the negative perception associated with rapid evidence discovery by providing a unique collaborative environment that enables remote identification, collection, analysis, and reporting of electronic evidence," said Charles Kolodgy, analyst at IDC. "By fostering precision collection, organizations can avoid gathering incorrect or incomplete data and wasting critical moments when responding to time-sensitive matters."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?