Mandiant releases Intelligent Response discovery tools

Mandiant's new set of electronic evidence discovery tools perform post-breach analysis tests to accelerate the response process

Mandiant introduced new incident response automation technology that promises to perform the first set of post-breach analysis tests the IT security company would provide via its breach investigation services.

Having already launched several free forensics applications via its Web site, the breach consulting services provider is hoping to cash in on demand for its incident management skills with the new set of electronic evidence discovery (EED) and corporate investigation tools.

Labeled as Mandiant Intelligent Response 1.0 (MIR) and targeted initially at large enterprises in the financial services, health care, and ISP verticals -- company officials contend that large customers are ready to invest in applications that could save them millions on post-breach analysis services.

"We think large and mid-tier enterprises have the capability to use this technology, those that are fortunate enough to have the type of people who can respond, but who might not have standing armies to do so," said Jim Hansen, chief operating officer of Mandiant. "These are difficult skills that we provide, and these tools allow customers to accelerate the response process before someone like us can get there."

Hansen said that combined with his company's services, the incident forensics applications, delivered in an appliance form-factor, also extend the consulting provider's breach investigation capabilities.

The faster that companies can begin the data mining and incident analysis process after a breach, the more likely they are to discover exactly what type of problem has occurred and deduce whether they might be forced to publicly report any data exposures, the expert contends.

The cost of reporting data incidents -- both in terms of issuing immediate breach notifications and responding to any subsequent impact on business, including regulatory fines -- has created a market where enterprises with high-risk information and compliance concerns are ready to invest in software that may give them a leg up in the investigation process, Hansen said.

"This is a way to begin creating an incident response system with a full audit trail at the push of a button. [It's] something that's going to give teams a head start on the electronic data discovery process," said Hansen. "We're still doing a majority of our business answering response calls, but this product can help investigators get started."

The appliance will also arm incident response teams with analysis documentation that can be submitted as part of any legal activity related to a breach or inquiries about the resulting investigation process itself, he said.

The executive maintains that the set of data aggregation, analytics, and reporting tools represents a new breed of electronic forensics automation software. Rather than competing with existing discovery applications, Hansen said that MIR was built to integrate with and aggregate from those systems with which the product may be linked via its open API, Hansen said.

The individual software modules residing on the Intel-based appliance, which runs on Linux, consist of an endpoint forensic agent, a controller that handles data aggregation and analysis duties, and its console, which offers a Web-based interface that can be accessed remotely over the Web.

For now, MIR will only provide analysis of Windows-based systems, but Mandiant said it is already looking to build versions of the appliance that can be dropped into different environments.

At $86,500, not including additional support and services costs, the MIR appliance is clearly aimed at large customers, but Hansen said that Mandiant is considering development of a cheaper, more lightweight device or software package aimed at smaller environments. The company may even create a version of the tools to be delivered via a software-as-a-service model, he said.

Some industry watchers said the Mandiant system may even allow customers to stay ahead of potential incidents, shifting elements of the electronic discovery process from a reactive measure to a preventative exercise.

"Mandiant Intelligent Response can change the negative perception associated with rapid evidence discovery by providing a unique collaborative environment that enables remote identification, collection, analysis, and reporting of electronic evidence," said Charles Kolodgy, analyst at IDC. "By fostering precision collection, organizations can avoid gathering incorrect or incomplete data and wasting critical moments when responding to time-sensitive matters."

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?