Mandiant releases Intelligent Response discovery tools

Mandiant's new set of electronic evidence discovery tools perform post-breach analysis tests to accelerate the response process

Mandiant introduced new incident response automation technology that promises to perform the first set of post-breach analysis tests the IT security company would provide via its breach investigation services.

Having already launched several free forensics applications via its Web site, the breach consulting services provider is hoping to cash in on demand for its incident management skills with the new set of electronic evidence discovery (EED) and corporate investigation tools.

Labeled as Mandiant Intelligent Response 1.0 (MIR) and targeted initially at large enterprises in the financial services, health care, and ISP verticals -- company officials contend that large customers are ready to invest in applications that could save them millions on post-breach analysis services.

"We think large and mid-tier enterprises have the capability to use this technology, those that are fortunate enough to have the type of people who can respond, but who might not have standing armies to do so," said Jim Hansen, chief operating officer of Mandiant. "These are difficult skills that we provide, and these tools allow customers to accelerate the response process before someone like us can get there."

Hansen said that combined with his company's services, the incident forensics applications, delivered in an appliance form-factor, also extend the consulting provider's breach investigation capabilities.

The faster that companies can begin the data mining and incident analysis process after a breach, the more likely they are to discover exactly what type of problem has occurred and deduce whether they might be forced to publicly report any data exposures, the expert contends.

The cost of reporting data incidents -- both in terms of issuing immediate breach notifications and responding to any subsequent impact on business, including regulatory fines -- has created a market where enterprises with high-risk information and compliance concerns are ready to invest in software that may give them a leg up in the investigation process, Hansen said.

"This is a way to begin creating an incident response system with a full audit trail at the push of a button. [It's] something that's going to give teams a head start on the electronic data discovery process," said Hansen. "We're still doing a majority of our business answering response calls, but this product can help investigators get started."

The appliance will also arm incident response teams with analysis documentation that can be submitted as part of any legal activity related to a breach or inquiries about the resulting investigation process itself, he said.

The executive maintains that the set of data aggregation, analytics, and reporting tools represents a new breed of electronic forensics automation software. Rather than competing with existing discovery applications, Hansen said that MIR was built to integrate with and aggregate from those systems with which the product may be linked via its open API, Hansen said.

The individual software modules residing on the Intel-based appliance, which runs on Linux, consist of an endpoint forensic agent, a controller that handles data aggregation and analysis duties, and its console, which offers a Web-based interface that can be accessed remotely over the Web.

For now, MIR will only provide analysis of Windows-based systems, but Mandiant said it is already looking to build versions of the appliance that can be dropped into different environments.

At $86,500, not including additional support and services costs, the MIR appliance is clearly aimed at large customers, but Hansen said that Mandiant is considering development of a cheaper, more lightweight device or software package aimed at smaller environments. The company may even create a version of the tools to be delivered via a software-as-a-service model, he said.

Some industry watchers said the Mandiant system may even allow customers to stay ahead of potential incidents, shifting elements of the electronic discovery process from a reactive measure to a preventative exercise.

"Mandiant Intelligent Response can change the negative perception associated with rapid evidence discovery by providing a unique collaborative environment that enables remote identification, collection, analysis, and reporting of electronic evidence," said Charles Kolodgy, analyst at IDC. "By fostering precision collection, organizations can avoid gathering incorrect or incomplete data and wasting critical moments when responding to time-sensitive matters."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?