Mandiant has just announced the release of Mandiant Intelligent Response (MIR) v.2.0, featuring powerful, host-based incident response capabilities for enterprises. You may not have heard of Mandiant, unless you are currently involved in Security Incident Response. Mandiant is a leading provider of incident response and computer forensics solutions and services. Headquartered in Alexandria, Va., with offices in New York, Los Angeles and San Francisco, Mandiant provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and leading U.S. law firms.
Mandiant believes as I do, that an incident within your organization WILL take place, regardless of the efforts that are put in place to mitigate, prevent and detect threat events. Many security safeguards simply cannot keep pace with today’s modern, mult-faceted, targeted attacks. Many organizations rely exclusively on inadequate, out-dated, and ineffective preventive measures and do not plan for the eventuality of compromise. MIR 2.0 extends beyond traditional threat detection products to protect enterprise assets and tackle unpredictable events. Intelligent Response lowers risk by decreasing response time after a breach, and ensures containment by identifying every host compromised in an attack. Security teams can respond remotely to any host in minutes rather than hours, improving containment, reducing an attacker’s window of opportunity, and speeding the organization’s return to normal business operations.
MIR 2.0 is fueled by Indicators of Compromise, (many of my colleagues will remember my nagging talks about precursors and indicators…) XML-based descriptors of malicious activity that allow an organization to sweep tens of thousands of endpoints in search of compromised hosts. Mandiant’s IoCs are developed through a combination of external and internal intelligence sources, enabling organizations to benefit from threat intelligence derived from breaches in other environments.
MIR 2.0 features and benefits include:
- Rapid live response through pre-deployed agents delivers remote forensic access to any system
- On-host analysis enables full investigation over slower WAN links without waiting for memory or disk image downloads.
- Security-focused hybrid disk/memory forensics delivering insightful analysis impossible to achieve with conventional tools.
- Targeted data acquisition featuring powerful filtering capabilities within the agent, returns only the most critical data needed, from thousands of hosts at a time.
- Guided analysis using Mandiant “Redline” to rapidly triage hosts for malware.
In today’s climate of quick-striking, undetected, sleeper breaches, security teams are under the gun more than ever to exercise rapid response capabilities, minimize risk exposure, and execute incident response best practices. As detective and preventative controls fail due to clever coding, surreptitious installation methods, or unforeseen developments, it is imperative to have a quick, consistent and reliable incident response process, plan and tool. Add this one to your arsenal, and while you are on their website, Mandiant offers several excellent FREE incident response focused products.