HomeContactSite MapPrivacy Policy
         
CompanyProfessional ServicesEducationSoftwareResources
Overview
Incident Response
Computer Forensics
Computer Forensics
Application Security
Network Security
Research & Development
Services by Industry
 
 

Services by Industry

FINANCIAL SERVICES

  

GOVERNMENT
     

LEGAL

  

E-COMMERCE
     

REGULATORY

  

MERGER & ACQUISITION

FINANCIAL SERVICES

Elements of Risk

Financial services use numerous custom and proprietary web applications for client, partner and consumer access. These applications and the back-end systems that provide support must be built in a manner that ensures that the data is protected from unauthorized access and adheres to industry standard privacy regulations.

Web application evaluations are historically executed in an unstructured environment, leading to an increased risk to the organization. A number of factors contribute to this increased risk:

  • Budget limitations in I.T. and Security divisions
  • I.T. divisions are often not trained to perform in-depth code and application functionality reviews
  • Proprietary applications created in-house are often more susceptible to exploitation than their commercial counterparts

Services Performed to Reduce Risk

  • Application Security Reviews
  • Penetration Testing
  • Architecture and Configuration Reviews
  • Secure Software Development Life Cycle Training
  • Incident Response

MANDIANT Answer

MANDIANT provides a structured pricing plan that allows financial service organizations to test numerous applications at a reasonable rate.

MANDIANT creates a blended comprehensive application audit program that encompasses manual and automated reviews suitable for one-off or scheduled testing.

back to top


GOVERNMENT

Elements of Risk

Government agencies recognize that the stakes are high in defending their networks from cyber-threats. Their networks are targeted by persistent, sophisticated and frequent attacks by skilled adversaries. The Department of Defense claims the largest network on the planet, and our government's Internet presence is the most complex and difficult network to defend. In addition to the high attack threat, our government agencies own staunchly regulated networks, with a higher dedication to information security than ever. Government agencies have literally hundreds of laws, regulations, standards, and guidelines published to direct their information security efforts.

With a wide variety of skill sets among personnel, limited resources, and the widest range of new and legacy applications commingled on their networks, many government agencies are confronted with complex challenges and protracted, long-term efforts to adhere to these standards and adequately secure their networks. In order to meet these complex challenges, the Government requires highly-tailored training relative to the "state-of-the-art" technologies they face every day.

Services Performed to Reduce Risk

  • Education
  • Security Strategy and Sustained Compliance

MANDIANT Answer

MANDIANT has assisted government agencies in interpreting the standards, legislation, and regulations that apply to their agency, then developing an organizational structure that supports a sustained effort to identify, implement, and verify efforts to implement a strong security program to meet their requirements.

MANDIANT provides a hand-on, immersive education experience taught by instructors that have counterintelligence, computer crime, and information warfare backgrounds. MANDIANT has cleared instructors that have trained hundreds of federal agents and DoD personnel.

back to top


LEGAL

Elements of Risk

Nearly everyone is using computers to store personal information, communicate with others via e-mail and instant messaging, perform business transactions, and even to attack or "hack" into other computer systems. Therefore, it is not unusual that evidence critical to a criminal, civil, or administrative matter may be stored in electronic format on computer media. In fact, over 93 percent of all information produced in 1999 was in digital format. (In Re Bristol-Myers Squibb Securities Litigation, 205 F.R.D. 437, 440, fn2 (2002) [citing UC Berkeley Study]). Therefore, lawyers will continue to be challenged with obtaining electronic evidence from computer systems in an expeditious and cost effective manner. Most firms that perform electronic evidence production do not always have the capability and expertise to perform an in-depth forensic examination, interpreting technical evidence and offering highly credentialed opinions. In fact, many attorneys must ask "How good is my expert? Will his opinions, techniques, and findings carry more weight than the opposing expert?"

Services Performed to Reduce Risk

  • Computer Forensics Examinations
  • Litigation Support
  • Electronic Evidence Data Hosting
  • Electronic Evidence Management System


MANDIANT Answer

When you need electronic data preserved, reviewed, and produced, MANDIANT provides the premiere solutions to assist in:

  • Electronic Evidence Consulting
  • Computer Forensics Examinations
  • Expert Witness Support
  • Data Recovery and Analysis
  • Electronic Evidence Data Hosting and Management

back to top


E-COMMERCE

Elements of Risk

Online purchasing has been steadily on the rise since the World Wide Web first was used to sell and purchase flowers in 1994. Business to business Internet transactions also continue to rise steadily. Today retail, manufacturing, and high-tech companies transact millions of dollars across the Internet daily. Where money goes, crime follows. Today there are more attacks against E-Commerce sites and their clients than ever before. The following recent headlines demonstrate the damage that can be caused by a computer security incident:

"40 Million Credit Cards Exposed - Payment Processor Blamed in Mishap"
"Bank Security Breach may be Biggest Yet"

With such risk to one's reputation and brand, online vendors and E-Commerce providers must safeguard their sensitive clients with proper resources and diligent auditing of these safeguards.

Today, viruses, malware and hackers are specifically targeting sensitive client, personnel and corporate data. These compromises have material and tangible business impact with direct loss of money, as well as intangible damages from harm to an organization's reputation and loss of customer confidence. Should a breach of security occur, companies must also respond to the incident, handling it quickly and effectively. Such incident response requires the most experienced and skilled security professionals - an asset very few firms can offer.

Services Performed to Reduce Risk

  • Network and Application Security
  • Incident Response
  • Education


MANDIANT Answer

MANDIANT helps clients be proactive, as well as "responsive" when approaching security. For proactive steps, MANDIANT will assist you in:

  • Shoring up defenses in your Web applications
  • Ensuring your E-Commerce presence has appropriate architecture and network-based safeguards
  • Providing strong database security testing and proactive safeguards to database security

MANDIANT also assists firms in being proactively responsive. We assist firms in preparing to respond to an incident should any of the perceived threats to an organization become a reality. Specifically, MANDIANT can assist your firm in:

  • Developing a structured Incident Response program
  • Performing due diligence investigations into an incident
  • Formally test and assess your Incident Response plan with dry-run exercises
  • Prove to executives that all possible proactive and reactive measures were taken to make the organization more secure

back to top


REGULATORY

Elements of Risk

Organizations are continually confronted with emerging information security standards, legislation, and regulations. Sarbanes-Oxley, HIPAA, Gramm-Leach-Bliley, FISMA, California's SB 1386, and hundreds of other published documents are increasing the requirements to secure information. In 2005 and 2006, 15 states will enact state legislation that compels organizations to notify clients and/or its employees should a computer security breach occur - and the guidance is getting more definite and stringent.

Organizations often have a disjointed approach when responding to the emerging requirements - the CFO may champion the response to SOX requirements, the Privacy Officer supervises the compliance with the FTC Safeguards rule, while the I.T. security folks address the state legislation. Such an approach increases the already difficult burden of compliance, because disjointed resources are managing efforts that require many of the same people, technology, and processes to appropriately address. There are many roadblocks and diversions on the road to a structured, strong information security program:

  • Senior management may not provide concise guidance when presented with the question: "How good do we want our Information Security to be?"
  • An organization may never define a target benchmark
  • Failure to realize that compliance is a large gray area
  • Failure to understand that compliance is not a point-in-time issue, but a challenge that requires a sustained, manageable effort
  • Inability to demonstrate that a process exists, ensuring a sustained effort to secure the enterprise

Services Performed to Reduce Risk

  • Strategic Security & Sustained Compliance
  • Network & Application Security
  • Education


MANDIANT Answer

MANDIANT can assess and implement change to ensure sustained compliance with the applicable requirements to your industry.

MANDIANT can assess your current information security program requirements beyond a checklist. Having assessed dozens of programs, we have learned creative and clever ways organizations have addressed complex compliance issues.

MANDIANT offers on-site "CISO Support" to allow organizations to extend their resources using MANDIANT professionals to assess, implement and manage change within an organization's information security program.

back to top


MERGER & ACQUISITION

Elements of Risk

Mergers, acquisitions, roll-ups and consolidations occur in business. It is common practice and due diligence to examine the financial and operational health of the companies involved. This often requires the collection of electronic data, including e-mail, documents, and other relevant data from the key participants in the transaction. It is often critical to determine if all relevant data has been identified, collected in a forensically sound and useful manner, and produced to the appropriate reviewers in a secure, easy to review fashion.

Services Performed to Reduce Risk

  • Civil Litigation
  • Computer Forensics
  • Electronic Evidence Discovery
  • Electronic Evidence Management


MANDIANT Answer

MANDIANT has an average of 15 years experience in handling important cases and important data. We understand how to quickly and efficiently identify, collect, minimize, and produce the data that needs to be reviewed.


back to top