Mandiant Launches Mcirt For 24x7 Detection To Advanced Targeted Threats
New one-of-a-kind offering augments IT teams of Fortune 1000, financial institutions and government agencies with Mandiant’s top threat detection technology, intelligence and expertise
Mandiant, the leader in advanced threat detection and response solutions, today announced the launch of the Mandiant Computer Incident Response Team (MCIRT™) as a means to put Mandiant technology and solutions to work for customers worldwide. MCIRT is the company’s answer for customers who want to proactively detect, respond and contain advanced targeted threats by capitalizing on Mandiant’s technology, expertise and diverse threat intelligence. The announcement was made at the second annual Mandiant Incident Response Conference (MIRcon™) at the Hilton Alexandria Old Town Hotel before more than 250 security executives and incident responders.
“Targeted attacks such as the advanced persistent threat (APT) have moved from government agencies to the defense industrial base to the private sector,” said Mandiant’s Chief Security Officer and Vice President of MCIRT, Richard Bejtlich. “Prior to MCIRT, these organizations had to build large and costly teams to perform the sweeping and hunting tasks necessary to mitigate targeted attacks.”
The MCIRT solution provides organizations with access to the capabilities of Mandiant’s flagship product, Mandiant Intelligent Response®, and Mandiant’s network monitoring solution with the added benefit of having Mandiant’s expert threat analysts sitting behind the wheel. Drawing on precise intelligence about attackers’ tools and tactics, MCIRT sweeps every endpoint in an organization and continuously monitors network traffic, searching for Indicators of Compromise that go well beyond standard signatures. When MCIRT confirms a breach or compromise, it provides detailed and actionable intelligence about what the intruder did along with the specific steps an organization needs to take to respond to and contain the attack.
“Advanced threat actors are humans targeting human vulnerabilities,” said Andrew Hay, senior security analyst at The 451 Group’s Enterprise Security Practice. “As a result, they have little difficulty evading standard preventative defenses of the past decade, such as firewalls, intrusion prevention systems and antivirus software. At a time when advanced threats have escalated in sophistication and pervasiveness, services like MCIRT can help customers be better prepared to stand up to attackers.” The MCIRT solution provides significant benefits to both organizations that already have advanced incident response teams and to those that lack the skills or experience to identify and respond to sophisticated attacks. Some of the specific benefits MCIRT customers realize include:
- Reduced Theft of Assets & Intellectual Property: Advanced targeted attacks are identified rapidly, minimizing an organization’s window of exposure.
- Reduced Cost of Responding to Computer Breaches: Organizations can confirm the true scope of an incident, respond immediately and reduce the need for expensive after-the-fact forensic sleuthing.
- Reduced Disruption to Ongoing Operations: Mandiant precisely identifies the specific devices that are compromised so unaffected employees and processes stay online and are not unnecessarily disrupted by containment and remediation activities.
Reduced Reputational Risk: Organizations are better prepared to identify and contain attacks before they must disclose them to customers, partners and regulators.
MCIRT will feature 24 x 7 monitoring from Mandiant’s new state-of-the-art Security Operations Center, staffed by a team of experts specializing in incident response, reverse engineering and forensic investigation. All incidents are promptly investigated by Mandiant analysts and customers can view details of each incident via the MCIRT Portal or configure automated reports to be delivered via other mechanisms. When surge support is required, customers have access to Mandiant’s professional services team. Specific capabilities available to customers via the MCIRT solution include:
- 24 x 7 Monitoring by Mandiant’s Team of Expert Threat Analysts: Mandiant’s expert team of analysts proactively monitors your networks and endpoints for signs of compromise that go beyond conventional malicious software and standard signatures based on known Indicators of Compromise (IOC) or other criteria your team identifies.
- Sweeps All Endpoints to Identify Advanced Targeted Attacks: Endpoints are searched for signs that they have been compromised. Compromised machines are quickly and precisely identified for containment.
- Inspects Network Traffic to Identify Ongoing Targeted Attacks: MCIRT monitors inbound and outbound traffic to immediately identify active ongoing attacks, often at the level of a specific keystroke on a specific computer.
- Correlates Indicators of Compromise Against the Most Recent Tactics: Mandiant matches ongoing activity on your network and endpoints against the most recent Indicators of Compromise of advanced attackers.
- Provides Confirmation of Compromise & Directs Response: When MCIRT identifies an ongoing attack or compromise your IT teams will know with certainty that you have been compromised and receive actionable details of what the intruder did along with specific steps you must take to respond to the attack.
Additional information about the solution, which is currently available and being utilized by more than thirty customers, is available at www.mandiant.com/mcirt.
About FireEye, Inc.
FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 2,500 customers across 65 countries, including over 150 of the Fortune 500.
Mandiant, a FireEye company, has driven threat actors out of the computer networks and endpoints of hundreds of clients across every major industry. We are the go-to organization for the Fortune 500 and government agencies that want to defend against and respond to critical security incidents of all kinds. When intrusions are successful, Mandiant’s security consulting services – backed up by threat intelligence and technology from FireEye – help organizations respond and resecure their networks.
This press release contains forward-looking statements, including statements related to the features, objectives and benefits of the Industrial Control System Security Gap Assessment and Cyber Defense Center Development offerings. These forward-looking statements involve risks and uncertainties, as well as assumptions which, if they do not fully materialize or prove incorrect, could cause the results of FireEye or Mandiant to differ materially from those expressed or implied by such forward-looking statements. The risks and uncertainties that could cause such results to differ materially from those expressed or implied by such forward-looking statements include the ability of FireEye and Mandiant to retain and recruit highly experienced and qualified personnel; customer demand for and market acceptance of such offerings; changes in the technology or the industries in which such offerings are related; competitive pressures faced by FireEye and Mandiant; and general market, political, economic, and business conditions; as well as those risks and uncertainties included under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in FireEye’s quarterly report on Form 10-Q filed with the Securities and Exchange Commission on August 13, 2014, which is available on the Investor Relations section of the company’s website at investors.FireEye.com and on the SEC website at www.sec.gov. All forward-looking statements in this press release are based on information available to the company as of the date hereof, and FireEye does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made. Any future service, feature, objective or benefit that may be referenced in this release are for information purposes only and are not commitments to deliver any service, feature, objective or benefit. FireEye reserves the right to modify future plans at any time.