Press Releases

Mandiant Launches Mcirt For 24x7 Detection To Advanced Targeted Threats

New one-of-a-kind offering augments IT teams of Fortune 1000, financial institutions and government agencies with Mandiant’s top threat detection technology, intelligence and expertise

Alexandria, VA

Mandiant, the leader in advanced threat detection and response solutions, today announced the launch of the Mandiant Computer Incident Response Team (MCIRT™) as a means to put Mandiant technology and solutions to work for customers worldwide. MCIRT is the company’s answer for customers who want to proactively detect, respond and contain advanced targeted threats by capitalizing on Mandiant’s technology, expertise and diverse threat intelligence. The announcement was made at the second annual Mandiant Incident Response Conference (MIRcon™) at the Hilton Alexandria Old Town Hotel before more than 250 security executives and incident responders.

“Targeted attacks such as the advanced persistent threat (APT) have moved from government agencies to the defense industrial base to the private sector,” said Mandiant’s Chief Security Officer and Vice President of MCIRT, Richard Bejtlich. “Prior to MCIRT, these organizations had to build large and costly teams to perform the sweeping and hunting tasks necessary to mitigate targeted attacks.”

The MCIRT solution provides organizations with access to the capabilities of Mandiant’s flagship product, Mandiant Intelligent Response®, and Mandiant’s network monitoring solution with the added benefit of having Mandiant’s expert threat analysts sitting behind the wheel. Drawing on precise intelligence about attackers’ tools and tactics, MCIRT sweeps every endpoint in an organization and continuously monitors network traffic, searching for Indicators of Compromise that go well beyond standard signatures.  When MCIRT confirms a breach or compromise, it provides detailed and actionable intelligence about what the intruder did along with the specific steps an organization needs to take to respond to and contain the attack.

“Advanced threat actors are humans targeting human vulnerabilities,” said Andrew Hay, senior security analyst at The 451 Group’s Enterprise Security Practice. “As a result, they have little difficulty evading standard preventative defenses of the past decade, such as firewalls, intrusion prevention systems and antivirus software. At a time when advanced threats have escalated in sophistication and pervasiveness, services like MCIRT can help customers be better prepared to stand up to attackers.”  The MCIRT solution provides significant benefits to both organizations that already have advanced incident response teams and to those that lack the skills or experience to identify and respond to sophisticated attacks. Some of the specific benefits MCIRT customers realize include:

  • Reduced Theft of Assets & Intellectual Property: Advanced targeted attacks are identified rapidly, minimizing an organization’s window of exposure.
  • Reduced Cost of Responding to Computer Breaches: Organizations can confirm the true scope of an incident, respond immediately and reduce the need for expensive after-the-fact forensic sleuthing.
  • Reduced Disruption to Ongoing Operations: Mandiant precisely identifies the specific devices that are compromised so unaffected employees and processes stay online and are not unnecessarily disrupted by containment and remediation activities.


Reduced Reputational Risk: Organizations are better prepared to identify and contain attacks before they must disclose them to customers, partners and regulators.
MCIRT will feature 24 x 7 monitoring from Mandiant’s new state-of-the-art Security Operations Center, staffed by a team of experts specializing in incident response, reverse engineering and forensic investigation. All incidents are promptly investigated by Mandiant analysts and customers can view details of each incident via the MCIRT Portal or configure automated reports to be delivered via other mechanisms. When surge support is required, customers have access to Mandiant’s professional services team.  Specific capabilities available to customers via the MCIRT solution include:

  • 24 x 7 Monitoring by Mandiant’s Team of Expert Threat Analysts: Mandiant’s expert team of analysts proactively monitors your networks and endpoints for signs of compromise that go beyond conventional malicious software and standard signatures based on known Indicators of Compromise (IOC) or other criteria your team identifies.
  • Sweeps All Endpoints to Identify Advanced Targeted Attacks: Endpoints are searched for signs that they have been compromised. Compromised machines are quickly and precisely identified for containment.
  • Inspects Network Traffic to Identify Ongoing Targeted Attacks: MCIRT monitors inbound and outbound traffic to immediately identify active ongoing attacks, often at the level of a specific keystroke on a specific computer.
  • Correlates Indicators of Compromise Against the Most Recent Tactics: Mandiant matches ongoing activity on your network and endpoints against the most recent Indicators of Compromise of advanced attackers.
  • Provides Confirmation of Compromise & Directs Response: When MCIRT identifies an ongoing attack or compromise your IT teams will know with certainty that you have been compromised and receive actionable details of what the intruder did along with specific steps you must take to respond to the attack.

Additional information about the solution, which is currently available and being utilized by more than thirty customers, is available at www.mandiant.com/mcirt.

About MANDIANT

Mandiant is the leader in security incident response management solutions. Headquartered in Alexandria, Virginia, with offices in New York, Los Angeles, San Francisco, London, Dublin and Reston, Virginia, Mandiant provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and the world’s leading law firms. The authors of 12 books and quoted frequently by leading media organisations, Mandiant security consultants and engineers hold top government security clearances, certifications and advanced degrees from some of the most prestigious computer science universities. To learn more about Mandiant visit www.mandiant.com, read the company blog, M-unition™, follow on Twitter @Mandiant or Facebook at www.facebook.com/mandiantcorp.