Mandiant IR v1.2
May 01, 2009
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Collaborative environment that is also forensically sound
- Weaknesses: We would have liked to have seen a bit more attention paid to a support website
- Verdict: Solid incident response product with an excellent forensic pedigree
Mandiant Intelligent Response (MIR) is a bit of an odd product and a most welcome one for incident responders and investigators. Odd, because it is an incident response evidence collection and management tool built by incident responders for incident responders. But its welcome purpose is to collect and manage evidence in a forensically sound manner: unique in the tools we examined.
It installs readily enough and the three-layer architecture consists of the controller (where most of the action takes place), the agents (lightweight sensors on monitored devices) and consoles (the user interfaces).
The controllers can be cascaded across the enterprise for scalability and multiple responders can collaborate on incident data.
We found logging to be robust and the variety of data that can be collected includes everything one might need.
There is 2TB of storage and data is encrypted in motion and at rest. The Mandiant Intelligent Response controller queries the agents and the data is used to analyse the root cause.
Additionally, because the data is handled following forensic practice, it can survive court challenges. This is very important when data collected and analysed on MIR is evident in criminal or civil litigation.
Documentation is available on a supplied CD, along with agent software; the administrator's guide is first-rate.
Mandiant offers 24/7 support, but there is no obvious place on the website to access a support site. Mandiant offers a suite of professional services, but we would have preferred an easily accessible support section on the website.
On first sight, this is an apparently expensive box. However, cost must be taken in the context of what it does for an organisation - and that is considerable. The difference between solving a very costly incident and leaving it unaddressed or poorly addressed can be huge, especially when one considers regulatory requirements and potential upstream liability.
At £60,500, Mandiant Intelligent Response is good value, given its responsibility and the competent way it addresses that responsibility.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry