Mandiant IR v1.2
Strengths: Collaborative environment that is also forensically sound
Weaknesses: We would have liked to have seen a bit more attention paid to a support website
Verdict: Solid incident response product with an excellent forensic pedigree
Mandiant Intelligent Response (MIR) is a bit of an odd product and a most welcome one for incident responders and investigators. Odd, because it is an incident response evidence collection and management tool built by incident responders for incident responders. But its welcome purpose is to collect and manage evidence in a forensically sound manner: unique in the tools we examined.
It installs readily enough and the three-layer architecture consists of the controller (where most of the action takes place), the agents (lightweight sensors on monitored devices) and consoles (the user interfaces).
The controllers can be cascaded across the enterprise for scalability and multiple responders can collaborate on incident data.
We found logging to be robust and the variety of data that can be collected includes everything one might need.
There is 2TB of storage and data is encrypted in motion and at rest. The Mandiant Intelligent Response controller queries the agents and the data is used to analyse the root cause.
Additionally, because the data is handled following forensic practice, it can survive court challenges. This is very important when data collected and analysed on MIR is evident in criminal or civil litigation.
Documentation is available on a supplied CD, along with agent software; the administrator's guide is first-rate.
Mandiant offers 24/7 support, but there is no obvious place on the website to access a support site. Mandiant offers a suite of professional services, but we would have preferred an easily accessible support section on the website.
On first sight, this is an apparently expensive box. However, cost must be taken in the context of what it does for an organisation - and that is considerable. The difference between solving a very costly incident and leaving it unaddressed or poorly addressed can be huge, especially when one considers regulatory requirements and potential upstream liability.
At £60,500, Mandiant Intelligent Response is good value, given its responsibility and the competent way it addresses that responsibility.