WINNER - Best Incident Response Solution: FireEye
From investigations to crisis management, Mandiant Incident Response offered by FireEye helps resolve all aspects of cyber-breaches with industry-leading threat intelligence as well as network and endpoint technology, from thorough technical investigation to containment and recovery. Through these incident response services, its team of experts helps investigate and reduce a company’s cyber incident response time and minimise incident impact. In our judges’ opinion the organisation’s great reputation stood up to scrutiny, calling its offering the “complete IR solution.” They added, “There can be no question that Mandiant/FireEye is at the forefront of the IR space,” describing them as: “A trusted leader in the field with a highly comprehensive and professional service.”
Mandiant Incident Response/ FireEye begins investigations by working with clients to understand their goals and expectations of investigation before moving on to understand data, systems, locations, and environments. Senior team members regularly work with executives and boards to explain investigative/remediation processes, strategise communications, breach disclosures, investigative priorities, post-breach actions and connect them with other victims to discuss experience/strategy.
700 intelligence analysts and researchers globally use nation-state grade threat intelligence sourced from machine, adversary, campaign and victim intelligence for smarter decision-making within its services to help clients identify, prioritise and manage cyber-risks and thereby mitigate attacks. It quickly identifies malicious activity and receives contextual intelligence on attacks enabling clients to quickly and effectively respond to cyber incidents - which is also important for GDPR reporting. Intel analysts are embedded in the FireEye Mandiant IR team to provide attribution, and information on TTPs, motivations, identify emerging attack campaigns to provide context to victims and warn them in advance so they can quickly identify attacker activity across an enterprise or multiple clients. More than 75 percent of the Fortune 100 companies have used FireEye Mandiant services and it has 7 SOCs worldwide.
Palo Alto Networks
Demisto from Palo Alto Networks was described by the judges as, “an excellent tool for IR,“ and a “comprehensive IR platform offering third party integrations, providing evidence of the impact it makes on their customers.” Another noted how it, “makes a SOC analyst's life easier.”
This comprehensive Security Orchestration, Automation, and Response (SOAR) platform combines full case management, intelligent automation, and collaborative investigation to serve security teams in security operation centres (SOCs) across the incident lifecycle. The platform’s ability to orchestrate the actions of multiple vendors/tools and provide tailored analytics and playbooks help customers further automate significant parts of their security operations and allow them to turn their attention to solving complex threats.