IR for the Enterprise

Mandiant's new incident response appliance carries a big price tag, but comes with heavy-duty features

Dark Reading Staff, Dark Reading

January 30, 2008

2 Min Read
Dark Reading logo in a gray background | Dark Reading

4:55 PM -- Mandiant's new Mandiant Intelligent Response (MIR) 1.0 product is targeted at large enterprises that need a centralized mechanism to perform incident response (IR) as part of a security breach or e-discovery process. MIR -- which came out this week -- is basically a hardware appliance that collects information from agents running on endpoints, analyzes that data, and serves it up in a user-friendly console for security analysts to quickly perform triage and prevent further damage to the network.

But are enterprises ready to swallow the $86,500 price tag to get a jumpstart on the IR and e-discovery process? That depends on how damaging a sensitive data breach could become if it isn’t immediately detected. It also depends on whether the enterprise has the means to collect the evidence necessary to identify which systems and data were affected

The fact that MIR is an all-in-one hardware appliance is definitely a plus. Being able to purchase it, drop it in the network, deploy the agents, and start responding to incidents or conducting e-discovery keyword searches is going to be very appealing to many companies that don't want to roll their own solutions, or that have found existing enterprise IR tools lacking.

The company behind MIR also sports a repertoire of talent that leads me to believe they know what they’re doing. Mandiant is headed by Kevin Mandia, probably the most well-known name in the history of incident response. Research and development has names like Jamie Butler (rootkit research), Kris Kendall (original coauthor of forensic tool foremost), and Nick Harbour (author of forensic tool dcfldd).

If bad press isn't enough of an impetus for enterprises to prepare and respond to incidents quickly, the regulatory and legislative notification requirements to users impacted by data breaches is reason enough to look at MIR. Sure, it's pricey up front, but it could end up saving you money in the long run.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights