MIR accelerates the collection of electronic evidence in support of incident response, electronic discovery and corporate investigations. In a time of increased regulatory pressures, MIR allows information security professionals to respond efficiently and effectively. Combining the knowledge of expert incident responders and enterprise software engineers, MIR enables precise data collection and advanced analysis in a highly scalable, multi-tier, modular appliance-based solution. MIR 1.2 was released in September 2008.
"MIR 1.3 continues to build on the strong foundation we have developed in previous versions," said MANDIANT President and CEO Kevin Mandia, CISSP. "Our clients have found the combination of Agent-side filtering and advanced memory forensic features make MIR a powerful weapon in combating the Advanced Persistent Threat."
MIR 1.3 features include:
Advanced memory forensics: With this release, MIR expands its advanced memory forensic features, allowing the Agent to pull strings from running processes, as well as files on disk. Combined with MIR's powerful Agent-side filtering features, responders can search for processes based on patterns of data in live memory.
The Indicator of Compromise Editor (IoCE): The Editor allows responders to define and search for specific host-based indicators of compromise (signatures) based on any form of data a MIR Agent can collect. The specified searches can collect information from tens, hundreds or thousands of hosts, and rapidly identify where a breach may have occurred. Searches can be implemented using existing MANDIANT indicators, user-defined indicators or a combination of both. Using MIR's memory forensic capabilities responders can rapidly craft advanced indicators to Find Evil when traditional prevention and detection capabilities fail.
Enhanced scalability: This release builds on MIR's already-robust collection and search capability. Responders now have the option to use Labels and Search folders to group hosts and run large data collection jobs, managing thousands of hosts through the Console.
MANDIANT is an information security company providing products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and several of the U.S.'s leading law firms. MANDIANT security consultants are acknowledged experts in incident response, computer forensics, network security and application security. MANDIANT is VISA approved Qualified Incident Response Assessor. In addition to authoring seven books and numerous articles about computer forensics, incident response and rootkits, MANDIANT's consultants have been featured on news programs including CBS's 60 Minutes, CNN's Talkback Live, NBC News and FOX News. MANDIANT operates offices in the Washington, DC area, New York City and Los Angeles. To learn more about MANDIANT, visit http://www.mandiant.com, read the company blog, M-Unition, at http://blog.mandiant.com or visit MANDIANT on Twitter at www.twitter.com/mandiant.