MANDIANT Launches MANDIANT Intelligent Response v1.3

MIR 1.3 features advanced memory forensics, Indicator of Compromise Editor, and increased scalability

April 22, 2009

3 Min Read


SAN FRANCISCO --(Business Wire)-- Apr 21, 2009 MANDIANT, a leading provider of information security products and consulting services, announced general availability of MANDIANT Intelligent Response (MIR) v.1.3. MIR 1.3 features expanded capabilities in advanced memory forensics, a new Indicator of Compromise Editor (IoCE) and increased scalability, allowing a single MIR Controller to simultaneously collect and manage data from thousands of Agents. The announcement was made at RSA Conference 2009 in San Francisco, one of the Information Security industry's leading conferences and expositions.

MIR accelerates the collection of electronic evidence in support of incident response, electronic discovery and corporate investigations. In a time of increased regulatory pressures, MIR allows information security professionals to respond efficiently and effectively. Combining the knowledge of expert incident responders and enterprise software engineers, MIR enables precise data collection and advanced analysis in a highly scalable, multi-tier, modular appliance-based solution. MIR 1.2 was released in September 2008.

"MIR 1.3 continues to build on the strong foundation we have developed in previous versions," said MANDIANT President and CEO Kevin Mandia, CISSP. "Our clients have found the combination of Agent-side filtering and advanced memory forensic features make MIR a powerful weapon in combating the Advanced Persistent Threat."

MIR 1.3 features include:

Advanced memory forensics: With this release, MIR expands its advanced memory forensic features, allowing the Agent to pull strings from running processes, as well as files on disk. Combined with MIR's powerful Agent-side filtering features, responders can search for processes based on patterns of data in live memory.

The Indicator of Compromise Editor (IoCE): The Editor allows responders to define and search for specific host-based indicators of compromise (signatures) based on any form of data a MIR Agent can collect. The specified searches can collect information from tens, hundreds or thousands of hosts, and rapidly identify where a breach may have occurred. Searches can be implemented using existing MANDIANT indicators, user-defined indicators or a combination of both. Using MIR's memory forensic capabilities responders can rapidly craft advanced indicators to Find Evil when traditional prevention and detection capabilities fail.

Enhanced scalability: This release builds on MIR's already-robust collection and search capability. Responders now have the option to use Labels and Search folders to group hosts and run large data collection jobs, managing thousands of hosts through the Console.


MANDIANT is an information security company providing products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and several of the U.S.'s leading law firms. MANDIANT security consultants are acknowledged experts in incident response, computer forensics, network security and application security. MANDIANT is VISA approved Qualified Incident Response Assessor. In addition to authoring seven books and numerous articles about computer forensics, incident response and rootkits, MANDIANT's consultants have been featured on news programs including CBS's 60 Minutes, CNN's Talkback Live, NBC News and FOX News. MANDIANT operates offices in the Washington, DC area, New York City and Los Angeles. To learn more about MANDIANT, visit, read the company blog, M-Unition, at or visit MANDIANT on Twitter at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights