IR for the EnterpriseIR for the Enterprise
Mandiant's new incident response appliance carries a big price tag, but comes with heavy-duty features
January 30, 2008
4:55 PM -- Mandiant's new Mandiant Intelligent Response (MIR) 1.0 product is targeted at large enterprises that need a centralized mechanism to perform incident response (IR) as part of a security breach or e-discovery process. MIR -- which came out this week -- is basically a hardware appliance that collects information from agents running on endpoints, analyzes that data, and serves it up in a user-friendly console for security analysts to quickly perform triage and prevent further damage to the network.
But are enterprises ready to swallow the $86,500 price tag to get a jumpstart on the IR and e-discovery process? That depends on how damaging a sensitive data breach could become if it isn’t immediately detected. It also depends on whether the enterprise has the means to collect the evidence necessary to identify which systems and data were affected
The fact that MIR is an all-in-one hardware appliance is definitely a plus. Being able to purchase it, drop it in the network, deploy the agents, and start responding to incidents or conducting e-discovery keyword searches is going to be very appealing to many companies that don't want to roll their own solutions, or that have found existing enterprise IR tools lacking.
The company behind MIR also sports a repertoire of talent that leads me to believe they know what they’re doing. Mandiant is headed by Kevin Mandia, probably the most well-known name in the history of incident response. Research and development has names like Jamie Butler (rootkit research), Kris Kendall (original coauthor of forensic tool foremost), and Nick Harbour (author of forensic tool dcfldd).
If bad press isn't enough of an impetus for enterprises to prepare and respond to incidents quickly, the regulatory and legislative notification requirements to users impacted by data breaches is reason enough to look at MIR. Sure, it's pricey up front, but it could end up saving you money in the long run.
– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
The Rise of Extended Detection & Response