Mandiant Rolls Out New Incident Response Product

MIR v1.4 includes support for the OpenIOC open indicator format

May 27, 2010

3 Min Read


Summerlin, NV, (CEIC Booth 706), May 26, 2010 – MANDIANT, the leader in incident response and computer forensics solutions and services, today announced general availability of MANDIANT Intelligent Response' (MIR) v.1.4. Building on its heritage as the information security industry’s first enterprisegrade incident response solution, MIR accelerates the collection of electronic evidence in support of incident response, electronic discovery and corporate investigations. The announcement was made at the Computer and Enterprise Investigations Conference 2010.

“The past year has brought proof that sophisticated attacks aren't merely a concern for government agencies and defense contractors,” said Paul Roberts, Senior Analyst, The 451 Group. “Our research on e-crime and advanced persistent threats tells us that a much larger population of enterprises need forensic and incident response tools to detect attacks, collect actionable intelligence on the origin and composition of those attacks, and understand the ripple effects within their organization after a compromise has taken place. Tools like Mandiant Intelligent Response (MIR) make such capabilities accessible to a broader range of security conscious organizations.”

MIR eliminates the need for expensive manual review, arming information security professionals with the ability to respond rapidly and intuitively through complex inspection of each system in an enterprise. By detecting hundreds of specific indicators of compromise with the simple push of a button, MIR enables precise data collection and advanced analysis in an ultra-scalable, multi-tier, modular appliance-based solution. MIR v1.3, released April 2009, featured advanced memory forensics, an indicator of compromise editor and enhanced scalability.

MIR 1.4 features include:

Support for the OpenIOC open indicator format - a free-to-use, open XML schema for describing indicators of compromise.

Agent support for Windows 7, 64-bit systems for non-memory forensic audits.

Agent support for Windows Vista 32-bit systems.

Agent support for 64-bit memory forensic audits for Windows 2k3 systems.

A single Agent installer package that supports both 32-bit and 64-bit platforms, greatly simplifying Agent deployment tasks.

Optional Agent installation into "self-hiding" mode.

To view a just-released video featuring MANDIANT executive commentary on MIR, and to access data sheets, case studies, research and freeware, please visit:

“As attacks have migrated from targeting systems via exploits to targeting people, security breaches are growing in number and sophistication,” said MANDIANT President and CEO Kevin Mandia. “Therefore, it is no longer acceptable to rely exclusively on preventive measures, and we are proud to lead the way in threat management with the debut of MIR 1.4.”

In January, MANDIANT announced it increased its consultant force by more than 65 percent in 2009, strengthening its leadership foothold as the industry’s go-to provider of incident response and computer forensics services and solutions. Also this year, MANDIANT released the inaugural edition of its M-Trends report, showcasing lessons learned on the frontlines battling the Advanced Persistent Threat (APT) throughout the U.S. government, the defense industrial base, and commercial organizations.

MANDIANT consultants and engineers have completed advanced degrees from some of the most prestigious computer science universities; authored eight books on incident response and computer forensics; and hold top government security clearances and industry certifications. MANDIANT also maintains a firm commitment to providing high-quality training and free software to the security community.


MANDIANT is the information security industry’s leading provider of incident response and computer forensics solutions and services. MANDIANT provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and several leading U.S. law firms. MANDIANT security consultants are acknowledged experts in incident response, computer forensics, network security and application security. MANDIANT is VISA approved Qualified Incident Response Assessor. In addition to authoring eight books and numerous articles about computer forensics, incident response and rootkits, MANDIANT consultants have been featured on news programs including CBS’s 60 Minutes, CNN, NBC News and FOX News. MANDIANT operates offices in the Washington, DC area, New York City, Los Angeles and San Francisco. To learn more about MANDIANT, visit, read M-unition, the company blog:, or follow on Twitter @mandiant.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights