Home Contact

M-unition

The Ammunition You Need to Find Evil and Solve Crime

About Us

Welcome to M-unition, the MANDIANT blog. Here we share our insights about the tools we create and use to find evil and solve crime.

Rob Lee: On MANDIANT

Written by Rob Lee

For the past several years, I have been working toward getting my MBA at Georgetown University while working part time with MANDIANT.  I am proud to be able to join the team full time.  Without a doubt, MANDIANT is a leading provider of incident response and computer forensic solutions and services.

Every time I came into the Alexandria Virginia office, I was immediately wishing I could spend more time there.  Not only to work on challenging cases, but to learn.  The professionals that work here are top notch and I find myself gaining knowledge from every one of them.  To a certain extent, it is like coming home as many on the MANDIANT team are friends and past colleagues from the Air Force Office of Special Investigations (AFOSI) and my work as a government contractor.

MANDIANT is leading the way in information security services, incident response, and forensics.  The solutions that are being thought up here are beyond the cutting edge as many of them have never even been truly considered.  For example, we have a program called the Threat Identification Program (TIP).  MANDIANT consultants are using their product in combination with extensive indicators of compromise list compiled over many years to help organizations identify potential intrusions already in their organizations that they have not been able to find.  How can you claim to secure something you are not sure is already secure in the first place?  This type of forward thinking is needed to help protect businesses and organizations in the future.  Similar to detecting cancer, it better to detect it early before it gets out of hand.

MANDIANT strives to improve information security by sharing lessons learned in open forums.  Just this past week, I attended GFIRST teaching several forensic classes for the SANS Institute in addition to speaking twice.  Joining me at GFIRST were fellow MANDIANT colleagues David Ross, Scott Roberts, Wendi Rafferty to name just a few.  I attended David Ross’s talk in which he described techniques to perform process differentiation to find malware and evil left by hackers.  He was accomplishing this across 30,000 hosts in an enterprise environment.  Incredible.  He was utilizing MANDIANT’s MIR product and his experience as a consultant in multiple front-line incident response engagements to create new capabilities that seemed impossible just a few years ago.

From moving between Wendi’s Advanced Persistent Threat presentation to hearing about Scott’s experiences working in a security operation center for his customer it was clear that MANDIANT has not only been learning through their experiences, they were also giving back to the information security community.  This is the mark of a wonderful group.

MANDIANT’s dedication to improving the security space, community involvement, and responding to some of the most difficult information security incidents makes the decision to join the MANDIANT team an easy decision.

Rob Lee

Director

rob.lee@mandiant.com

. 04 Sep 09 | The Whiteboard
«
»


Reader's Comments

  1. JimMoore | December 22nd, 2009 at 11:42 am

    As a member of the security community and a full time investigator that use Memoryze, Web Historian, Red Curtain, and other Mandiant tools, thank you for providing leadership and tools for those who are learning, and trying to build capabilities.

    Jim
    - – - -
    Jim Moore, CISSP, IAM
    Senior Information Security Forensic Investigator
    Rochester Institute of Technology



Leave a Reply

You must be logged in to post a comment.