Forensic tools: Mandiant
Forensic tools: Mandiant

Sometimes you run across a company that just deserves to be selected as an innova­tor. You look them over and won­der why you didn't pick up on them before. Mandiant is one of those companies. There is a reason, of course. Mandiant started as a services company providing forensics, litigation support and incident response. So if you were in the product purchasing mood, you would not have run across these folks.

One day they decided it might be a good idea to take all of their years of experience as consultants and commercialize their tools so they could sell them to their customers who wanted to do their own work. Just so they could see if this was a good idea, they took one tool, trimmed it down a bit and tossed it out on the internet as freeware.

It was a bit like a shark feeding frenzy, so the next step was to take another product and tweak it until they could get people to pay real money for it. They did, threw it out on the market and voila! Another winner. Sounds like a cakewalk, but take it from me, it's not. The product needs to be right, the implementation of it needs to be right, there needs to be solid marketing/sales, and it has to behave as promised. That has been the story of Mandiant's success – sional services engagements. But the Mandiant innovation does not stop there. That would be too obvious. Their tools are built on open standards. That means that they are pretty likely to deliver as promised – no matter what they are expected to analyze. Open standards imply consistency and breadth of coverage.

So, once a product is developed, it is deployed on a platform that allows rapid customization. It will have an API. That allows some level of control by the user. Not all environments, of course, are created equal. The formula of proven (by their consultants) performance, solid code, open standards and looks into such emerging forensic needs as live forensics, should continue to be a winner for this small innovator.