I signed a Mandiant retainer three years ago, and the first thing I got wrong was the math. The engagement letter promised a 2-hour response SLA and a pool of pre-paid funds I could draw down across the year.
I read "funds" and budgeted like I was buying a block of consulting I'd burn through on tabletops. Because I read the spec that way, I scoped the reactive bank too low, An incident hit in Q3, and I watched the bank drain faster than I planned. The retainer itself worked, but my estimate of how to size it didn't, and that sizing mistake is what I've spent two renewal cycles correcting.
Correcting it forced me to get specific about which contract details actually drive the value of the engagement, and the short list is the SLA, fund drawdown rules, consultant staffing, and reporting deliverables. I've been hands-on with the IR retainer and run one live incident with their team, and I treat Managed Defense separately because I've never operated it.
That live-incident experience is also what shapes the recurring question I bring to every renewal call, the one nobody answers in the brochure: when I dial the hotline, who exactly shows up, the senior responders or whoever happens to be on the bench that week? The four points below set up the answer that the rest of the article works through.
In brief:
- Mandiant's retainer combines pre-paid funds with a 2-hour response SLA, and the funds are the part most buyers under-scope on their first contract.
- During a live incident the digital forensics and incident response (DFIR) bench is what you are actually paying for, because proprietary forensic tooling and a dedicated intel analyst per case outrun what a mid-market SOC can build internally.
- The forensic report Mandiant ships post-incident is the durable asset, because it survives third-party scrutiny long after the incident closes.
- Tradeoffs are part of the buy, including pricing, consultant consistency, and a detection feedback loop that pays off most if you're already on Google's stack.
Each of those points anchors a section below, starting with the corporate context that determines how the product is sold and priced today.
Mandiant now, and the purchase behind it
Before getting into the retainer mechanics, it helps to understand who you are actually buying from in 2026 and how the broader Google Cloud Security wrapper shapes the offering.
The wrapper matters because Mandiant is part of Google Cloud Security, operating as its incident response and threat intelligence arm. Google completed the $5.4 billion acquisition in 2022 in an all-cash transaction, and Mandiant now operates as a named sub-brand inside Google Cloud Security.
That sub-brand status also explains how the public artifacts are positioned. The annual M-Trends report ships under the Mandiant name within Google Cloud Security branding, and the pitch is that the frontline consulting work feeds the intelligence, which in turn feeds the detections. That loop is the structural argument for the premium on the retainer.
Because the loop touches multiple products, it's easy to conflate them during procurement, so separate the incident response retainer from the adjacent services. Mandiant Retainer is an incident response retainer, while Mandiant Managed Defense is an always-on Managed Defense service, and Google Threat Intelligence is a separate threat-intelligence offering.
The cleanest way to keep those product boundaries straight is to match each one to its use case: use the retainer for break-glass access to Mandiant responders, and use Managed Defense for continuous monitoring. With those boundaries in place, the next question is what the retainer itself actually buys you and why most first-time buyers misread the spec.
The incident response retainer is the product most buyers misunderstand
The misread on the retainer almost always starts with how the spend itself is structured, and that misread is where most first-contract mistakes, including mine, start.
The mistake I'd warn buyers off is the one I made: I should have treated the retainer as a flexible spend bucket with a hard SLA attached. The textbook still says an IR retainer is a block of pre-paid incident response hours at a discounted rate, but that definition is now inadequate, because as of Google Cloud Next 2025 the language shifted from hours to funds.
Under the new structure, customers redeem pre-paid funds for investigations, education, intelligence, and reactive breach response. That shift from hours to funds changes how you scope the contract.
Once the funds question is settled, the rest of the value sits on the response time. You pay for the 2-hour response time, which is confirmed in the IR retainer datasheet, and the retainer gives you pre-negotiated terms that let you bypass legal approval cycles while an attacker is moving.
The proactive side of those funds is where the rebranding intent shows, because unused funds can be repurposed for tabletops, penetration testing, Mandiant Academy training, readiness assessments, and ad-hoc malware analysis. That proactive menu is also where my first-contract mistake lived: I treated it as the primary value and under-funded the reactive bank, when I should have scoped it the other way, with the reactive SLA as the insurance and proactive spend as the rebate if the year stays quiet.
What the public materials still don't spell out, even after the rebrand, is the fine print on rollover policy, expiration terms, minimum purchase requirements, and the discount rate versus time-and-materials. Because none of that is published, you have to probe the drawdown mechanics in procurement, including chargeable activities and your true per-hour equivalent. Once those mechanics are settled on paper, the harder question is what actually shows up on the day the SLA is invoked.
When the incident is live, the DFIR bench earns the spend
What shows up on the day the SLA is invoked is where the retainer either earns its keep or quietly underperforms, and the case study Mandiant publishes is the clearest evidence of what the bench can do under time pressure.
In that live-incident moment, the retainer stops being a line item and becomes a team. The depth here is genuinely past what a 14-person SOC can build, and I say that as someone who's spent a decade building internal detection engineering capability.
The published case study is the clearest window into that depth in motion. For a multinational firm with tens of thousands of endpoints, Mandiant deployed to 18,000 systems within four hours of notification and confirmed compromise within four hours of starting.
From that four-hour mark, the cadence held: by Day 6, the bulk of investigative work was done, by Day 7 the team brought containment with no business disruption, and by Day 11 the customer was back to normal operations.
The reason that cadence is achievable is that you are renting the bench behind it. A dedicated threat intelligence analyst supports each case, so findings arrive contextualized instead of raw.
That same bench also brings tooling the average SOC doesn't have. The proprietary tooling, FACT and Monocle, do forensic interrogation at enterprise scale beyond what endpoint detection and response (EDR) gives you, and the team brings together incident response and investigative capability under one roof.
Putting tooling and team together is the honest gap between what a small internal team can do and what a retainer buys you. My team can run a competent containment, but we cannot stand up that depth on a Tuesday with an active intrusion, and pretending otherwise is how SOCs over-extend during the worst week of their year. The bench is the live-incident product, but the artifact you keep once the incident closes is the report, which is a different argument worth its own section.
The forensic report earns its cost after the incident ends
The report matters as much as the response because it has a much longer life than the incident itself, and that life is what regulators, insurers, and acquirers actually scrutinize.
Because the report outlives the incident, Mandiant's written deliverables become the asset you keep. Mandiant ships an executive summary and two operational documents described as withstanding third-party scrutiny.
The two operational documents do different work. The investigative report covers the attack timeline and the list of affected systems, accounts, and data at risk, while the remediation report covers containment measures and posture recommendations.
For the third-party readers who matter most, the firm that wrote the report is part of the credibility argument, not just the contents, and that's the durable value the live engagement leaves behind once the incident is closed.
The same investigative work also feeds Mandiant's attribution framework, which maps tiers to intelligence value. Tactical intelligence supports detecting and blocking malicious activity, operational intelligence informs detection and mitigation efforts, and strategic intelligence supports executive-level decision-making and risk assessment.
One forensic dataset feeding multiple audiences sounds like pure upside, but the catch worth naming is that automated detection feedback, including Curated Detections and Applied Threat Intelligence rule packs informed by Mandiant Threat Intelligence, is a Google Security Operations product benefit.
For buyers outside that stack, the report value and the detection value separate cleanly: if you run Splunk or Sentinel, you get the report and the intel, but you don't get the automated pipeline. That gap between report value and detection value is where the wider intelligence loop becomes the real pricing question.
The frontline intelligence loop is the structural advantage
The pricing question on the intelligence loop comes down to whether the link between consulting work and intelligence output actually delivers, and M-Trends is the public artifact that lets you see whether it does.
M-Trends 2025 is also how the reputation gets built, so buyers should understand the mechanism before pricing the premium. M-Trends 2025 is built on 450,000 investigation hours across 2024.
Those investigation hours are what drive the loop in sequence: the IR bench sees the attacks first, those findings become the report, the report becomes intelligence, and the intelligence becomes detections.
You can see the loop running in the 2024 data, which tracked 737 new threat clusters and surfaced that stolen credentials reached 16% as an initial vector, the first time credentials ranked that high as a second-place entry point.
The harder test is whether the loop delivers operationally or mostly on paper for your stack. If you're on Google's stack, the frontline intelligence is actioned directly through curated detections and playbooks.
If you're not on Google's stack, that same loop still produces detailed reporting and a real intel feed, but the automated conversion to production detections is a Google SecOps benefit rather than a universal one.
For a multi-vendor shop, that stack dependence is the difference between a differentiator you operationalize and one you only read. Price it accordingly. With the upside of the loop priced honestly, it's also worth being clear about where the engagement can fall short.
Where the engagement can disappoint
Falling short on a Mandiant engagement looks specific, and the same critique standard I'd apply to any vendor surfaces a few tradeoffs that belong in your evaluation before the contract gets signed.
The first tradeoff is consultant variance, which is my recurring renewal question made concrete. To get ahead of it, ask directly about consultant consistency before you sign, then get specific on team composition, named lead credentials, and escalation paths. I've never been handed a weak lead, but I've also only run one incident, which is exactly the sample-size problem buyers should worry about.
After consultant variance, cost is the next tradeoff, because Google Cloud's official pages for the Managed Defense service and the Mandiant Retainer publish no official per-hour, per-endpoint, or annual tier pricing, so verified pricing requires direct engagement with Google Cloud sales or a reseller.
For a mid-market budget, that opaque pricing can still translate into a serious annual commitment against capabilities you may invoke once a year or never.
Beyond consultant variance and pricing, ecosystem dependence also belongs in the evaluation. Some buyers will want the convenience of Mandiant intelligence, Mandiant response, and Google Security Operations in one motion, while others will prefer diversification and less dependence on one security ecosystem.
None of those three tradeoffs kill the case, but all of them belong in your evaluation before you sign. With the upside and the tradeoffs both on the table, the last question is which profiles the retainer actually fits.
Who should consider Mandiant, and who shouldn't
Fit is the question worth ending on, because the retainer is a strong product for a specific buyer profile and a poor fit for two others that show up in the procurement pipeline more often than you'd expect.
The buyer the retainer suits best is a team that already runs day-to-day detection and response internally but wants a named, pre-contracted firm on standby for the major incident, the one where bypassing legal approval under fire is worth the premium.
The same retainer also suits boards and legal teams that want a brand regulators and insurers already recognize. Mandiant's partnerships with law firms and insurers run deep enough that the firm often arrives via counsel anyway, which is itself a procurement argument.
Two profiles, by contrast, should look elsewhere. If your priority is ongoing 24/7 monitoring, shop for MDR rather than a retainer, and treat that as a different evaluation entirely. Compare the MDR field where Arctic Wolf, Expel, and CrowdStrike Falcon Complete sit.
The second profile that should pass is the team too small to draw down a meaningful retainer, because that team will spend premium money on insurance it can't fully use.
For everyone in between, my renewal conversation this year came down to one honest question I'd urge you to ask too: did the retainer earn its cost in the year we had it, or did I just buy expensive peace of mind? For me, the live incident answered it, and if you can't point to a year where it would have, you shouldn't sign on reputation alone.
Frequently asked questions about Mandiant
Is Mandiant worth it for incident response?
For teams with an internal SOC that want a named firm on standby for major breaches, yes, the DFIR bench and forensic reports outrun what most can build internally. The tradeoff is premium pricing and possible variance in consultant quality, so ask about your named lead consultant's credentials before signing.
What does a Mandiant IR retainer include?
A rapid response SLA for reactive breach response plus pre-paid funds redeemable across proactive services such as tabletops, penetration testing, training, readiness assessments, and ad-hoc analysis. As of 2025 the structure shifted from pre-paid hours to pre-paid funds, and rollover, expiration, and discount rates are not publicly disclosed, so confirm them in procurement.
What is the difference between Mandiant Managed Defense and an IR retainer?
The retainer is break-glass, activated when you suspect an incident, with a documented 2-hour response SLA. Managed Defense is the always-on MDR-style service for continuous monitoring, alert triage, and threat hunting. They're separately purchased products, and the retainer's IR function should be treated separately from Managed Defense.
How much does a Mandiant engagement cost?
Google Cloud's public Mandiant Retainer and Managed Defense pages publish no official per-hour or annual pricing, because pricing is handled through sales. Treat any third-party number as rough context only and get verified pricing directly from Google Cloud sales or a reseller.