FireEye Acquires MandiantBreach Detection-Response Powerhouse Formed
Breach detection provider FireEye has acquired the incident response and remediation services company Mandiant for $1 billion in stock and cash, forming a formidable company that can offer soup-to-nuts products and services to detect, mitigate and respond to breaches.
See Also: Autonomous Response: Threat Report
The merger occurred on Dec. 30 and was announced Jan. 2.
"Organizations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats," FireEye Chief Executive David DeWalt said in announcing the merger. "Together, the size and global reach of FireEye and Mandiant will enable us to innovate faster, create a more comprehensive solution and deliver it to organizations around the world at a pace that is unmatched by other security vendors."
FireEye's technology isolates incoming traffic in virtual machines, searching for suspicious activity and analyzing it before deciding whether to allow the traffic into its customers' systems. Its offerings are an alternative to antivirus products that monitor web traffic and detect malicious software based on previously identified malware.
Mandiant's offerings focus on endpoint security, incident response and breach remediation. Mandiant last February gained international attention with it published a comprehensive report that contends a Chinese military unit it dubbed APT1 breached computers in enterprises that conduct business mostly in English, especially in the United States (see 6 Types of Data Chinese Hackers Pilfer).
Detect, Then Quickly Respond
Kevin Mandia, Mandiant founder and FireEye's new chief operating officer, explained in a Jan. 2 briefing with security analysts how the two companies' offering will be combined.
"When FireEye detects a compromise, we can send our expertise in minutes and contain things very quickly," Mandia said. "I see a very good strong synergy in services growth because every time FireEye boxes are deployed [they're] finding compromises [its] customers didn't know about. Then, the very next question is, 'What do you do about it?' That's where these services of ours can come in and help that organization figure out what happened and what to do about it."
DeWalt said the business model the merged company is creating combines very strong services around very strong products that can be automated and scaled. "There's no silver-bullet, magic product out there," he told the analysts. "It's really a combination of people and end products that really makes a difference in today's type of attack landscape."
FireEye's international presence will help Mandiant expand its services globally, DeWalt said.
Craig Carpenter, senior vice president of strategy at AccessData, which characterizes itself as a Mandiant competitor, said the acquisition demonstrates the importance of having integrated cyber-forensics and incident response capabilities in a single IT environment.
"When companies get attacked, they need to react quickly to minimize the destructive impact to their business, their customers and their brand reputation," Carpenter said. "But the key question here is whether CISOs want to handle every compromise using external personnel on an ad hoc basis, or build in infrastructure to be able to address the vast majority of incidents using technology. This acquisition can do the former, but won't help much with the latter."
Carpenter also suggested that the FireEye-Mandiant acquisition could lead to other mergers among cybersecurity companies. "It seems unlikely that any other major security vendor will work with Mandiant on incident response, so it will be very interesting to see what subsequent marriages take place as a result of the first major deal of 2014," he said.