Advertisement

Google has ‘definitive agreement’ to buy Mandiant for $5.4B

The all-cash deal for Mandiant comes after the company only recently became independent again.
Kevin Mandia FireEye, Mandiant
Mandiant CEO Kevin Mandia speaks May 31, 2018, at the Cyber Threat Intelligence Forum presented by FireEye and produced by CyberScoop and FedScoop. (Scoop News Group)

Mandiant, one of the cybersecurity industry’s marquee names in threat intelligence and incident response, is being acquired by Google, the two companies said Tuesday.

Google has a “definitive agreement” for an all-cash transaction worth about $5.4 billion, the tech giant said in a news release. Mandiant will join the Google Cloud unit, specifically, with the goal of boosting its security offerings, the companies said.

Existing Mandiant customers, meanwhile, will benefit from the reach of Google Cloud’s lineup of products, partners and services, said Phil Venables, the chief information security officer for Google Cloud. But there are “a lot of decisions yet to be made about the precise structure” once the deal closes later this year, he said at a news conference Tuesday, and there is no specific timetable.

Mandiant CEO Kevin Mandia said the overall goal is to work within Google Cloud to automate and globally scale up as much of Mandiant’s work as possible. The Reston, Virginia-based company has more than 2,000 employees worldwide.

Advertisement

“Even though Mandiant is seen by many as an incident response company, in reality we weren’t in business solely to be an incident response company,” Mandia said. Those activities are just a means for greater knowledge of threats, he said, and Mandiant saw it as a “strategic portion of the business to build the right solutions.”

Mandiant currently is responding to more than 150 security breaches, Mandia said, and “probably 85 to 90% of what our folks are doing — maybe even more — we’ve done it before.” Automating more of that work would help address talent shortages in the industry, he said, and also improve what Mandiant is doing for customers.

The Google deal isn’t a total surprise, but it wasn’t exactly the acquisition news that many were watching for. Reports in February had said Microsoft was in talks to buy Mandiant. The Google deal represents another high-profile cybersecurity acquisition in an industry already active with such deals. The news also reflects the stiff competition in the market for cloud computing and software-as-a-service (SaaS), with Microsoft, Amazon and others aiming for the same customers.

“This is an opportunity to deliver an end-to-end security operations suite and extend one of the best consulting organizations in the world,” said Google Cloud CEO Thomas Kurian. “Together we can make a profound impact in securing the cloud, accelerating the adoption of cloud computing, and ultimately make the world safer.”

Over 18 years, Mandiant has grown to be one of the top brand names in the cyber industry, noted for responding to breaches at major corporations and government agencies, while also becoming the target of nation-state hackers itself.

Advertisement

Mandiant recently became an independent company again, after onetime parent FireEye was acquired by Silicon Valley-based Symphony Technology Group and merged with McAfee Enterprise into the newly christened Trellix.

Once Mandiant was on its own again in the fall of 2021, there was no plan to seek a suitor, Mandia said. The Google deal does fit, however, with Mandiant’s long-term plan to scale globally, he said.

Mandiant spent “very little time being single,” noted Forrester Vice President and Principal Analyst Jeff Pollard. Google Cloud “is playing catchup to Microsoft in cybersecurity,” he said, and basically outbid the competition for Mandiant. Meanwhile, “Mandiant found a matchup with deep pockets as it reinvents itself,” Pollard said.

Google itself is no small player in cybersecurity; its holdings including the VirusTotal platform for malware samples, the Chronicle threat detection platform, and the Cybersecurity Action Team, which supports the company’s clients. More broadly, the Google Project Zero team is widely respected for its research on security vulnerabilities.

Mandiant produces a steady stream of public research about nation-state hackers and other high-profile cyberthreats. This week it warned U.S. state governments about activity by a China-linked hacking group.

Advertisement

Analysts said the Mandiant acquisition is Google’s second-largest ever, after its $12.5 billion deal for Motorola in 2011.

When asked about potential scrutiny by antitrust regulators, Venables said the cloud security space is “highly competitive” and the deal “only further enhances that competition.” Google Cloud is “very happy to engage with regulators,” he said.

Updated, 2/8/22: with comments from Venables, Mandia and Pollard.

Latest Podcasts