Security analysts say Google’s recent $5.4 billion deal to buy Mandiant gives the large cloud provider a sought after edge in security services and threat intelligence, even as it lays to rest earlier claims of independence by Mandiant.
The deal foiled Microsoft’s attempt to land Mandiant, widely considered the leader in incident readiness and response, and threat intelligence. Analysts said while Microsoft has a strong security product portfolio, it sorely needs a security services group and more than likely will continue looking for that capability, whether via acquisition or developing internally.
In a released statement, Mandiant founder and CEO Kevin Mandia said Mandiant will deliver its expertise and threat intelligence via the Mandiant Advantage SaaS platform, as part of the Google Cloud security portfolio. Analysts said the combination of Mandiant’s threat intelligence with Google’s Project Zero promised to create a formidable force in the industry.
“Google gets people who can do the consulting and architecture for cybersecurity,” said Craig Robinson, program director for security services at IDC. “AWS and Microsoft can only compete if they can provide the people that the cybersecurity world is aching for.”
Robinson said that with the increased cyber threat landscape, the industry has shifted more from incident response to incident readiness. He said business customers need consultants who can come in and do the assessment, red team engagements, and table-top exercises that will help them prevent an incident.
“Companies don’t want the first time they see Mandiant to be to respond to an incident,” Robinson said. “You want to meet with them before and do those table-top exercises. And those exercises are no longer just the domain of cybersecurity professionals. It’s no longer a pure technology play. The board of directors, legal counsel, and operations people are now involved with the cyber team to walk through how they will respond when the next big event occurs, whether its ransomware or the destructive malware that you are seeing in the Russia-Ukraine conflict.”
When Mandiant split from FireEye last year, Mandia said it was “essential” for Mandiant to operate independently so customers had the confidence that their security issues would be handled. Experts say that is no longer in the cards, with Jeff Pollard, vice president and principal analyst at Forrester, calling it wishful thinking. Pollard said the idea that Mandiant could operate independently once it separated from FireEye was “interesting,” but not feasible after losing ground to CrowdStrike in incident response and on product features and capabilities.
"The amount of capital Mandiant needed to rebrand itself and conduct R&D, develop innovative offerings, or make acquisitions was substantial and it wasn’t going to find it on its own,” Pollard said. “With Mandiant, Google gets strong security services, attack surface management, and security analytics.”
Alberto Yépez, co-founder and managing director at Forgepoint Capital said that the acquisition represents a “defining moment” for the security industry and modern business itself, extending advanced capabilities to the consumer.
“The deal marks an inflection point where cybersecurity investments are no longer a game of inside baseball between a few key players,” Yépez said. “Everyday internet users will benefit from this deal because Gmail and GoogleApps — plus all of the other Google business applications — will now be armed with Mandiant’s insights on threat vectors and cyber criminal organizations around the world. This context is critical for attack prevention. Layering that context with the use of big data and AI allows Google to be significantly more effective in preventing attacks.”
Google's stock price was up $14.52 today. Mandiant’s stock was down 45 cents at market close.