ESW #264 – Jeff Styles & Andrew Morris

SIEM (Chronicle), SOAR (SIEMplify), response (Mandiant) - this acquisition would make sense strategically when compared to Google's previous big security acquisitions. All these acquisitions are clustered in the area of detection, response, and recovery. UPDATE: no longer a rumor, see ACQUISITIONS

After hearing rumors a few weeks back that Microsoft was in talks to acquire Mandiant (we discussed this on Episode 260 - https://securityweekly.com/esw260), some dismissed the Google/Mandiant chatter as just more rumors. We didn't have to wait long to get official confirmation though - we now have a formal press release from both Mandiant and Google. The product-side of this deal is largely straightforward. Mandiant has an EASM product (Intrigue acquisition), threat intel (iSIGHT Partners acq), Security Validation (aka BAS, Verodin acq) and an XDR/SOAR-like product called Automated Defense. All these roll up into what Mandiant calls the Advantage Platform. They're very complementary to Google's Chronicle and SIEMplify acquisitions, and round out a solid SecOps offering, as Google describes well in this press release. What's less clear, is how Google will integrate Mandiant's services going forward. There are precedents for mixed product/services acquisitions getting acquired, but they're mostly negative. If we reach WAY back to McAfee's acquisition of Foundstone ($86M) and Symantec's acquisition of @stake ($48M), we can track the slow death of both the products and services that came with each of these acquisitions. Of course, Google isn't McAfee or Symantec. And $5.4bn is a MUCH larger purchase price. Even if we factor in inflation, this deal is 42 times larger than the Foundstone acquisition and 75 times larger than the @stake acquisition. Of course, Mandiant is a public company with $483M in 2021 revenue and nearly 2,000 employees - a much larger company than Foundstone or @stake ever were. I think it makes the most sense for Google to allow Mandiant's services to continue to run as an autonomous, independent unit (if it isn't broken...). Meanwhile, Mandiant's founder and CEO, Kevin Mandia, has become increasingly involved in investing and is currently a Strategic Partner of Ballistic Ventures. It's anyone's guess as to whether he'll choose to stay on long-term and continue to run Mandiant, or if he'll pass the torch and devote himself full-time to investing.

This is the Mandiant press release for the Google acquisition. It's a bit less informative than Google's version, but they're both worth a read.

Alert Logic was MDR before MDR was cool. Did we somehow miss HelpSystems acquiring Tripwire for $350M last month??? A few of HelpSystems other recent acquisitions: Digital Guardian, Vera, Clearswift, PhishLabs, Agari, Beyond Security, Digital Defense. This makes at least 11 cybersecurity acquisitions since 2019 for HelpSystems.

I can't see the full article, but I have a few more details, courtesy of StrictlyVC: Abnormal Security, a 3.5-year-old, San Francisco-based cybersecurity company focused around socially engineered email attacks, is reportedly in talks to raise between $250 million and $300 million in funding led by Insight Partners.

Axonius was already declared a unicorn after the last raise, so we're not adding a new unicorn to the list. We've added 6 more unicorns in the past month, so things have shuffled around a bit. This is a Series E and brings total funding to $665M. Time to start talking exits? I hear Cisco and Microsoft have an appetite for cybersecurity acquisitions...

Apparently, the number is actually $38M in this Series A led by Tiger Global. "The world's first AppSec Operating System". Huh? Like Bright Security, they're taking aim at the dev lifecycle. But instead of DAST, it looks like a more holistic approach, where they focus on providing visibility and security controls. If I'm understanding this right, they're trying to remove friction from the process of improving security in app development, which is the opposite of what most dev-targeted AppSec solutions are doing. I applaud them for that, but still dislike the term "operating system" being repurposed to mean something else...

$35M Series B led by REV Venture Partners brings total finding to $56M. CyberSixGill provides Threat Intel feeds.

$20M Series A + $6M in seed and pre-seed, led by Lightspeed. Blink is a workflow platform designed to automate a variety of manual cloud and security operations.

$20M Series A led by Evolution Equity Partners. Founded in 2018, $25M funding total. Provides an appsec platform they claim cover the entire dev lifecycle. "AI-powered DAST that can find web & API OWASP top 10 vulns quickly with no false positives".

New York-based, raised from Florida Funders and others. Possibly the worst website I've seen in 2022. Also not thrilled with the name. Tons of buzzwords, seems very military/federal-focused. Doing something around encrypting data in-transit. Perhaps some kind of peer-to-peer tunneling (ZTNA? SDP?) similar to ZeroBastion (we chatted with their CEO last week)??

SEC rules already require public firms to report events that could impact shareholders, so this just implements a more formal timeframe in which these companies need to report them. We're still a long way from getting regulation that requires sharing useful details or lessons from breaches, sadly.