FireEye Buys Mandiant for Approximately $1 Billion

FireEye acquired Mandiant for around $1 billion, closing the deal on 30 December 2013
FireEye acquired Mandiant for around $1 billion, closing the deal on 30 December 2013

This merger has probably been planned for some time, but required FireEye to go public first to make it realistic. It is a natural fit for both companies. FireEye offers innovative threat detection at the network level while Mandiant offers threat detection at the endpoint. Mandiant has also become the go-to consultancy for major incident response and remediation.

At the beginning of 2013 it became famous for a report that tied the advanced Comment Crew (APT1) hacking group to the Chinese military. In October 2012 it was brought in by the State of South Carolina to tidy up after the theft of 3.6 million social security numbers, “upon the recommendation of law enforcement officials... to assist in the investigation, help secure the system, install new equipment and software and institute tighter controls on access.” In November 2012 it became one of the first four companies included in GCHQ's Cyber Incident Response Scheme.

FireEye takes a new approach to threat detection. While traditional anti-virus is still heavily (not entirely) dependent on the recognition of malware signatures, FireEye's approach is to examine traffic within virtual sandboxes in order to detect malicious potential. As malware becomes more and more advanced and better able to defeat signature detection, the recognition of deviant behavior is increasingly necessary: behavioral analysis can potentially detect zero-day threats in a way that signature detection cannot.

Putting the two companies together provides a new single source for a complete security service: threat detection and removal before an attack, and incident response and mitigation after an attack. "The combined organization unifies the critical components required to provide state-of-the-art cyber security: the most complete library of actionable threat intelligence on advanced threats and a product suite that can apply that intelligence to detect and prevent attacks on both the network and on endpoints," said FireEye in a statement.

The New York Times summarizes, "In an interview, Mr. Mandia [founder of Mandiant] and Mr. DeWalt [chairman and CEO of FireEye] said the combined company would be able to notify its customers as soon as it detected abnormal behavior, execute a temporary fix and then dispatch a Mandiant team to take further steps. It will also give Mandiant more reach: FireEye works with more than a thousand customers, including 40 state military operations, around the globe."

What is not yet clear is the relationship the new FireEye will have with the US and UK governments. NYT notes, "The combination of the two companies — one that detects attacks in a novel way, another that responds to attacks — comes as corporate America has become wary of relying on the federal government to monitor the Internet and warn of incoming attacks."

CNET comments, "By combining the skills of FireEye, which detects and prevents cyberthreats, with those of Mandiant, which resolves breaches, this newly formed duo could compete against security firm giants like McAfee and Symantec. It also could have ramifications for governments that have been accused of spying on their citizens and allies, like the US, China, and Iran."

As for Mandiant's membership in the GCHQ Cyber Incident Response Scheme, FireEye has told Infosecurity: "For the year 2014, everything remains the same. Meaning that Mandiant will retain its membership. Throughout the year we will work on transition. Should this be important, FireEye will take over the membership in 2015."

What’s hot on Infosecurity Magazine?