Google is acquiring Mandiant to boost the Google Cloud security business, the companies have confirmed. The price tag is $5.4 billion. The deal surfaces roughly one month after Microsoft apparently explored a Mandiant buyout.
This is technology M&A deal number 241 that MSSP Alert and sister site ChannelE2E have covered so far in 2022.
Google has been an active buyer in the cybersecurity market -- acquiring Siemplify in January 2022 and investing in Cybereason in October 2021. Those Google acquisitions could set the stage for more MSSP partnerships with the cloud and search giant, MSSP Alert believes.
Meanwhile, Mandiant split from FireEye in 2021. That move freed Mandiant to work more effectively with third-party security tools.
Google Acquires Mandiant for Cloud Security, XDR, Incident Response Capabilities
Armed with Mandiant, Google Cloud plans to boost such capabilities as Advisory Services, Threat Detection and Intelligence, Automation and Response Tools, Testing and Validation, and Managed Defense, the companies said.
Google Cloud's existing security services include:
- BeyondCorp Enterprise for Zero Trust and VirusTotal for malicious content and software vulnerabilities;
- Chronicle’s planet-scale security analytics and automation coupled with services such as Security Command Center to help organizations detect and protect themselves from cyber threats;
- as well as expertise from Google Cloud’s Cybersecurity Action Team.
In a prepared statement about the deal, Thomas Kurian, CEO, Google Cloud, said:
“Organizations around the world are facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry. We look forward to welcoming Mandiant to Google Cloud to further enhance our security operations suite and advisory services, and help customers address their most important security challenges.”
Added Kevin Mandia, CEO, Mandiant:
“There has never been a more critical time in cybersecurity. Since our founding in 2004, Mandiant’s mission has been to combat cyber attacks and protect our customers from the latest threats. To that end, we are thrilled to be joining forces with Google Cloud. Together, we will deliver expertise and intelligence at scale, changing the security industry.”
Mandiant Business Evolution: From Incident Response to XDR
Mandiant, after breaking away from FireEye in recent months, introduced plans to drive partner, SaaS and XDR business success. CEO Kevin Mandia outlined those efforts in a November 2021 earnings call.
As part of a five point partner plan, Maindiant:
- Created a technical alliances group to connect Mandiant’s intelligence expertise and advantage platform to other security product companies. Among the first moves is a Splunk relationship, which enables Splunk customers to operationalize Mandiant threat intelligence for adversary detection; interact directly with Mandiant experts for incident response; and validate their security posture against emerging and novel attacks, he said.
- Formed a strategic alliances group for system integrators and MSSPs. “We plan to enable integrators and MSSP to use the Mandiant advantage platform to deliver security transformation and modernization programs for their customers,” he said.
- Created an industry aligned expert team to “help us navigate and deliver tailored strategic services to various industry sectors such as finance, healthcare, defense utilities, among others; addressing their specific requirements based on mission, regulations and the risk profile,” he said.
- Hired a new leader to create a strategic alliance program targeting partnerships with global governments.
- Hired a new channel lead to create and manage a channel program that addresses the middle market in an efficient way.
Mandiant SaaS-based XDR Security Plan
Mandia in November 2021 also described a four-point R&D and innovation strategy. The overall strategy involves the Mandiant Advantage Platform — which is a SaaS-based XDR platform that addresses threat intelligence, security validation, automated defense and attack surface management. The related four-point technology strategy involves:
- A multi-vendor managed defense capability, which no longer requires Mandiant customers to run FireEye’s products. “Now our customers can rely on Mandiant expertise and intelligence to leverage the controls and vendors that they choose,” he said.
- Launching active breach and Intel monitoring capabilities the first quarter of 2022. “This capability enables visibility into Mandiant threat intelligence in real time. It is the functional equivalent of collaborating with our incident responders in the field, proactively checking our customers’ environment with the most up-to-date intelligence available as respond to the new and novel cyber attacks,” he said.
- Rolling out a Ransomware defense validation solution, which “tests a customer’s ability to defend against the ransomware attacks we are seeing in the field and provides unvarnished truth about an organization’s readiness to various ransomware actors,” he said.
- Acquiring Intrigue, which “allows Mandiant to deliver attack surface management or ASM as another module in the Mandiant advantage platform,” he said. ASM identifies how organizations could be compromised by identifying applications that are visible, vulnerable and exploitable. Mandiant plans to integrate attack service management into the Mandiant Advantage Platform in the first quarter of 2022, he said.
Google Cloud vs. Microsoft, Amazon Web Services (AWS): MSSP Partner Strategies
The big question: How aggressively will the Google Cloud and Mandiant focus on the MSP and MSSP partner ecosystem?
If Google focuses more on MSSPs, it will need to compete aggressively against Microsoft Sentinel — which has gained critical mass with MSSPs via the Microsoft Intelligent Security Association (MISA).
Also of note: Amazon Web Services (AWS) in August 2021 introduced the Level 1 MSSP Competency for AWS Partners as it tries to foster new partnerships with MSSPs and ISVs. AWS Partners can earn this competency to deliver AWS security and monitoring as a fully managed service.
Story originally published March 7, 2022, with rumors about Google-Mandiant deal. Updated March 8, 2022, with confirmed M&A details.