FireEye acquires Mandiant in a deal worth about $1 billion

The companies note that Mandiant expands FireEye’s ability to stop advanced attacks at the earliest phases of the attack life cycle with:

• Endpoint Threat Detection, Response, and Remediation Products
  Mandiant pioneered and continues to lead the industry for endpoint-based advanced threat detection and response. Mandiant’s endpoint products, which are already integrated with the FireEye platform, enable security teams to make faster, more accurate decisions about potential security incidents while eliminating blind spots by connecting the dots with the FireEye network-based threat detection and prevention platform.
• Advanced Threat Intelligence
  Mandiant brings unrivaled depth in intelligence on next-generation attacks, which is continually gathered from ongoing monitoring of more than two million endpoints and by incident response and remediation teams who serve on the front lines combating the most advanced attacks. When this depth of threat intelligence is paired with the breadth of the FireEye real-time threat intelligence gathered from more than two million virtual machines, organizations will have unmatched detection and contextual information about attempted attacks, including the level of risk, the identity of the attackers, and the intended target of the attack.
• Incident Response and Security Consulting Services
  Endpoint protection, security incident response, and remediation have been Mandiant’s primary focus and expertise since its inception. Mandiant’s extensive team of highly skilled incident response experts has performed hundreds of incident response investigations across all industries and at organizations of all sizes. In addition, Mandiant brings its Mandiant Managed Defense monitoring service to FireEye. The addition of these skills and expertise significantly expand the ability of FireEye to offer value-added services on the FireEye Oculus platform.

Mandiant has been a strategic alliance partner of FireEye since April 2012. The combination of the two companies is a natural extension of this partnership and their integrated product offering, which both companies announced in February 2013.

Kevin Mandia, Mandiant’s founder and chief executive officer prior to the acquisition, has been appointed by the FireEye board of directors to the position of senior vice president and chief operating officer of FireEye. Mandia has been profiled on the cover of Fortune magazine and recognized by Foreign Policy magazine as one of the 100 leading global thinkers of 2013.

“The combination of FireEye and Mandiant will deliver end-to-end protection and meaningful value to customers,” said Mandia. “By joining FireEye and Mandiant, we will be able to deliver fully integrated products and services that help organizations protect themselves from attacks. The combined product portfolio will cover all the major attack points within an organization, and our expanded services capacity will allow us to quickly pivot to incident response when necessary to reduce the impact of security breaches.”

Mandiant will be integrated with FireEye to provide global services and cloud solutions, including security consulting, incident response, and managed services. Mandiant’s endpoint threat detection and response products will be incorporated as a core element of the FireEye Oculus platform.

Financial terms of the transaction
The acquisition was approved by the shareholders of Mandiant and the boards of directors of both companies. Under the terms of the merger agreement, FireEye will issue an aggregate of 21.5 million shares and options to purchase shares of FireEye stock and pay approximately $106.5 million of net cash in the transaction to the former Mandiant security holders. In addition, FireEye granted certain performance-based retention equity incentives.

FireEye hosted a live Webcast with slides to discuss the transaction on 2 January 2014. The archived Webcast is available via the Investor Relations section of the FireEye website here.

What analysts say
“This acquisition shows not just how hot cyber-security is, but how hot cyber-forensics and IR are becoming. Simply put, they are a mandatory part of cyber-security,” Craig Carpenter, senior vice president of strategy at AccessData and a longtime industry security specialist, told eWEEK.

“The reason for this deal is that we now live in a world of constant compromise. When you know you will be compromised, you can’t just continue trying to keep the bad guys out; you also need to investigate every compromise, figure out what happened, prevent it from ever happening again and clean up the mess.

“Mandiant’s approach only makes sense: 1) if a customer will only get compromised once (which is obviously not the case for virtually anyone); or 2) where the compromise is a bespoke event that must be dealt with as a one-off. For every other compromise, companies need and want to be able to handle things in-house as much as possible.”

China syndrome
Mandiant captured the headlines back in February when it issued a 60-page report which identified a group within the Chinese People’s Liberation Army known as Unit 61398 which was responsible for more than 140 cyberattacks investigated by the firm since 2006. Among the targets were a large wholesale company that lost a price battle with China and security firm RSA, which attackers breached in 2011 to steal data related to its SecurID one-time password technology (see “Chinese government orchestrates cyberattacks on U.S.: experts,” HSNW, 19 February 2013; and “Chinese hackers attack the New York Times,” HSNW, 1 February 2013).

eWEEK notes that the comprehensive report brought together a large body of evidence — more than 3,000 indicators — as well as profiled three individuals in the unit who conduct specific duties.