Like a cybersecurity version of “The Bachelor,” Mandiant gives its final rose to Google. The idea of a stand-alone Mandiant, reobtaining the prestige it once held in the cybersecurity industry, made for a great story but an unlikely proposition in the long term. M&A was always the destiny for Mandiant, the only question being the winning bidder. The long and unproductive marriage to FireEye sees both companies making some interesting choices after their public, corporate divorce. FireEye combined with McAfee to become Trellix. And today, Mandiant announced an engagement to a suitor with deep pockets in Alphabet via Google Cloud Platform (GCP).
If we were browsing our ex-significant other’s social media sites, we would definitely say that Mandiant found a more attractive and compelling match. But that raises the question: “What if Google is just the rebound acquirer?” Let’s take a dive into what each company gets from this pairing.
Rebuilding Mandiant Will Take Time — And Lots Of Money
Mandiant spent too long tied to an all-FireEye ecosystem for its managed detection and response (MDR) offerings and other associated security services and only just diversified in the last year or two to support a more open ecosystem. Because of this, Mandiant forfeited some of the prestige of its once elite incident response practice primarily to CrowdStrike and watched its competitor rocket ahead of it in terms of market valuation, stock price, attach rate, and customer penetration.
Mandiant does have a strong portfolio of services and intellectual property in areas such as MDR, attack surface management, and security validation (its breach and attack simulation offering). Expanding that stable of intellectual property, however, is a capital-intensive process — requiring substantial commitment to research and development or deep pockets to make acquisitions. And valuations for public and private cybersecurity companies are sky-high at the moment.
Google Plays Catch-Up By Spending Its Way To Portfolio Parity
Google’s cybersecurity efforts began with internal initiatives such as Project Zero and relatively early adoption of Forrester’s Zero Trust approach to cybersecurity via BeyondCorp. The VirusTotal acquisition did signal Google’s interest in commercializing cybersecurity years ago, but GCP pivoted toward an enterprise–focused commercial capability somewhat late, with X launching Chronicle in 2018 and Google Cloud acquiring it in 2019. That late start demands a premium to catch up, one Alphabet appears willing to pay.
Mandiant’s expertise will accelerate the expansion of the Google Cybersecurity Action Team led by GCP’s chief information security officer Phil Venables. This acquisition comes just after GCP added Siemplify to its arsenal, making its primary offerings a combination of security analytics and security orchestration, automation, and response capabilities with Chronicle and Siemplify, and, now, Mandiant’s services-heavy portfolio of solutions. GCP will also need to sort out the impact on the rest of its ecosystem. For now, GCP relies on partnerships for a complete extended detection and response (XDR) offering, and Mandiant’s MDR service coupled up with direct Google competitor Microsoft via Defender.
This acquisition also augments Google Project Zero with an infusion of sophisticated practitioners in forensics, malware analysis, threat intelligence, and security research. Now, two well-regarded research teams get to mix and match information and expertise, which could lead to interesting advancements and discoveries in attacker activity and techniques to defend enterprises. Mandiant’s incident response expertise, coupled with VirusTotal data and Project Zero-caliber talent, could launch a new era of cybersecurity discoveries as the two teams come together. Google and Microsoft compete extensively for enterprise business, and if Google severs the information sharing that occurs between Mandiant and Microsoft, Google needs to commit to extending these relationships for this era of discoveries to materialize. Not doing so would be a mistake and a loss of epic proportions for the entire industry.
Cloud Competition Becomes A Contest For Cybersecurity Dominance
Forrester predicted that the “tech titans” would next fight over cybersecurity. This acquisition spree is not over. GCP still has major portfolio gaps in endpoint detection and response (EDR), which it’s tried to solve via partnerships … for now.
Given that GCP needs EDR to gain full ownership of the technologies that comprise its XDR offering, its next shopping list likely includes an EDR tool. GCP wants to become a top–tier cybersecurity player, and its acquisitive actions match its goals.
Mandiant brings more to GCP than vice versa in capabilities and prestige, which gives us pause. Mandiant needed an acquirer with a complete cybersecurity product portfolio, deep pockets, and strong relationships with enterprise buyers. GCP now brings in one of those while it continues to pursue the others. Both companies place a premium on expertise as part of their culture, which does set this up as a better pairing than Mandiant’s prior matchup.