Mandiant floats off into Google Cloud

Fifteen months after a “velvet divorce” from previous partner FireEye, the acquisition of cyber defence, threat intelligence and incident response services specialist Mandiant by Google has formally completed on 12 September.

Valued at approximately $5.4bn, the deal will see Mandiant folded into the Google Cloud business unit, although its brand identity is to be maintained.

Google said the firms shared a “long commitment to industry-leading security” and the combination of Google’s own innovations around secure computing, coupled with Mandiant’s “unparalleled frontline expertise” as a cyber first responder would deliver an “end-to-end security operations suite with even greater capabilities to support customers across their cloud and on-premise environments”.

“The completion of this acquisition will enable us to deliver a comprehensive and best-in-class cybersecurity solution,” said Google Cloud CEO Thomas Kurian. “We believe this acquisition creates incredible value for our customers and the security industry at large. Together, Google Cloud and Mandiant will help reinvent how organisations protect themselves, as well as detect and respond to threats.”

Kevin Mandia, who founded the eponymous Mandiant in 2004 following a career in the US armed forces, part of it spent at the Air Force Office of Special Investigations, said: “Mandiant is driven by a mission to make every organisation secure from cyber threats and confident in their readiness. Combining our 18 years of threat intelligence and incident response experience with Google Cloud’s security expertise presents an incredible opportunity to deliver with the speed and scale that the security industry needs.”

With more than 600 consultants on call to responding to thousands of incidents every year, and over 300 analysts working on security research to power its managed extended detection and response (XDR) platform, Mandiant is long-established as a key player in incident response, and as a frequent and vocal contributor to the cyber community.

Over the years, its teams have repeatedly found themselves at the centre of high-profile cyber incidents – in 2021, they played a significant role in shining a light on the threat actors behind ransomware gangs including Maze and the Darkside affiliate which held up Colonial Pipeline; the widespread Microsoft Exchange attacks, among many others; and, at the end of 2020, they played a pivotal role in the discovery and investigation of the SolarWinds Orion incident.

Writing today, Mandia said that, when he founded the business, he had set out to change how businesses protect themselves from cyber threats because he felt cyber technology was being outpaced by innovative threat actors.

“ITo deliver cyber defences as dynamic as the threats, we believed you had to have your finger on the pulse of adversaries around the world,” he wrote.

“To address this need, we set out to respond to as many cyber security breaches as possible. We wanted to learn first hand how adversaries were circumventing common safeguards with new and novel attacks; monitor the development and deployment of attacker tools, their infrastructure, and their underground economies; and study the attacker’s targeting trends.

“As we investigated thousands of security incidents over the years, we honed the deep expertise required to find the proverbial needle in the haystack: the trace evidence that something unlawful, unauthorised, or simply unacceptable had occurred.

“We believed this skill was the foundation to automating security operations through software, so that organisations and governments around the world could easily implement effective security capabilities.” By joining forces with Google Cloud, we can accelerate this vision.”

Paolo Dal Cin, global lead for Accenture Security, commented: “The power of stronger partnerships across the cyber security ecosystem is critical to driving value for clients and protecting industries around the globe.

“The combination of Google Cloud and Mandiant and their commitment to multi-cloud will further support increased collaboration, driving innovation across the cyber security industry and augmenting threat research capabilities. We look forward to working with them on this mission.”