Google Buys Into Security With $5.4B Acquisition of Mandiant 

By: Craig Kennedy

Today Google and Mandiant announced that Google would be acquiring Mandiant for $23 per share valued at $5.4 billion in an all cash deal. Following the close of the acquisition, Mandiant will become part of Google Cloud. This blog reviews the deal and what it means for Google moving forward.

Who is Mandiant?

Mandiant, founded in 2004, is a highly respected name for those in the cybersecurity community but perhaps not as well known outside this group. Mandiant, at the time a part of FireEye, is probably best known as the firm that initially found and identified the malware that was the source of the Solarwinds supply chain attack. This attack successfully infected a multitude of US Government agencies, including the NSA, as well as Microsoft and other companies, and was able to conduct surveillance on these systems undetected for the better part of a year. The attackers unwisely decided to attack Mandiant, which led to the identification and ultimately remediation of the attack.

Mandiant was also engaged by Colonial Pipeline to investigate their high-profile ransomware attack, so Mandiant was deeply involved in the remediation of two of the largest cybersecurity incidents in history. 

Why Did Google Buy Mandiant?

Mandiant brings very deep cybersecurity expertise to the table both in the form of software tools as well as a sizeable stable of consultants and analysts with deep security knowledge, which blends well with Google’s focus on cloud security. Mandiant is highly respected in the security industry and elevates Google’s security position to a premium level amongst the major public cloud providers.

Where Does Mandiant Fit Within Google?

It will be interesting to see how the two companies come together to join forces. Much of Google Cloud’s culture is focused on achieving enterprise scale by leveraging devops tools to automate everything wherever possible. Mandiant has a set of software tools that can certainly be rolled into its devops frameworks to augment Google Cloud’s existing security offerings, and that’s a good fit.

Another big part of Mandiant’s success is the use of its 600+ consultants and 300+ intelligence analysts who can dig deep to identify cybersecurity vulnerabilities and breaches, which is the antithesis of devops. These people however would be a huge resource for Google’s recently announced Cybersecurity Action Team, tasked with providing strategic security advisory services and incident response for clients ranging from small businesses to enterprises to government entities. Again, a very good fit.

Google’s Focus on Security

Google has been methodically enhancing its security offerings within the Google Cloud Platform (GCP) and we’ve recently seen this accelerate. Google acquired the security orchestration, automation, and response (SOAR) firm Siemplify for $500M in January, which rolled out a significant enhancement to its Security Command Center with its Virtual Machine Threat Detection (VMTD) software in February, and now its acquisition of Mandiant are all major step towards completing this journey.

Bottom Line

Mandiant appears to be a great technology fit for Google to round out the security features available in its public cloud. Additionally, by deploying Mandiant’s human capital to Google’s new Cybersecurity Action Team, Google will have one of the deepest cybersecurity knowledge teams available anywhere.