Google stole a march on rival Microsoft yesterday by announcing a deal to purchase cybersecurity vendor Mandiant for $5.4bn. Microsoft had been thought to be in pole position to acquire the company, but it will now be incorporated into Google’s cloud platform instead. This bidding war for Mandiant reflects the company’s high level of threat-detection expertise, but also the belief that offering the best cybersecurity options could be a key factor in the cloud wars.
The deal will see Google pay $23 per share for Mandiant, and is expected to close later this year according to yesterday’s announcement. “There has never been a more critical time in cybersecurity,” said Kevin Mandia, CEO and co-founder of Mandiant. “Since our founding in 2004, Mandiant’s mission has been to combat cyberattacks and protect our customers from the latest threats. To that end, we are thrilled to be joining forces with Google Cloud. Together, we will deliver expertise and intelligence at scale, changing the security industry.”
With the array of cyber threats facing businesses growing by the day, cybersecurity is set to be the latest battleground for the cloud hyperscalers, and Google will be hoping that by acquiring Mandiant it can strike a blow against rivals AWS and Microsoft Azure.
What is Mandiant and why does Google want it?
Founded by Mandia in 2004, Mandiant has become one of the leading threat detection and security businesses on the market, serving clients in both the private and public sectors.
Its researchers coined the term Advanced Persistent Threat group (APT) in 2013 when they uncovered the activities of Chinese hackers, known as APT1, targeting hundreds of organisations in the US and other English speaking countries. More recently, it was the company that discovered the SolarWinds breach at the end of 2020, the largest supply chain cyberattack in history, and its team was called in to investigate a high-profile breach at News Corp, said to be the work of Chinese hackers.
Mandiant was acquired by another security business, FireEye, in 2013, but the companies split last year, with Mandiant retaining control of its flagship threat detection platform, Advantage. Rumours of a sale to a bigger player have been circulating ever since, with IBM thought to have been interested last year, causing the company’s share price to spike. In February Bloomberg reported that Microsoft was the most likely buyer, but instead, the company will become part of Google Cloud.
“Mandiant has a lot of expertise that other companies don’t have,” says Dan Kirsch, managing director of Techstrong Research. “You only have to look at the number of cybersecurity incidents over the last two years where their research has been the first indicator that there is a problem. Their researchers are deep in the weeds of the industry.”
Kirsch also believes that Mandiant’s culture will have been attractive to Google. “Every cloud service is going to have security issues and every cloud is going to go down at some point,” he says. “How you respond to that and how open you are about what you’re doing to fix it is really important [for clients]. Mandiant has a culture of being really open about what they’re doing, and that goes well with Google’s credo and overall strategy.”
What does Google’s Mandiant purchase mean for the cloud wars?
For Google, Kirsch believes adding Mandiant will make its Google Cloud Platform (GCP) offering more appealing for enterprises. GCP is a distant third in the public cloud market, but has been making forward strides under the leadership of CEO Thomas Kurian, who was appointed in 2019.
“GCP is all about developers who want a little bit of that Google magic,” says Kirsch. “They have some great AI, machine learning and data tools, but you need some pretty technical people working in your organisation if you’re going to make a big push into Google Cloud. This is a sign they want to make a big push into enterprise because most businesses need more than just a bucket of tools, they need services that are ready to go.”
On security specifically, Kirsch says Mandiant can prove a focal point for GCP’s security products. “Google has security services but it’s a hodgepodge,” he says. “But now they will be able to wrap these around Mandiant and build a coherent security offering.”
The acquisition could give GCP a boost, says Kirsch, as long as Mandiant is fully integrated into the platform. “If Mandiant becomes a core part of the Google Cloud ecosystem, and every part of the platform is backed by Mandiant security smarts, that’s the type of thing which will make enterprises pay attention,” he argues. “Most companies aren’t all-in on cloud yet, and to bring them into the cloud you need to offer them assurance on where the security risks are. But if Google can assure clients it is monitoring their workloads with the expertise of the Mandiant team, that could be a compelling offer.”
The deal for Mandiant is Google Cloud’s second security-related acquisition of recent months, following the $500m purchase of Israeli business Siemplify in January. More acquisitions could follow, says Forrester analyst Jeff Pollard. GCP still has major portfolio gaps in endpoint detection and response (EDR), which it’s tried to solve via partnerships for now,” Pollard wrote on his blog. Given that GCP needs EDR to gain full ownership of the technologies that comprise its extended detection and response offering, its next shopping list likely includes an EDR tool. GCP wants to become a top–tier cybersecurity player, and its acquisitive actions match its goals.”