FireEye Buys Mandiant In $1 Billion Blockbuster Deal

FireEye, which sells a line of appliances that analyzes suspicious files to detect custom malware and other advanced threats, has acquired Mandiant in a deal estimated at nearly $1 billion.

The transaction closed on Dec. 30, but FireEye didn't formally announce the acquisition until after the financial markets closed on Thursday.

Milpitas, Calif.-based FireEye said the deal would help bridge its virtual machine malware analysis engine with threat intelligence and incident response capabilities provided by the Mandiant platform. According to FireEye, its platform is deployed by more than 1,500 government, enterprise, and small and mid-sized customers.

[Related: FireEye's DeWalt: 10 Ways Channel Could Transform Threat Detection ]

Sponsored post

Based in Alexandria, Va., Mandiant provides both endpoint security and incident response services as well a computer forensics services. The company is known for its threat intelligence research, focusing its attention on attacks emanating from China. The firm released a report in early 2013 that it said provided evidence of ties between a hacking group and the Chinese government. Chinese officials have disputed the claim.

Mandiant also maintains a threat intelligence and custom malware database, which could be integrated into the FireEye platform, the company said, which would its capabilities to detect and prevent both network and endpoint threats.

"Organizations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats," FireEye chairman and CEO David DeWalt said in a statement. "Together, the size and global reach of FireEye and Mandiant will enable us to innovate faster, create a more comprehensive solution, and deliver it to organizations around the world at a pace that is unmatched by other security vendors."

Mandiant is known in the security industry for its incident response capabilities, said Pete Lindstrom, principal and vice president of research at Spire Security. Lindstrom said FireEye needed to either expand its capabilities beyond malware detection and analysis or be acquired by a larger security vendor.

"They've been a highly successful one-trick pony looking for a way to grow the company," Lindstrom said. "With sandboxing being commoditized, it seems pretty clear that FireEye can use an endpoint-based solution product wise, but the addition of threat intelligence and post-breach forensics makes it a very interesting acquisition."

FireEye is more than 90 percent channel, and in a recent interview with CRN, DeWalt said the company is committed to the indirect sales strategy. Lindstrom and other industry analysts say the company is seeing increased competition from other appliance makers that are using virtual machine technology to detect malware. Palo Alto Networks, Sourcefire, which Cisco recently acquired, and McAfee, with its acquisition of Stonesoft, all use similar technology.

Resellers and systems integrators are also praising the acquisition as a good fit. Mandiant's incident response capabilities play nicely against FireEye's threat detection capabilities, said Dan Thormodsgaard, vice president of solutions architecture at FishNet Security. Nearly all security appliance makers are incorporating, in one form or another, the sandboxing technology that FireEye provides, Thormodsgaard said.

"It seems pretty clear that the market for a standalone solution is extremely challenging," Thormodsgaard told CRN. "No one disputes the value proposition of FireEye's solutions, but it was known that they had to either develop a broader platform on their own, or combine one as they did here, or simply get acquired by a larger vendor."

In addition, FireEye said its board of directors has appointed Kevin Mandia, Mandiant’s founder and chief executive officer prior to the acquisition, to the position of senior vice president and chief operating officer at FireEye. Mandiant has been a strategic alliance partner of FireEye since April of 2012.