FireEye Buys Startup Verodin For $250M To Find Security Gaps

FireEye has acquired cybersecurity startup Verodin to help find security effectiveness gaps stemming from equipment misconfiguration, evolving attacker tactics, or changes in the IT environment.

The Milpitas, Calif.-based platform security vendor said its acquisition of McLean, Va.-based Verodin will help measure and test security environments against known and newly-discovered threats to identify risks in security controls before a breach occurs. The deal closed Tuesday, and is valued at approximately $250 million in cash and stock.

"Verodin gives us the ability to automate security effectiveness testing using the sophisticated attacks we spend hundreds of thousands of hours responding to, and provides a systematic, quantifiable, and continuous approach to security program validation," FireEye CEO Kevin Mandia said in a statement.

[Related: FireEye CEO: Other Platforms Are Only Providing The 'Veneer' Of Security]

The purchase of Verodin will make it easier for FireEye customers to reliably and consistently quantify cyber risk in a way that's understandable to both frontline technicians as well as the board room, Mandia said. Continually attacking an environment and adapting security controls to real threats is the best way to train people and instrument high-quality security, according to Mandia.

Verodin will be integrated with FireEye Helix's security orchestration capabilities to help customers prioritize and automate continuous improvement of security controls, FireEye said. Verodin offerings will continue to be available on a standalone basis through Verodin resellers, as well as through the global FireEye channel community, the company said.

Customers will be able to implement Verodin's cybersecurity validation and measurement offering on an "as-a-service" basis through FireEye's Managed Defense service as well as the company's Expertise On Demand automated service, according to the company.

FireEye's stock remains unchanged at $14.24 in after-hours trading Tuesday, which is the lowest the company's stock has traded since December 2017. Verodin was founded in 2014, employs 90 people, and has raised $33.1 million in three rounds of outside funding, according to CrunchBase. The $250 million acquisition price is 3.6 times Verodin's projected 2020 billings of $70 million, FireEye said.

"By joining FireEye, Verodin extends its ability to help customers take a proactive approach to understanding and mitigating the unique risks, inefficiencies and vulnerabilities in their environments," Verodin CEO Chris Key said in a statement.

Key said that cybersecurity today is based on the assumption that: technologies work as vendors claim; products and deployed and configured correctly; processes are fully effective; and changes to the environment are properly understood, communicated and implemented. But firms typically only realize how different reality is from these assumptions when they're on the wrong side of a breach, he said.

The acquisition of Verodin is expected to provide a $10 million boost to FireEye's 2019 revenue and result in a $0.05 per share hit to non-GAAP diluted net income due to higher operational expenses and a deferred revenue write-down, FireEye projects. The company is enjoying year-over-year growth in excess of 100 percent, according to FireEye.

This is FireEye's third acquisition since the start of 2018, according to Crunchbase. The company bought machine and log data management platform X15 Software in January 2018 for $20 million, and purchased email security provider The Email Laundry three months later.

From a dollar standpoint, the Verodin acquisition is FireEye's largest since the company's blockbuster purchase of incident response titan Mandiant for $1 billion in January 2014, according to CrunchBase.