10 Things To Know About The $1.2B FireEye-Mandiant Split

From who will lead FireEye and Mandiant going forward to how FireEye’s products fit into Symphony Technology Group’s fast-growing cybersecurity portfolio and why the separation is expected to reduce channel conflict, here are 10 key things to know.

Back To The Future

Private equity firm Symphony Technology Group (STG) agreed Wednesday to buy FireEye’s product business for $1.2 billion, separating it from Mandiant’s solutions and services business. The FireEye name will move over to STG as part of its purchase of the $541 million product business, while the $400 million Mandiant business will continue as a publicly traded company with a new ticker symbol.

“The separation enables each organization to simplify its strategy and to pursue its most appropriate business model, individual markets, go-to-market plans, compensation plans and growth expectations,” FireEye CEO Kevin Mandia told investors Wednesday.

From who will lead FireEye and Mandiant going forward to how FireEye’s products fit into STG’s fast-growing cybersecurity portfolio and why the split is expected to reduce channel conflict, here are the 10 biggest things to know about the separation of FireEye’s product business from Mandiant’s solutions and services business.

10. FireEye Sale Rumors Have Persisted For Years

An October 2019 report from DealReporter indicated that FireEye was holding talks to potentially sell its product business after struggling to find buyers for the entire company. Earlier that same month, Business Insider reported that private equity firms were believed to be the most likely buyer of FireEye after the company failed to attract the interest of strategic buyers in an earlier process.

Then in March 2020, Spanish news outlet Okdiario reported that Cisco Systems was putting together an offer to purchase FireEye and was expected to present the bid in the coming weeks. Okdiario reported that Cisco and FireEye had engaged in a long period of negotiation and were “closer than ever” in their positions, meaning that a formal offer could be presented in the coming weeks.

This wasn’t the first time Cisco and FireEye were linked in acquisition reports. In fact, a May 2015 report from Seeking Alpha and Nasdaq that Cisco had put in a $9 billion bid to purchase FireEye prompted a denial from the company’s then-CEO John Chambers. “We don’t comment on acquisitions that haven’t been announced, but I wouldn’t count on the one that you may be hearing about today,” he said.

9. Split Largely Undoes FireEye’s 2013 Mandiant Acquisition

STG’s proposed transaction largely undoes FireEye’s $1 billion acquisition of Mandiant in December 2013, which brought together FireEye’s signatureless web, email, data center and mobile security platform with Mandiant’s endpoint security and incident response. Mandia founded Mandiant in 2004, and served as FireEye’s COO for two and a half years after the deal before becoming CEO in June 2016.

However, not everything that was developed by Mandiant will remain with Mandiant once the separation is complete. Specifically, the company’s endpoint security technology and Helix cloud security information and event management (SIEM) platform will move over to STG as part of FireEye even though the capabilities were originally developed by Mandiant, according to Mandia.

While Mandiant’s services work is strategically important, Mandia said more than half of the company’s revenue came from products and subscriptions even back when it was acquired by FireEye. Mandia said he sees a future where the services component is only 15 percent to 25 percent of Mandiant, but it will remain vital to helping the company understand emerging threats.

8. FireEye’s Security Control Products Will Move Over To STG

STG will be acquiring FireEye’s security control products based on the company’s detection, prevention and analysis technologies. The company’s network, email and endpoint security capabilities can be delivered through an integrated hardware appliance, a virtual software sensor, via Software as a Service (SaaS) or through a hybrid on-premises and cloud-based model, according to the company.

The private equity firm will also acquire FireEye’s Helix cloud SIEM platform, as well as its Cloudvisory multi-cloud workload security tool and its Detection on Demand threat detection service. Helix and Cloudvisory are delivered solely through the cloud via SaaS.

Remaining with Mandiant will be the company’s threat intelligence, security validation, automated defense, and managed detection and response services, all of which are available through the Mandiant Advantage SaaS platform. In addition, the company’s consulting services around security assessments, security transformation, incident response and security training will remain part of Mandiant.

7. Sixty Percent Of Employees Will Remain With Mandiant

Approximately 1,300 of FireEye’s roughly 3,400 employees will move over to STG as part of the product business, while the remaining 2,100 employees will remain with the Mandiant Solutions business. Across the company, less than 40 percent of workers will become part of FireEye.

The divide is more equal, however, in the go-to-market organization. Just over 400 of the company’s sales and marketing employees will remain with Mandiant Solutions, while approximately 380 will join STG as part of the FireEye product business, according to CFO Frank Verdecanna.

FireEye reduced its head count by 7 percent over the course of 2020 to align expenses more closely with the company’s projected revenue and to position the company for improved operating performance. The company spent $26.5 million on the restructuring over the course of 2020, and the cuts reduced FireEye’s non-GAAP operating income by more than $26 million in 2020 as compared with 2019.

6. Mandiant Business Has Outperformed FireEye Business

FireEye’s product business has struggled for several years due to the persistence of legacy, on-premises appliance-based technology. Revenue for the company’s product business fell to $540.9 million in 2020, down 3 percent from $557.8 million a year earlier. That’s despite the surge in cybersecurity spending that accompanied the rapid shift to remote work at the onset of the COVID-19 pandemic.

Conversely, revenue for the Mandiant business surged to $399.7 million in 2020, up 20.6 percent from $331.4 million year earlier. And Mandiant’s sales increased by 25 percent between 2018 and 2019, according to the company. Mandiant expects to have more than $1 billion of annual revenue by 2025, which would necessitate a compound annual growth rate (CAGR) of greater than 20 percent.

However, from a profitability perspective, Mandiant’s operating losses barely budged, coming in at $183 million in 2020. Conversely, in the product business, FireEye recorded operating income of $27.8 million in 2020, improved from a $26.8 million operating loss in 2019. The company in April 2020 announced plans to cut $25 million of costs through a 6 percent staff reduction in its mature appliance business.

5. FireEye’s Stock Slides Amid Unfavorable Multiple

FireEye’s stock was down $1.31 (5.81 percent) to $21.22 per share in after-hours trading Wednesday, which is the lowest the company’s stock has traded since May 3. The company currently has a market cap of $5.37 billion, well below that of Wall Street cybersecurity darlings CrowdStrike, Okta and Zscaler, all of which have gone public since 2017 and today each have valuations in excess of $26 billion.

FireEye‘s stock had been stuck trading at under $20 per share almost consistently from the start of 2016 until December 2020, when the stock rallied following the company’s discovery and public warnings about the colossal SolarWinds hacking campaign. That‘s a far cry from FireEye’s all-time trading high of more than $85 per share in February 2014, five months after the company first went public.

FireEye’s product business will be sold for $1.2 billion, representing a multiple of 2.2X over the company’s 2020 product revenue. That compares unfavorably to both the 3X revenue multiple STG agreed to pay in March for McAfee’s $1.35 billion enterprise business as well as the 4.3X revenue multiple Broadcom agreed to pay in August 2019 for Symantec’s $2.5 billion enterprise business.

4. STG’s Portfolio Companies Will Have Overlapping Capabilities

STG dipped its toe in the cybersecurity waters with its April 2019 purchase of network modeling and risk scoring platform RedSeal for a reported $100 million, but has really burst onto the scene in the past year with three proposed or completed multibillion-dollar acquisitions of some of the most prominent brands in the industry.

STG made a much bigger splash with its $2.08 billion purchase of Bedford, Mass.-based encryption pioneer RSA in September 2020. Then in March 2021, STG agreed to buy San Jose, Calif.-based McAfee’s enterprise business for $4 billion. That acquisition, however, did not include the McAfee brand, which will remain with the company’s pure-play consumer cybersecurity business.

There is significant overlap among the product portfolio of all three companies, most notably around SIEM, where FireEye has Helix, McAfee has Enterprise Security Manager and RSA has NetWitness. FireEye’s Cloudvisory offering overlaps with McAfee’s cloud security portfolio, and the two companies have similar capabilities in endpoint and network security.

3. Nearly Entire Leadership Team Will Remain With Mandiant

Mandia (pictured) will reclaim his old mantle as CEO of Mandiant, the company he founded back in 2004. Most of the company’s senior leadership team will stay with Mandiant, including CFO Verdecanna as well as President and COO John Watters, who led iSight Partners for a decade prior to its 2016 acquisition by FireEye and returned to the company on a full-time basis in April of this year.

The top executive moving over to STG with the FireEye product business will be Bryan Palma, who joined the company in February of this year. Palma previously served as BlackBerry’s president and chief operating officer, Cisco’s senior vice president and general manager of Americas’ customer experience, and Boeing’s vice president of cyber and security solutions.

Other notable executives moving over to STG as part of FireEye include Pat Sheridan, an eight-year FireEye veteran who spent most of his time in the U.S. public sector space before becoming senior vice president of Americas for the company in January 2020 and Michelle Salvado, a three-year FireEye veteran who has overseen engineering for the company’s endpoint, email and Helix security platform since late 2020.

2. Split Will Reduce Channel Friction Caused By Mandiant Offerings

Separating FireEye and Mandiant will reduce the channel friction felt in the FireEye product business that has been caused by some of Mandiant’s offerings, Mandia said. In an investor presentation, the financial position of Mandiant Professional Services was compared with the likes of Accenture, Wipro, Cognizant, Capgemini and EPAM Systems, all of which appear on the 2021 CRN Solution Provider 500.

The FireEye product business will benefit from strengthened channel relationships with MSSPs based on integration alliances with complementary cybersecurity product vendors, according to a company spokesperson.

On the Mandiant side, channel and strategic alliances were identified by Watters as one of four go-to-market motions for the Mandiant business. The company has seen significant inbound interest in attaching the Mandiant Advantage platform to other vendors’ products and services, which Watters said should deliver valuable leverage for Mandiant’s go to market.

1. The Market For Mandiant Goes Beyond FireEye Product Customers

One of the challenges with having FireEye and Mandiant under the same roof is that Mandiant’s managed detection and response business has been completely linked to FireEye’s network and endpoint security technology, Mandia said. But Mandiant customers don’t always have FireEye products in place, and many would prefer to leverage their existing technology stack during engagements.

“What we‘ve recognized is the market for Mandiant’s skills—and the automation of the Mandiant knowledge—is far broader than the market of folks that have bought FireEye products,” Mandia said. “We can put Mandiant into every security operation—whether they’re using FireEye products or they’re using other products—and immediately at machine speed apply everything we know.”

The company recently launched a partnership with Microsoft where Mandiant can apply its expertise and capabilities to threat hunting with the Microsoft Defender anti-virus software, Mandia said. And now that Mandiant is on the path to being unshackled from FireEye and becoming truly vendor-agnostic, Mandia said the company will build integrations and partnerships with products from other companies.