Microsoft Mulls Mandiant Purchase To Bolster Security – Report

Microsoft is reportedly considering another potential purchase, said to be cybersecurity veteran Mandiant.

According to the Bloomberg report, which cited a person familiar with the matter, Redmond is considering a deal to buy Mandiant, but the talks may not result in an offer.

Microsoft seems to be in an acquisitive mood of late. Last month it shocked the gaming industry with the news that it would acquire gaming giant Activision Blizzard for nearly $69 billion.

Mandiant move?

Meanwhile the acquisition talk surrounding Mandiant pushed its share price up 18 percent, and Microsoft shares also rose 1.1 percent in Tuesday afternoon trading.

Mandiant has a market value of $4.3 billion, and specialises in cyber-incident response and cybersecurity testing.

Microsoft’s rationale for purchasing Mandiant would be to help Redmond beef up its own cybersecurity products used by its customers to protect their infrastructure.

And Microsoft has previous form in using acquisitions to bolster its security capabilities. For example Microsoft made two cybersecurity purchases in 2021.

In July 2021 Microsoft acquired San Francisco-based cybersecurity firm RiskIQ, but did not disclose how much it paid for the firm that specialises in helping customers identify their “attack surfaces.”

That same month Microsoft also purchased cloud access specialist CloudKnox for an undisclosed sum.

CloudKnox was established in February 2017 with a mission to control (and limit) people’s access privileges to multiple cloud infrastructure including Microsoft Azure, Amazon Web Services and the Google Cloud.

In previous years Microsoft brought cybersecurity firm Hexadite for $100 million in 2017, and in 2015 Redmond acquired Israeli cloud security firm Adallom for $320 million.

Microsoft incidents

Microsoft of course has had to deal with its own cybersecurity incidents in the past couple of years.

The most notable one was when Chinese-linked group Hafnium breached the company’s Exchange email service in March 2021.

That incident followed the hack in 2020 of SolarWinds’ Orion IT monitoring tool, which in turn compromised Microsoft systems.

That compromise resulted in the theft of Microsoft customer data and also allowed the hackers to view Microsoft source code.

Mandiant history

Founded in 2004, Mandiant has an interesting history in the cybersecurity industry, and for years it specialised in endpoint security, incident response and remediation.

In 2013 it gained recognition when it was able to identify a geographic region inside China where a campaign of information-stealing attacks by a group linked to China’s military was being staged.

In a report on Chinese hackers released in February 2013, Mandiant identified the group within the People’s Liberation Army known as Unit 61398 that was responsible for more than 140 attacks investigated by the firm since 2006.

The report brought together a large body of evidence – more than 3,000 indicators – as well as profiled three individuals who conduct specific duties in the unit.

At the time the Chinese government of course denounced Mandiant’s report, saying it was groundless both in facts and legal basis.

China even claimed that the Chinese IP addresses identified had been spoofed or hijacked.

Soon after that in January 2014 Mandiant was acquired by FireEye in a transaction worth $1 billion, as the later sought to bolster its cyber forensics capabilities.

Mandiant became a standalone entity again last year when FireEye Inc – which acquired the company in 2014 – sold its products business and the FireEye name for $1.2 billion to a consortium led by private-equity firm Symphony Technology Group.