FireEye Boosts Cyber-Forsenics With Mandiant Purchase

Cyber-security software maker FireEye has acquired privately-held endpoint security provider Mandiant in a cash-and-stock transaction.

Under the terms of the agreement, FireEye will issue an aggregation of 21.5 million shares and options to purchase shares of FireEye stock and pay an additional $106.5 million (£65m) cash. The transaction, worth about $1 billion (£608m) total, closed on 30 December, 2013, FireEye said.

Cyber Security

Mandiant, which makes both advanced endpoint security products and security incident response management solutions, made news last year when it was able to specify a geographic region inside China where an ongoing campaign of information-stealing Internet attacks by a group linked to China’s military was being staged.

Publicly held FireEye and Mandiant together will focus on providing real-time intrusion detection, contextual threat intelligence and rapid incident response.

Milpitas, California-based FireEye claims to have pioneered the use of virtual machine technology in security with the introduction of its purpose-built virtual machine-based Multi-Vector Virtual Execution (MVX) engine.

FireEye has about 2 million virtual machines deployed worldwide. Its virtual machine-based Web, email, data centre and mobile security packages provide real-time threat protection to about 1,500 government, enterprise, and small and midsized customers.

Mandiant specialises in endpoint security, incident response and remediation. Its software is installed in more than 2 million endpoints globally.

China Fame

In a report on Chinese hackers released last February, Mandiant identified a group within the People’s Liberation Army known as Unit 61398 that was responsible for more than 140 attacks investigated by the firm since 2006. Among the targets were a large wholesale company that lost a price battle with China and security firm RSA, which attackers breached in 2011 to steal data related to its SecurID one-time password technology.

The report brought together a large body of evidence – more than 3,000 indicators – as well as profiled three individuals who conduct specific duties in the unit.

FireEye and Mandiant partnered for nearly two years prior to the merger. Mandiant lists about one-third of the Fortune 100 as customers. Company experts have responded to hundreds of high-profile security incidents and brought deep security and incident response expertise to FireEye.

The two companies together comprise a complete library of actionable threat intelligence on advanced threats and a product suite that can apply that intelligence to detect and prevent attacks both on the network and on endpoints, FireEye said.

Hot Topic

“This acquisition shows not just how hot cyber-security is, but how hot cyber-forensics and IR are becoming. Simply put, they are a mandatory part of cyber-security,” Craig Carpenter, senior vice president of strategy at AccessData and a longtime industry security specialist, told eWEEK.

“The reason for this deal is that we now live in a world of constant compromise. When you know you will be compromised, you can’t just continue trying to keep the bad guys out; you also need to investigate every compromise, figure out what happened, prevent it from ever happening again and clean up the mess.

“Mandiant’s approach only makes sense: 1) if a customer will only get compromised once (which is obviously not the case for virtually anyone); or 2) where the compromise is a bespoke event that must be dealt with as a one-off. For every other compromise, companies need and want to be able to handle things in-house as much as possible.”

eWEEK security writer Robert Lemos contributed to this story.

Are you a security expert? Try our quiz!

Originally published on eWeek.