Google is acquiring security intelligence firm Mandiant for $5.4B

At a time when cyber security is top of mind for many firms, Google announced it was paying $5.4 billion to acquire security intelligence company Mandiant, giving it access to security data gathering capabilities, as well as a team of hundreds of security consultants. The company will become part of Google Cloud upon closing.

Google Cloud head Thomas Kurian pointed out that companies were facing unprecedented security threats, especially as the war in Ukraine rages, and Mandiant gives the company a platform of security services to add to the Google Cloud platform.

“This is an opportunity to deliver an end-to-end security operations suite and extend one of the best consulting organizations in the world. Together we can make a profound impact in securing the cloud, accelerating the adoption of cloud computing and ultimately make the world safer,” Kurian said in a statement.

The company plans to pay Mandiant $23 a share, representing a 57% premium over the 10 day weighted stock price average. The stock is up almost 18% over the last year and took a nice spike in the last couple of days as rumors began to surface about a possible deal.

Patrick Moorhead, founder and principal analyst at Moor Insights & Strategy says that the deal should improve and expand Google’s existing strong security stance. “Google Cloud has always had a good reputation for security offerings inside of its own cloud. The Mandiant acquisition opens the aperture to any cloud or on premise configuration,” Moorhead told me.

Gartner analyst Neil MacDonald, who watches the cloud security space carefully, agrees pointing out that when combined with the acquisition of Siemplify earlier this year, it is building a strong security business. “After Google’s recent acquisition of Siemplify for security orchestration automation and response (SOAR), the Mandiant acquisition is another clear signal that Google is serious about growing revenue in its security division – which is a part of the Google Cloud business unit,” MacDonald explained.

He added that the acquisition should enhance the company’s security argument, especially for potential customers who may still worry about securing workloads in the cloud. “By improving its security capabilities and brand awareness as a security vendor, Google also benefits by helping to remove security as an inhibitor to the adoption of GCP,” he said.

Mandiant launched in 2004 and raised $70 million along the way, according to Crunchbase data. The company was sold to FireEye in 2013 for $1 billion. Last year the two companies split with FireEye being sold to a private equity consortium led by Symphony Technology Group for $1.2 billion.

At the time company founder Kevin Mandiant, who had become FireEye CEO, said the deal was designed to unlock the value of Mandiant as a stand-alone business. It certainly fetched a much heftier price than FireEye did.

Mandiant took the position of many an acquired company, saying that the deal gave his company access to the scale and resources of Google Cloud. “Together, we will deliver our expertise and intelligence at scale via the Mandiant Advantage SaaS platform, as part of the Google Cloud security portfolio,” he said in a statement announcing the deal.

Before it gets to the finish line, the transaction will have to run the regulatory gauntlet and garner Mandiant stockholder approval. The companies are predicting a close date some time later this year.

Recorded Future acquires internet inventory startup SecurityTrails for $65M

Threat intelligence giant Recorded Future announced Tuesday that it has acquired SecurityTrails, an internet inventory startup that collects and banks current and historical domain and IP address data, for $65 million.

Financial terms of the deal were not immediately disclosed. A spokesperson for Recorded Future confirmed the acquisition price.

SecurityTrails collects and maintains vast amounts of current and historical internet records, such as domain name records, registration data, and DNS information, giving organizations visibility into what their threat attack surface is — that is, the networks and servers that are accessible from the wider internet.

The two companies have a long-standing relationship already. SecurityTrails became a technology partner in 2018 — a year after it was founded — providing Recorded Future with data for its intelligence platform, which customers use to improve their security standing and fend off adversaries.

The deal will deepen technological ties between the two companies. In remarks, Recorded Future’s co-founder and chief executive Dr. Christopher Ahlberg said that the combined technology from the two companies makes life “miserable for the adversary.”

The acquisition comes less than a year after Recorded Future invested in SecurityTrails from its newly established Intelligence Fund for early-stage startups. Recorded Future was bought by Insight Partners in April 2019 for $780 million.

Chris Ueland, SecurityTrails’s co-founder and chief executive, said the two companies “naturally complement each other in terms of providing risk landscape visibility.”

The coming reckoning: Showing ROI from threat intelligence

Threat intelligence has been a part of cyber defense processes in the private sector for nearly a decade now. Many threat intelligence teams were initially composed of classically trained intel operators from the public sector, where they focused on gathering data to thwart national security threats. And as these teams grew and adjusted to protecting against customer data breaches and disruptions to services, growing pains associated with working in a corporate environment were to be expected.

Expectations are changing, though. Security operations is maturing, and as threats have continued to evolve, enterprises have made significant investments in security infrastructure. C-suites and boards are increasingly involved in security decision-making, and studies show that they are doubling down on security investments, which are expected to rise to $458.9 billion in 2025 from $262.4 billion in 2021.

But with increased investment comes scrutiny and rigorous competition for dollars across IT and security teams. However, for threat intelligence teams, it appears old habits die hard. Many remain in the government intel mindset, focused on funneling data to the security operations center (SOC) and have limited experience in extending threat intelligence to other parts of the business, communicating the resulting value and justifying the investment required.

Delivering curated threat intelligence to more teams that need it, enabled with bi-directional integration, will allow CISOs and their team to prove threat intelligence is far from a cost center.

After nearly a decade of threat intelligence going corporate, a reckoning is coming. It’s time for CISOs and threat intel teams to start working together and prove that threat intelligence is not a cost center, but drives value across all security operations.

As threat intel teams mature, here are three recommendations to help create a shift in mindset and demonstrate the full value it provides.

Think of the threat intel team as the providers of a product

Insight Partners bags threat intel company Recorded Future for $780M

If you haven’t noticed, security companies are a pretty hot commodity these days. Just yesterday, Palo Alto Networks bought two security startups. Earlier this week, FireEye bought Verodin for $250 million, and today, private equity firm Insight Partners announced it was buying threat intelligence vendor Recorded Future for $780 million.

What Insight is buying is a company that generates information to help customers better understand the external cyber threats they are facing. It’s easy to see where a company like that could have value in today’s world. It boasts 400 customers including GlaxoSmithKline, Morgan Stanley, The Gap and Verizon (the owner of this publication).

As you might expect, Recorded Future sees the deal as a way to continue growing. “This evolution of our relationship [with Insight] will allow Recorded Future to better serve its current and future clients as we tap into the full potential of our technical roadmap and position our software to truly answer some of the most difficult and unique intelligence challenges faced by our community,” company CEO Christopher Ahlberg said in a statement.

The company was founded in 2009 and has raised almost $58 million, according to Crunchbase data. The most recent round for $25 million in 2017 was led by none other than Insight Partners . They apparently liked what they saw and wanted the entire company.

The deal essentially buys out earlier investors, which included GV (Google’s venture arm), In-Q-Tel (the CIA’s venture arm), IA Ventures, Balderton Capital, Mass Mutual Ventures and others — and gives them a healthy return in the process.