Select Page

Revenge of the SaaS: Mandiant makes use of providers to flee FireEye

Mandiant has untangled itself from FireEye (FEYE) by promoting the product portion of the agency to Symphony Expertise Group (STG) for $1.2 billion. FireEye’s historical past as essentially the most “almost acquired vendor” is lastly over as STG takes the reins.

Picture: putilich/Getty Photographs/iStockphoto

In a cybersecurity divorce that had fewer main indicators than the dissolution of Kim and Kanye, Mandiant has lastly untangled itself from FireEye (FEYE) by promoting the product portion of the agency to Symphony Expertise Group (STG) for $1.2 billion. FireEye’s historical past as essentially the most “almost acquired vendor” is lastly over as STG takes the reins. The lengthy and winding saga of two firms that by no means ought to’ve been put collectively will come to a detailed in This fall of 2021. 

A tradition conflict from day one 

The FireEye and Mandiant cultures by no means really meshed. FireEye personnel have been masters of {hardware} gross sales, whereas Mandiant cultivated a tradition of experience and mastery. Each teams earned their swagger, however the dream workforce envisioned by no means materialized. This misalignment was by no means really rectified, and the injury was executed with the post-acquisition mind drain resulting in a Mandiant diaspora of launching startups, operating different safety firms, and main safety applications as chief data safety officers. FireEye personnel exited simply as shortly, doing a lot of the identical. 

When FEYE purchased Mandiant, it was a cybersecurity darling that had simply had a profitable IPO, with a inventory value that shot up 80% above its IPO debut, and immediately turned one of many main innovators within the cybersecurity house. On the time, FEYE was at the forefront of a safety renaissance, a “new vendor” with a brand new strategy that emerged as an alternative choice to the antivirus-heavy safety distributors of the prior decade. However all too quickly, the highlight FireEye relished turned far too intense. Monetary losses, missed alternatives, and merchandise that have been good however by no means displaced incumbents weighed the seller down. Mandiant gained its personal fame with the discharge of the APT1 report and have become one in all a handful of go-to incident response companies, having responded to a number of intrusions by state-nexus actors. 

FireEye by no means turned the seller it was imagined to be 

FEYE’s portfolio included safety {hardware} that sat throughout virtually the complete know-how stack, however these units by no means really displaced different controls. Firewalls nonetheless exist, and sandbox performance turned a function of them. FEYE’s different choices reminiscent of TAP and Helix by no means took over the safety analytics or safety orchestration, automation, and response (SOAR) house both. The corporate always looked for the dominance Mandiant loved over the incident response market, however in the end by no means discovered it. Whereas the merchandise didn’t acquire a dominant place out there, Mandiant slowly started to reinvent itself via legacy providers and software program as a service (SaaS). 

FireEye’s historical past of seeing the place the markets are going properly earlier than others is probably the factor it needs to be remembered most for. Along with snapping up Mandiant, FireEye additionally acquired one of many earlier cyberthreat intelligence companies—iSIGHT Companions—which joined forces with Mandiant’s workforce. It acquired an early SOAR participant in Invotas (now Helix) and bought Reply Software program. However seeing what’s coming and appearing early is not enough, and in all these instances, FireEye merchandise by no means turned must-haves. Whereas, throughout the identical time-frame, the Mandiant facet of the enterprise principally excelled, putting in a number of Forrester Wave™ evaluations as a Chief, FireEye safety merchandise didn’t fare as properly in our evaluations. The connection between the 2 sides of the enterprise was by no means equal, and ultimately, Mandiant acknowledged that legacy FireEye options have been holding it again. 

Mandiant discovered itself making FireEye merchandise “work” for shoppers 

In a number of earnings calls all through 2020, Kevin Mandia talked about that the corporate was dedicated to transferring off a FEYE-only ecosystem of merchandise inside its providers follow. The sale to STG definitely proved that to be true, so no half measures there. Mandiant was capable of finding momentum via SaaS choices reminiscent of Mandiant Safety Validation, Mandiant Benefit Menace Intelligence, Mandiant Managed Detection and Response, and its legacy incident response enterprise. The safety market now values the flexibility to combine far greater than the flexibility to bundle, though combining each works, too. 

Companies shedding merchandise shouldn’t be the norm 

Usually in M&A transactions like this, the product vendor buys the providers vendor. Larger margins, extra cash movement, and better multiples places software program and SaaS firms in a greater place to purchase providers firms than vice versa. However we have seen — and written about — the rising variety of firms launching with providers wrapped round their very own IP in managed detection and response (MDR), cybersecurity consulting, and managed safety service markets. Managed SaaS or bundled options that embody “managed platforms” are the fad and can proceed to be. The economics of SaaS are compelling for distributors — and patrons — however SaaS is only a product hosted some place else by another person. Safety groups nonetheless use the answer. By layering a managed safety service functionality on high of SaaS and promoting bundles, distributors and finish customers get one of the best of each worlds. 

Very like FireEye’s strikes into SOAR, or its more moderen early transfer within the breach and assault house via the acquisition of Verodin (now generally known as Mandiant Safety Validation), the corporate continues to make the correct strikes properly earlier than rivals. Simply because these strikes didn’t at all times pan out does not imply they have been dangerous selections, they usually acted as catalysts for rivals to do the identical. 

STG is aware of one thing we do not—or thinks it does 

Regardless of the causes STG acquired McAfee, RSA, and now FireEye, every of these distributors represents a as soon as proud safety model that discovered itself failing to maneuver to the cloud and pivoting far too late to SaaS, then watching its market share disappear to rivals. The capital benefits of those acquisitions have to be huge, or the personal fairness agency has confidence that it may well put these damaged firms again collectively. Maybe STG plans to create some type of cybersecurity tremendous group paying homage to the Rattling Yankees. 

STG has both added to its assortment of billion-dollar boat anchors or has set the stage for an incredible comeback story. It definitely does not lack ambition. The doubtless final result is a pared-down product portfolio vendor, an thrilling new rebranding announcement in 18–24 months, and the IPO of an revolutionary safety firm that all of us should not keep in mind as the hardly stitched-together parts of McAfee, RSA, and FireEye. 

Mandiant will profit from divesting of its acquirer 

For finish person safety leaders who need to see how this performs out, Mandiant appears to be in place to proceed its ahead momentum by streamlining itself. Mandiant struggled to promote its “controls agnostic” providers whereas connected to the FireEye model. That’s now a solved drawback. The break up may also permit Mandiant to capitalize on its intelligence-driven providers and develop the Managed Protection enterprise, satisfying one in all its shoppers’ most frequent requests in our current Wave analysis on the MDR house. By opening up extra to monitoring and managing any vendor’s safety controls, the cyberthreat intelligence groups will profit from elevated visibility into the worldwide risk panorama. As Kevin Mandia stated, this removes all bias from Mandiant. 

FEYE advantages from the checking account of STG and its elimination from the investor highlight because it retools. The danger is that it will get merged and saddled with some Frankenstein creation that features McAfee and RSA, which is unlikely to resolve extra issues than it creates. FireEye does shine when in comparison with STG’s different two big-brand cybersecurity “has-beens.” Being one of the best participant on a foul workforce, nonetheless, nonetheless implies that you lose most of your video games. To this point, PE acquisitions of cybersecurity firms has resulted in loads of exercise for buyers however little, if any, innovation for finish customers. 

In 5 years, we count on to see Mandiant as a extremely recognizable safety model, whereas FireEye will doubtless get positioned in a renamed IPO stuffed with “synergies” … for buyers. 

This put up was written by Vice President and Principal Analyst Jeff Pollard, and it initially appeared here.  

Additionally see

Source link

Leave a Reply


New Delhi
05:2319:21 IST
Feels like: 41°C
Wind: 10km/h E
Humidity: 56%
Pressure: 999.66mbar
UV index: 11

Stock Update

  • Loading stock data...


Live COVID-19 statistics for
Last updated: 9 minutes ago


Enter your email address to receive notifications of new update by email.