Google to Buy Mandiant, Aims to Automate Security Response

  /     /     /  
Publicated : 23/11/2024   Category : security


Google to Buy Mandiant, Aims to Automate Security Response


In a deal worth $5.4 billion, Google would expand its security portfolio with managed detection and response (MDR) and threat intelligence, with an increasing focus on automation.



Google has announced its intent to buy incident response (IR) firm Mandiant for $5.4 billion, with the goal of broadening its portfolio of cybersecurity services with a company known for its IR investigations. That includes its response to the massive 2009 Aurora attacks, which compromised hundreds of companies — Google among them.
The acquisition will expand Googles revenue from cybersecurity services, give the company access to more real-time threat intelligence, and more tightly integrate those services into the Google Cloud Platform (GCP). In addition, Google will benefit from Mandiants plans to expand its automation of detection and response services to help companies cope with the unmet demand for cybersecurity professionals, said Kevin Mandia, CEO of Mandiant, during a press briefing.
We have been on a mission to automate security and secure the cloud, he said. Even though many look at Mandiant as an incident response company, we are not in business to be solely an incident company. ... By coming together with Google, we get the investment we need to continue automating incident response.
The planned purchase of Mandiant is the latest move by Google to bolster its cybersecurity products and services. In August, the company
pledged to spend $10 billion to boost software security
, including investments in bug bounties and donations to open source software projects. Mandiant will join other recent Google acquisitions — such as
security orchestration, automation, and response (SOAR) firm Siemplify
, which the company acquired in January — to deliver additional capabilities.
Google Cloud Platform
Integrating Mandiant into GCP gives Google a stronger revenue stream linked to IR as well as other services that can be integrated into the platform, such as threat intelligence, testing and validation of security controls, and risk management. The full suite of capabilities provided by Google, many of which come from recently acquired companies, should be attractive to enterprises, says Phil Venables, vice president at Google and chief information security officer at Google Cloud.
We are clearly going to spend time thinking about how the integration will work in the right way, he says. But when you look at the elements of this, it is a pretty compelling set of technologies and services that can really benefit enterprises and all organizations in their end-to-end security mission. It brings a lot of fresh competition to the marketplace and really responds to what customers are asking for.
While Google is not willing to discuss plans for the final form of the integrated companies, Mandiant will still support its customers and work with companies that are not Google customers. The integration of Mandiant into Google should help businesses because the broad base of threat intelligence should provide better information to customers of either company, says Neil MacDonald, distinguished research VP at business analysis firm Gartner.
The deal benefits customers even if they dont run on the Google Cloud Platform because there will be a halo effect, he says. Googles security will be improved by Mandiant, so customers benefit from that expertise and data from its services.
The halo effect will not just help businesses but all of Googles consumer customers as well, said Alberto Yépez, co-founder and managing director at Forgepoint Capital, in a statement sent to Dark Reading.
Everyday Internet users will benefit from this deal because Gmail and Google Apps — plus all of the other Google business applications — will now be armed with Mandiant’s insights on threat vectors and cyber criminal organizations around the world, he said. This context is critical for attack prevention. Layering that context with the use of big data and AI allows Google to be significantly more effective in preventing attacks.
The acquisition ends eight months of reportedly competitive talks to purchase Mandiant following
the sale of its FireEye security products business
to Symphony Technology Group for $1.2 billion in June 2021. Symphony had previously bought McAfees enterprise security business and
renamed the McAfee and FireEye enterprise businesses as Trellix
. The company formerly known as FireEye
rebranded itself as Mandiant
during the divestiture of its FireEye products business at the beginning of October.
First It Was Microsoft 
Until recently, Microsoft had been rumored as the favored purchaser of the company, but talks ended earlier in March. GCP needs the capabilities more than Microsofts Azure, which already has Active Directory and the Defender endpoint detection and response (EDR) service, said Jeff Pollard, vice president and principal analyst at Forrester Research, in a statement sent to Dark Reading.
GCP is playing catchup to Microsoft in cybersecurity and lacks its competitors’ inherent advantages in the enterprise: endpoint and active directory, he said. That forces [Google] to pay a premium and be more aggressive, which its signaled a willingness to do.
The focus on automation is unsurprising. The US and other developed countries face significant cybersecurity threats but continue to have far too few cybersecurity professionals to deal with the problems. Currently, US companies have open requests for almost 598,000 cybersecurity positions, which is
57% of the total employed cybersecurity workers
in the US, according to CyberSeek, a collaboration between Emsi Burning Glass, CompTIA, and the National Initiative for Cybersecurity Education (NICE).
However, much of the basic cybersecurity work is repetitive and can be automated, says Mandiants Mandia.
As we are having the conversation, Mandiant is responding to 150 breaches, and I would say 85% to 90% of what our folks are doing, we have done it before, he says. If we can automate that capability to go through all the data that people are harvesting to secure their networks to find the needles in the haystacks — if we can automate what we do, the need for people will decrease.
Mandiant found a suitor with deep pockets in Google, which helps as the company reinvents its business, Pollard said, pointing out that there are still gaps in Googles cybersecurity capabilities. Most pressing is the lack of an endpoint detection and response (EDR) platform to compete with standalone offerings and Microsofts Defender for Endpoint.
We expect an EDR tool is next on its shopping list, he said.
Google has
agreed to pay $23 per share
in the
all-cash deal
. The acquisition still has to be approved by regulators and stockholders. Mandiant investigated the 2009 Aurora attacks that compromised at least two dozen companies — but
later reports estimated hundreds
— including Google.

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google to Buy Mandiant, Aims to Automate Security Response