- Alphabet's Google will pay $5.4 billion, or $23 a share, in cash for incident response firm Mandiant, which will be folded into Google Cloud when the deal closes.
- The offer represents a 57% premium to Mandiant's 10-day trading volume weighted average stock price as of Feb. 7, the date when reports emerged about rival Microsoft reportedly entering talks to buy Mandiant.
- The acquisition will team Mandiant, widely considered the nation's leading incident response firm for enterprise security, and Google Cloud, which helped pioneer zero trust principles through its BeyondCorp Enterprise model.
Mandiant has been the subject of considerable market speculation since June 2021, when it agreed to sell its FireEye cybersecurity products business to Symphony Technology Group for $1.2 billion in cash.
"After divorcing FireEye, Mandiant spent very little time being single as suitors lined up," Jeff Pollard, VP, principal analyst at Forrester, said via email.
Mandiant was a highly sought after business partner in an industry that has been rapidly consolidating in recent years.
Microsoft pumped billions of dollars in enterprise revenue over to its cloud business and has been looking to strengthen its security offering, following a number of key acquisitions last year.
Pollard said the Mandiant acquisition beefs up Google's incident response capabilities, while Mandiant gains a partner with deep pockets.
"But significant gaps remain for the combined entity," Pollard said. "Perhaps the most critical of those gaps is on the enterprise endpoint."
Weaving Mandiant into Google Cloud provides the incident response firm with scale.
Google responds to about 1,000 security breaches every year, Mandiant CEO Kevin Mandia said during a virtual press conference Tuesday, and one of the goals of the company has been to add automation to allow the company to analyze security telemetry at a much faster pace.
"So at the highest level of abstraction, what excited Mandiant about this partnership is (A) we can scale our expertise in intel at Google scale to secure the cloud and (B) we also can automate our expertise," he said.
For Google Cloud, the deal offers the promise of an end to end security operations suite, with comprehensive services across the cloud and on prem, Phil Venables, Google Cloud CISO, said during the press conference.
Venables said Mandiant customers will also benefit from the scope of Google Cloud’s partner ecosystem as well.
Google's cloud platform relies on endpoint detection and response (EDR) to complete its extended detection and response (XDR) offering, Pollard said. Therefore, he said, an EDR tool would be next on Google's shopping list.
Last August, Google said it would invest $10 billion in cybersecurity within five years, alongside promises to train 100,000 Americans through its certificate programs. The company followed its pledge with the January acquisition of security operations company Siemplify to better hunt, detect and respond to threats.
Following Google's recent acquisition of Siemplify, the deal demonstrates that Google is serious about growing revenue in its security division, according to Neil MacDonald, VP, distinguished analyst and Gartner Fellow at Gartner.
Google Labs and its threat research capability will get an uplift from the Mandiant brand name. Google will also get a security response capability on par with Microsoft's Detection and Response (DART) team.
"More importantly Google gains a cloud-based XDR platform and managed services and managed services to augment its Chronicle security information and event management platform and SOAR," MacDonald said.
This article has been updated with comments from experts about Google's bid to acquire Mandiant.