Flavijus Piliponis â stock.ado

FireEye and Mandiant part ways in $1.2B deal

FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group.

FireEye and Mandiant are parting ways after entering into an agreement with a consortium led by Symphony Technology Group.

The cybersecurity giant announced Wednesday that it will sell the FireEye products business, including the FireEye name, to the Palo Alto, Calif.-based private equity firm in an all-cash transaction for $1.2 billion. The sale to Symphony Technology Group (STG) reverses FireEye's blockbuster $1 billion acquisition of Mandiant in 2014.

The acquisition agreement will divide FireEye's network, email, endpoint and cloud security products, as well as its security management and orchestration platform, from Mandiant's software and services. The two will continue to operate as a single entity until the completion of the deal, which is expected to close by the end of the fourth quarter.

FireEye CEO Kevin Mandia will become chief executive of Mandiant Solutions, which will be named Mandiant after the close of the deal. John Watters, who rejoined FireEye's executive team earlier this year as president and chief operating officer, will retain his title at Mandiant. FireEye will be led by Bryan Palma, who also joined earlier this year as executive vice president of products, along with his current leadership team.

A FireEye spokesperson told SearchSecurity that 1,300 employees will go with FireEye and 2,150 will go to Mandiant Solutions.

According to the announcement, at closing, the company will "enter into agreements designed to maximize the benefits for joint customers." SearchSecurity asked FireEye what the current stage of those agreements was, and whether there will be preferred status.

"FireEye and Mandiant will continue to have a partnership for the foreseeable future regarding intel and telemetry sharing, and in using and reselling each other's commercial offerings. These agreements are commercial in nature and can be renewed," a FireEye spokesperson said in an email to SearchSecurity.

In a blog post, Mandia said that with the closing, Mandiant will be able to concentrate exclusively on scaling its intelligence and frontline expertise through the Mandiant Advantage platform, while the FireEye Products business will be able to prioritize investment on its cloud-first security product portfolio.

Since FireEye's acquisition of Mandiant, the company has been hired to investigate and mitigate high-profile incidents such as the ransomware attack on the Colonial Pipeline.

Now, it will join the ranks of other vendors bought out by STG recently, which has expanded its cybersecurity portfolio by also acquiring RSA Security and McAfee. In February 2020, Dell sold RSA for more than $2 billion to a consortium led by STG. In March, McAfee agreed to sell its enterprise security business for $4 billion to the private equity firm.

Eric Parizo, a principal analyst at Omdia, told SearchSecurity that the sale of the FireEye products business is not a surprise -- he predicted such a move almost seven months ago in a brief on FireEye's acquisition of Respond Software. According to Parizo, Omdia believed that Respond's acquisition was driven by FireEye's desire to prioritize growth of its Mandiant-branded services.

Another aspect that took out the element of surprise, said Parizo, was Watters formally rejoining the executive team about six weeks ago. "I believe he did so only because the deal was imminent," he said in an email to SearchSecurity.

Parizo said Mandia and his team recognized that FireEye's appliance-based businesses did not offer strong prospects for long-term revenue growth. "As of late 2020, its billings and revenue from products was down approximately 15% from two years ago. And per Mandia's own comments on the investor call yesterday, the products business was hindering the growth potential of the services business," he said.

Jeff Pollard, vice president and principal analyst at Forrester, said the advantages of the acquisition go to Mandiant. "This gives Mandiant the chance to place its focus back on its collection of services, where it was always strongest," he said in an email to SearchSecurity.

This allows Mandiant to tap into the market by offering security services across any client's technology stack.
Jeff PollardVice president and principal analyst at Forrester

"Mandiant announced in 2020 that it wanted to expand its security services business beyond the FireEye ecosystem, so that was coming," Pollard added. "But now this allows Mandiant to tap into the market by offering security services across any client's technology stack. It also means there's no bias -- or perceived bias -- that Mandiant favors FireEye. It's no longer a security services company attached to a product vendor, but a standalone security services company, which will give independence to its consulting, incident response and threat intel business."

As for the future of the deal, Parizo said he believes the most likely scenario is that STG will allow the new FireEye to exist independently. However, it may intertwine with another of STG's recent acquisitions in McAfee, which can account for any business-side support -- something the FireEye deal may not include.

"I believe there is an increased likelihood that STG may combine the McAfee enterprise business with FireEye, operating under the FireEye brand. This would explain the unusually long nine-month closing period for the McAfee deal," he said.

Doug Cahill, vice president and senior analyst at Enterprise Strategy Group, a division of TechTarget, said it's possible FireEye will be combined with McAfee for a major overhaul. "FireEye built out the product portfolio organically and via acquisition, including Verodin," he said. "If the new STG-owned entity merges the FireEye product line with the McAfee's MVision platform, then it will be a means to transition the products to a cloud-based, as-a-service set of offerings."

While Mandiant benefits from the deal, Pollard said the future is a bit murkier for FireEye.

"STG acquired a number of security companies recently, and if the common private equity playbook is followed then I'd expect to see McAfee, RSA and FireEye get smashed together in some strange amalgamation of once proud security brands, get renamed, and then IPO as a portfolio security company in a few years," Pollard said. "Unfortunately, that seems to benefit investors and shareholders more than end users."

Next Steps

Mandiant, CISA warn of critical ThroughTek IoT bug

Dig Deeper on Security operations and management

Enterprise Desktop
Cloud Computing