Actionable news
All posts from Actionable news
Actionable news in FEYE: FireEye, Inc.,

FireEye: A Closer Look At Mandiant


FireEye bought Mandiant for synergistic reasons.

Mandiant is yet to live up to expectation due to dwindling high profile attacks.

Separating Mandiant can potentially unlock more value for FireEye.

My last article on FireEye (NASDAQ:FEYE) highlighted the possibilities of FireEye offloading Mandiant to unlock more value while also making it a more attractive acquisition target. The argument received pushbacks from SA readers who feel Mandiant should not be separated from FEYE. This article will provide more depth into the value Mandiant has contributed to FEYE while analyzing the reason Mandiant should/shouldn't be offloaded.

Source: FireEye

Why FireEye bought Mandiant

FireEye bought Mandiant in 2014, to complement its APT solutions. Mandiant was fresh off the APT1 report, which fingered the PLA in China in a slew of cyber-attacks targeting US companies. At that time, Mandiant was generating $100million in yearly revenue in a deal that valued it at 10X annual sales.

Since 2004, Mandiant has focused on incident response, its primary area of expertise.

In an interview conducted in 2014, Both Kevin Mandia (CEO) and David Dewalt (former CEO) commented on the merger saying:

The combined company would be able to notify its customers as soon as it detected abnormal behavior, execute a temporary fix and then dispatch a Mandiant team to take further steps. It will also give Mandiant more reach: FireEye works with more than a thousand customers, including 40 state military operations, around the globe.

Forbes contributor, Dan Woods, explained how this was supposed to work in an article detailing the shift towards more proactive solutions.

Essentially, companies would buy APT solutions to scan and detect IOCs (indicators of compromise) using the malware sandboxing technology. If there is evidence of a compromise, the cyber-SWAT team at Mandiant will come in to perform a thorough investigation of the attack. After all these have been accomplished, FireEye will recommend security solutions either from its portfolio or from a third party.

This process is supposed to repeat itself at a frequency, which will vary in proportion to the CISO's budget.

The problem is that CISO's are shifting focus to other solutions and attacks are reducing in magnitude. CISO's are opting for NGFWs with options to subscribe to threat intelligence feeds, malware sandboxes and cloud security. It is not FEYE's fault that CISO's have decided to spend this way. Regardless, FEYE needs to adapt.

What comprises Mandiant?

The primary component of Mandiant has been incident response. It is safe to say they are the best at it. When you take a closer look at other Mandiant services, you will...