Late Post

Revenge of the SaaS: Mandiant makes use of providers to flee FireEye

Mandiant has untangled itself from FireEye (FEYE) by promoting the product portion of the agency to Symphony Know-how Group (STG) for $1.2 billion. FireEye’s historical past as essentially the most “nearly acquired vendor” is lastly over as STG takes the reins.

Picture: putilich/Getty Photographs/iStockphoto

In a cybersecurity divorce that had fewer main indicators than the dissolution of Kim and Kanye, Mandiant has lastly untangled itself from FireEye (FEYE) by promoting the product portion of the agency to Symphony Know-how Group (STG) for $1.2 billion. FireEye’s historical past as essentially the most “nearly acquired vendor” is lastly over as STG takes the reins. The lengthy and winding saga of two corporations that by no means ought to’ve been put collectively will come to an in depth in This autumn of 2021. 

A tradition conflict from day one 

The FireEye and Mandiant cultures by no means actually meshed. FireEye personnel had been masters of {hardware} gross sales, whereas Mandiant cultivated a tradition of experience and mastery. Each teams earned their swagger, however the dream crew envisioned by no means materialized. This misalignment was by no means actually rectified, and the harm was accomplished with the post-acquisition mind drain resulting in a Mandiant diaspora of launching startups, operating different safety corporations, and main safety applications as chief data safety officers. FireEye personnel exited simply as rapidly, doing a lot of the identical. 

When FEYE purchased Mandiant, it was a cybersecurity darling that had simply had a profitable IPO, with a inventory value that shot up 80% above its IPO debut, and immediately turned one of many main innovators within the cybersecurity area. On the time, FEYE was at the forefront of a safety renaissance, a “new vendor” with a brand new method that emerged as an alternative choice to the antivirus-heavy safety distributors of the prior decade. However all too quickly, the highlight FireEye relished turned far too intense. Monetary losses, missed alternatives, and merchandise that had been good however by no means displaced incumbents weighed the seller down. Mandiant gained its personal fame with the discharge of the APT1 report and have become one in every of a handful of go-to incident response corporations, having responded to a number of intrusions by state-nexus actors. 

FireEye by no means turned the seller it was purported to be 

FEYE’s portfolio included safety {hardware} that sat throughout nearly the whole know-how stack, however these gadgets by no means actually displaced different controls. Firewalls nonetheless exist, and sandbox performance turned a characteristic of them. FEYE’s different choices equivalent to TAP and Helix by no means took over the safety analytics or safety orchestration, automation, and response (SOAR) area both. The corporate continually looked for the dominance Mandiant loved over the incident response market, however finally by no means discovered it. Whereas the merchandise didn’t get hold of a dominant place available in the market, Mandiant slowly started to reinvent itself by means of legacy providers and software program as a service (SaaS). 

FireEye’s historical past of seeing the place the markets are going nicely earlier than others is maybe the factor it needs to be remembered most for. Along with snapping up Mandiant, FireEye additionally acquired one of many earlier cyberthreat intelligence corporations—iSIGHT Companions—which joined forces with Mandiant’s crew. It acquired an early SOAR participant in Invotas (now Helix) and bought Reply Software program. However seeing what’s coming and performing early is not enough, and in all these circumstances, FireEye merchandise by no means turned must-haves. Whereas, throughout the identical timeframe, the Mandiant facet of the enterprise largely excelled, putting in a number of Forrester Wave™ evaluations as a Chief, FireEye safety merchandise didn’t fare as nicely in our evaluations. The connection between the 2 sides of the enterprise was by no means equal, and ultimately, Mandiant acknowledged that legacy FireEye options had been holding it again. 

Mandiant discovered itself making FireEye merchandise “work” for shoppers 

In a number of earnings calls all through 2020, Kevin Mandia talked about that the corporate was dedicated to shifting off a FEYE-only ecosystem of merchandise inside its providers apply. The sale to STG definitely proved that to be true, so no half measures there. Mandiant was capable of finding momentum by means of SaaS choices equivalent to Mandiant Safety Validation, Mandiant Benefit Menace Intelligence, Mandiant Managed Detection and Response, and its legacy incident response enterprise. The safety market now values the flexibility to combine far larger than the flexibility to bundle, though combining each works, too. 

Companies shedding merchandise just isn’t the norm 

Usually in M&A transactions like this, the product vendor buys the providers vendor. Greater margins, additional cash movement, and better multiples places software program and SaaS corporations in a greater place to purchase providers corporations than vice versa. However we have seen — and written about — the growing variety of corporations launching with providers wrapped round their very own IP in managed detection and response (MDR), cybersecurity consulting, and managed safety service markets. Managed SaaS or bundled options that embody “managed platforms” are the trend and can proceed to be. The economics of SaaS are compelling for distributors — and patrons — however SaaS is only a product hosted elsewhere by another person. Safety groups nonetheless use the answer. By layering a managed safety service functionality on high of SaaS and promoting bundles, distributors and finish customers get the most effective of each worlds. 

Very like FireEye’s strikes into SOAR, or its newer early transfer within the breach and assault area by means of the acquisition of Verodin (now generally known as Mandiant Safety Validation), the corporate continues to make the correct strikes nicely earlier than opponents. Simply because these strikes didn’t at all times pan out doesn’t suggest they had been unhealthy decisions, and so they acted as catalysts for opponents to do the identical. 

STG is aware of one thing we do not—or thinks it does 

Regardless of the causes STG acquired McAfee, RSA, and now FireEye, every of these distributors represents a as soon as proud safety model that discovered itself failing to maneuver to the cloud and pivoting far too late to SaaS, then watching its market share disappear to opponents. The capital benefits of those acquisitions should be huge, or the non-public fairness agency has confidence that it will possibly put these damaged corporations again collectively. Maybe STG plans to create some kind of cybersecurity tremendous group harking back to the Rattling Yankees. 

STG has both added to its assortment of billion-dollar boat anchors or has set the stage for an incredible comeback story. It definitely does not lack ambition. The doubtless final result is a pared-down product portfolio vendor, an thrilling new rebranding announcement in 18–24 months, and the IPO of an progressive safety firm that all of us should not bear in mind as the hardly stitched-together parts of McAfee, RSA, and FireEye. 

Mandiant will profit from divesting of its acquirer 

For finish consumer safety leaders who wish to see how this performs out, Mandiant appears to be in place to proceed its ahead momentum by streamlining itself. Mandiant struggled to promote its “controls agnostic” providers whereas hooked up to the FireEye model. That’s now a solved drawback. The cut up may even enable Mandiant to capitalize on its intelligence-driven providers and develop the Managed Protection enterprise, satisfying one in every of its shoppers’ most frequent requests in our current Wave analysis on the MDR area. By opening up extra to monitoring and managing any vendor’s safety controls, the cyberthreat intelligence groups will profit from elevated visibility into the worldwide risk panorama. As Kevin Mandia stated, this removes all bias from Mandiant. 

FEYE advantages from the checking account of STG and its removing from the investor highlight because it retools. The chance is that it will get merged and saddled with some Frankenstein creation that features McAfee and RSA, which is unlikely to unravel extra issues than it creates. FireEye does shine when in comparison with STG’s different two big-brand cybersecurity “has-beens.” Being the most effective participant on a nasty crew, nevertheless, nonetheless implies that you lose most of your video games. Up to now, PE acquisitions of cybersecurity corporations has resulted in loads of exercise for traders however little, if any, innovation for finish customers. 

In 5 years, we anticipate to see Mandiant as a extremely recognizable safety model, whereas FireEye will doubtless get positioned in a renamed IPO filled with “synergies” … for traders. 

This put up was written by Vice President and Principal Analyst Jeff Pollard, and it initially appeared right here.  

Additionally see

Source link