Channel investors, Content

Microsoft Pursuing Mandiant Acquisition?


Microsoft may be striving to acquire Mandiant, the incident response and XDR cybersecurity company that recently split from FireEye, according to a Bloomberg report.

Updated March 7, 2022: Now Google apparently is in negotiations to acquire Mandiant.

Original February 8, 2022 Report: Shares in Mandiant ($MNDT) surged 18 percent on the Microsoft rumor, and the security company is now valued at more than $4 billion. Mandiant CEO Kevin Mandia declined to comment about the rumor during the company's earnings call on February 8, 2022. Microsoft did not reply to a request from SeekingAlpha for comment.

Microsoft and Mandiant have been worked together to investigate multiple high-profile cybersecurity incidents in recent years. Both companies, for instance, were deeply involved in the SolarWinds Orion breach investigation and various Microsoft Exchange vulnerability investigations.

Mandiant Business Evolution: From Incident Response to XDR

Mandiant, after breaking away from FireEye in recent months, introduced plans to drive partner, SaaS and XDR business success. CEO  Kevin Mandia outlined those efforts in a November 2021 earnings call.

Kevin Mandia, CEO, Mandiant
Kevin Mandia, CEO, Mandiant

As part of a five point partner plan, Maindiant:

  1. Created a technical alliances group to connect Mandiant’s intelligence expertise and advantage platform to other security product companies. Among the first moves is a Splunk relationship, which enables Splunk customers to operationalize Mandiant threat intelligence for adversary detection; interact directly with Mandiant experts for incident response; and validate their security posture against emerging and novel attacks, he said.
  2. Formed a strategic alliances group for system integrators and MSSPs. “We plan to enable integrators and MSSP to use the Mandiant advantage platform to deliver security transformation and modernization programs for their customers,” he said.
  3. Created an industry aligned expert team to “help us navigate and deliver tailored strategic services to various industry sectors such as finance, healthcare, defense utilities, among others; addressing their specific requirements based on mission, regulations and the risk profile,” he said.
  4. Hired a new leader to create a strategic alliance program targeting partnerships with global governments.
  5. Hired a new channel lead to create and manage a channel program that addresses the middle market in an efficient way.

Mandiant SaaS-based XDR Security Plan

Mandia in November 2021 also described a four-point R&D and innovation strategy. The overall strategy involves the Mandiant Advantage Platform — which is a SaaS-based XDR platform that addresses threat intelligence, security validation, automated defense and attack surface management. The related four-point technology strategy involves:

  1. A multi-vendor managed defense capability, which no longer requires Mandiant customers to run FireEye’s products. “Now our customers can rely on Mandiant expertise and intelligence to leverage the controls and vendors that they choose,” he said.
  2. Launching active breach and Intel monitoring capabilities the first quarter of 2022. “This capability enables visibility into Mandiant threat intelligence in real time. It is the functional equivalent of collaborating with our incident responders in the field, proactively checking our customers’ environment with the most up-to-date intelligence available as respond to the new and novel cyber attacks,” he said.
  3. Rolling out a Ransomware defense validation solution, which “tests a customer’s ability to defend against the ransomware attacks we are seeing in the field and provides unvarnished truth about an organization’s readiness to various ransomware actors,” he said.
  4. Acquiring Intrigue, which “allows Mandiant to deliver attack surface management or ASM as another module in the Mandiant advantage platform,” he said. ASM identifies how organizations could be compromised by identifying applications that are visible, vulnerable and exploitable. Mandiant plans to integrate attack service management into the Mandiant Advantage Platform in the first quarter of 2022, he said.

Microsoft Spending Billions on Cybersecurity

Meanwhile, Microsoft has been spending billions to further safeguard Azure, Microsoft 365 and other platforms from cyberattacks and misuse.

The company typically emphasizes $1 billion-plus security spending commitments at its annual partner and customer conferences. On the M&A front, Microsoft has already acquired these cybersecurity companies:

  • July 2021: CloudKnox Security for enhanced identity & access management (IAM) across Microsoft Azure Active Directory.
  • July 2021: RiskIQ for cybersecurity & threat intelligence software. RiskIQ has Microsoft Exchange Server vulnerability expertise.
  • June 2021: CyberX, an IoT/OT security company. Microsoft Azure Sentinel SIEM, additional cloud services & MSSP partners gain more security capabilities.

Stay tuned for more details about Microsoft's alleged pursuit of Mandiant, as well as Mandiant earnings later today.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.