Revenge of the SaaS: Mandiant makes use of companies to flee FireEye

Mandiant has untangled itself from FireEye (FEYE) by promoting the product portion of the agency to Symphony Expertise Group (STG) for $1.2 billion. FireEye’s historical past as probably the most “virtually acquired vendor” is lastly over as STG takes the reins.

Picture: putilich/Getty Photographs/iStockphoto

In a cybersecurity divorce that had fewer main indicators than the dissolution of Kim and Kanye, Mandiant has lastly untangled itself from FireEye (FEYE) by promoting the product portion of the agency to Symphony Expertise Group (STG) for $1.2 billion. FireEye’s historical past as probably the most “virtually acquired vendor” is lastly over as STG takes the reins. The lengthy and winding saga of two firms that by no means ought to’ve been put collectively will come to an in depth in This fall of 2021. 

A tradition conflict from day one 

The FireEye and Mandiant cultures by no means actually meshed. FireEye personnel have been masters of {hardware} gross sales, whereas Mandiant cultivated a tradition of experience and mastery. Each teams earned their swagger, however the dream workforce envisioned by no means materialized. This misalignment was by no means actually rectified, and the injury was performed with the post-acquisition mind drain resulting in a Mandiant diaspora of launching startups, operating different safety firms, and main safety packages as chief info safety officers. FireEye personnel exited simply as shortly, doing a lot of the identical. 

When FEYE purchased Mandiant, it was a cybersecurity darling that had simply had a profitable IPO, with a inventory value that shot up 80% above its IPO debut, and immediately grew to become one of many main innovators within the cybersecurity house. On the time, FEYE was at the forefront of a safety renaissance, a “new vendor” with a brand new method that emerged as an alternative choice to the antivirus-heavy safety distributors of the prior decade. However all too quickly, the highlight FireEye relished turned far too intense. Monetary losses, missed alternatives, and merchandise that have been good however by no means displaced incumbents weighed the seller down. Mandiant gained its personal fame with the discharge of the APT1 report and have become certainly one of a handful of go-to incident response companies, having responded to a number of intrusions by state-nexus actors. 

FireEye by no means grew to become the seller it was presupposed to be 

FEYE’s portfolio included safety {hardware} that sat throughout virtually the whole know-how stack, however these gadgets by no means actually displaced different controls. Firewalls nonetheless exist, and sandbox performance grew to become a characteristic of them. FEYE’s different choices corresponding to TAP and Helix by no means took over the safety analytics or safety orchestration, automation, and response (SOAR) house both. The corporate continually looked for the dominance Mandiant loved over the incident response market, however in the end by no means discovered it. Whereas the merchandise didn’t receive a dominant place available in the market, Mandiant slowly started to reinvent itself by way of legacy companies and software program as a service (SaaS). 

FireEye’s historical past of seeing the place the markets are going nicely earlier than others is maybe the factor it needs to be remembered most for. Along with snapping up Mandiant, FireEye additionally acquired one of many earlier cyberthreat intelligence companies—iSIGHT Companions—which joined forces with Mandiant’s workforce. It acquired an early SOAR participant in Invotas (now Helix) and purchased Reply Software program. However seeing what’s coming and appearing early is not enough, and in all these instances, FireEye merchandise by no means grew to become must-haves. Whereas, throughout the identical timeframe, the Mandiant aspect of the enterprise largely excelled, inserting in a number of Forrester Wave™ evaluations as a Chief, FireEye safety merchandise didn’t fare as nicely in our evaluations. The connection between the 2 sides of the enterprise was by no means equal, and finally, Mandiant acknowledged that legacy FireEye options have been holding it again. 

Mandiant discovered itself making FireEye merchandise “work” for purchasers 

In a number of earnings calls all through 2020, Kevin Mandia talked about that the corporate was dedicated to transferring off a FEYE-only ecosystem of merchandise inside its companies follow. The sale to STG definitely proved that to be true, so no half measures there. Mandiant was capable of finding momentum by way of SaaS choices corresponding to Mandiant Safety Validation, Mandiant Benefit Risk Intelligence, Mandiant Managed Detection and Response, and its legacy incident response enterprise. The safety market now values the power to combine far greater than the power to bundle, though combining each works, too. 

Providers shedding merchandise isn’t the norm 

Usually in M&A transactions like this, the product vendor buys the companies vendor. Greater margins, more money stream, and better multiples places software program and SaaS firms in a greater place to purchase companies firms than vice versa. However we have seen — and written about — the growing variety of firms launching with companies wrapped round their very own IP in managed detection and response (MDR), cybersecurity consulting, and managed safety service markets. Managed SaaS or bundled options that embrace “managed platforms” are the trend and can proceed to be. The economics of SaaS are compelling for distributors — and consumers — however SaaS is only a product hosted some other place by another person. Safety groups nonetheless use the answer. By layering a managed safety service functionality on high of SaaS and promoting bundles, distributors and finish customers get the perfect of each worlds. 

Very similar to FireEye’s strikes into SOAR, or its more moderen early transfer within the breach and assault house by way of the acquisition of Verodin (now referred to as Mandiant Safety Validation), the corporate continues to make the best strikes nicely earlier than opponents. Simply because these strikes didn’t at all times pan out doesn’t suggest they have been unhealthy decisions, and so they acted as catalysts for opponents to do the identical. 

STG is aware of one thing we do not—or thinks it does 

Regardless of the causes STG acquired McAfee, RSA, and now FireEye, every of these distributors represents a as soon as proud safety model that discovered itself failing to maneuver to the cloud and pivoting far too late to SaaS, then watching its market share disappear to opponents. The capital benefits of those acquisitions have to be monumental, or the personal fairness agency has confidence that it will probably put these damaged firms again collectively. Maybe STG plans to create some form of cybersecurity tremendous group paying homage to the Rattling Yankees. 

STG has both added to its assortment of billion-dollar boat anchors or has set the stage for an incredible comeback story. It definitely does not lack ambition. The doubtless final result is a pared-down product portfolio vendor, an thrilling new rebranding announcement in 18–24 months, and the IPO of an modern safety firm that all of us should not bear in mind as the hardly stitched-together parts of McAfee, RSA, and FireEye. 

Mandiant will profit from divesting of its acquirer 

For finish consumer safety leaders who wish to see how this performs out, Mandiant appears to be in place to proceed its ahead momentum by streamlining itself. Mandiant struggled to promote its “controls agnostic” companies whereas connected to the FireEye model. That’s now a solved drawback. The cut up will even permit Mandiant to capitalize on its intelligence-driven companies and develop the Managed Protection enterprise, satisfying certainly one of its purchasers’ most frequent requests in our current Wave analysis on the MDR house. By opening up extra to monitoring and managing any vendor’s safety controls, the cyberthreat intelligence groups will profit from elevated visibility into the worldwide risk panorama. As Kevin Mandia stated, this removes all bias from Mandiant. 

FEYE advantages from the checking account of STG and its elimination from the investor highlight because it retools. The chance is that it will get merged and saddled with some Frankenstein creation that features McAfee and RSA, which is unlikely to resolve extra issues than it creates. FireEye does shine when in comparison with STG’s different two big-brand cybersecurity “has-beens.” Being the perfect participant on a nasty workforce, nonetheless, nonetheless signifies that you lose most of your video games. To date, PE acquisitions of cybersecurity firms has resulted in loads of exercise for buyers however little, if any, innovation for finish customers. 

In 5 years, we count on to see Mandiant as a extremely recognizable safety model, whereas FireEye will doubtless get positioned in a renamed IPO stuffed with “synergies” … for buyers. 

This publish was written by Vice President and Principal Analyst Jeff Pollard, and it initially appeared right here.  

Additionally see

Source link