Milpitas, Calif.-based global network security company FireEye has acquired Washington, D.C.-based cyber-security firm Mandiant, which released a famous report last year about a Chinese military unit that allegedly pilfered data from at least 115 companies across major U.S. industries.
“There is an accelerating awareness that just wasn’t there a year ago,” FireEye CEO David G. DeWalt said inFT last week, citing NSA surveillance and Chinese hacking. “A lot of companies, organizations and governments said ‘look how pervasive these superpowers are in monitoring and stealing from these companies.’”
FireEye’s cloud-based systems work differently than traditional — and declining — antiviruses, which look for known cyber-threats that have already struck other targets. FireEye solutions quarantine inbound traffic, scanning for shady characters, be they from hackers, competitors or even nation states.
The merger makes sense to a lot of experts because Mandiant often handles the shady characters caught by FireEye. Mandiant’s technology helps identify the origin of a cyber-attack, and then bolster defenses against follow-ons.
“Companies are spending tens of billions of dollars of their money on a model that doesn’t work,” FireEye’s DeWalt said of antivirus software in The New York Times last week. “It’s going to take people and products working together.”
FireEye and Mandiant started collaborating last year on joint product deployments, something that many of their shared customers were already doing. The companies later started discussing a merger.
“It is absolutely generally accepted that you cannot solely rely on preventive services,” Mandiant founder Kevin Mandia said in FT last week. Those services used to take months to uncover a breech. “On the front line of the cyber battlefield you have to be able to say … it is these guys in St. Petersburg who normally use these 18 pieces of malware.”
The merger will extend Mandiant’s scope to FireEye’s broad customer base of more than 1,000, and
FireEye will gain access to Mandiant’s hallmark forensic investigators. Once integrated, the companies could inform customers of abnormal behavior immediately after detection, installing a temporary fix until one of Mandiant’s emergency team can take more permanent action.
“Documents [released to the public by Edward Snowden] have made it evident to companies that the United States monitors allies as well as adversaries, including friendly governments, international organizations and the networks of some Internet companies,” The New York Times stated last week. “Some of them could turn to companies like FireEye and Mandiant for protection, an interesting twist since many of Mandiant’s employees come out of the American intelligence world.”
In addition to intelligence, these companies know a thing or two about the waning antivirus industry — and how to beat it. DeWalt, once CEO of antivirus titan McAfee, will preside over a combined company that security experts predict will enjoy strong growth, according to Reuters.
But FireEye’s success will depend on more than its cloud-based systems and newly acquired software. Mandiant gained notoriety outside the cyber-security industry by specifically naming the Chinese People’s Liberation Army Unit 61398 as its suspect in a rash of industrial espionage hacks, an audacious move given that other security companies don’t usually name culprits.
FireEye would also consider naming names with Mandiant under its wing, according to DeWalt.
“You will probably see us continue to do it when it is appropriate,” DeWalt said in Reuters last week. “There is some incredibly egregious behavior.”