FireEye, which sells a line of appliances that analyses suspicious files to detect custom malware and other advanced threats, has acquired Mandiant in a deal estimated at nearly US$1 billion (A$1.1billion).
The transaction closed on 30 December, but FireEye didn't formally announce the acquisition until after the financial markets closed on Thursday.
FireEye said the deal would help bridge its virtual machine malware analysis engine with threat intelligence and incident response capabilities provided by the Mandiant platform. According to FireEye, its platform is deployed by more than 1,500 government, enterprise, and small and mid-sized customers.
Mandiant provides both endpoint security and incident response services, as well as computer forensics services. The company is known for its threat intelligence research, focusing its attention on attacks emanating from China. The firm released a report in early 2013 that it said provided evidence of ties between a hacking group and the Chinese government. Chinese officials have disputed the claim.
Mandiant also maintains a threat intelligence and custom malware database, which could be integrated into the FireEye platform, the company said, which would use its capabilities to detect and prevent both network and endpoint threats.
"Organisations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats," FireEye chairman and CEO David DeWalt said in a statement. "Together, the size and global reach of FireEye and Mandiant will enable us to innovate faster, create a more comprehensive solution, and deliver it to organisations around the world at a pace that is unmatched by other security vendors."
Mandiant is known in the security industry for its incident response capabilities, said Pete Lindstrom, principal and vice president of research at Spire Security. Lindstrom said FireEye needed to either expand its capabilities beyond malware detection and analysis or be acquired by a larger security vendor.
"They've been a highly successful one-trick pony looking for a way to grow the company," Lindstrom said. "With sandboxing being commoditised, it seems pretty clear that FireEye can use an endpoint-based solution product wise, but the addition of threat intelligence and post-breach forensics makes it a very interesting acquisition."
FireEye is more than 90 percent channel, and in a recent interview with CRN US, DeWalt said the company is committed to the indirect sales strategy. Lindstrom and other industry analysts say the company is seeing increased competition from other appliance makers that are using virtual machine technology to detect malware. Sourcefire, which Cisco recently acquired, and McAfee, with its acquisition of Stonesoft, all use similar technology.
In addition, FireEye said its board of directors has appointed Kevin Mandia, Mandiant’s founder and chief executive officer prior to the acquisition, to the position of senior vice president and chief operating officer at FireEye. Mandiant has been a strategic alliance partner of FireEye since April of 2012.