Mandiant has separated from FireEye (FEYE) by selling the company’s product stake to Symphony Technology Group (STG) for $ 1.2 billion. The story of FireEye as an “almost acquired provider” is finally over when STG takes over the reins.
Image: putilich / Getty Images / iStockphoto
In a cybersecurity divorce that had fewer leading indicators than Kim and Kanye’s breakup, Mandiant finally parted ways with FireEye (FEYE) by selling the company’s product portion to Symphony Technology Group (STG ) has sold. The story of FireEye as an “almost acquired provider” is finally over when STG takes over the reins. The long and winding saga of two companies that should never have merged will end in the fourth quarter of 2021.
A culture war from day one
The FireEye and Mandiant cultures never really meshed. FireEye employees were masters of hardware sales, while Mandiant cultivated a culture of knowledge and mastery. Both groups deserved their bragging rights, but the dream team he envisioned never materialized. That misalignment was never really addressed, and the damage was done by the post-acquisition brain drain that resulted in a Mandiant diaspora that created startups, ran other security companies, and ran security programs as chief information security officers. FireEye staff left just as quickly and did the same.
When FEYE bought Mandiant, it was a cybersecurity darling who had just had a successful IPO with a share price soaring 80% above its IPO debut and instantly becoming one of the leading innovators in cybersecurity. At the time, FEYE was at the forefront of a security renaissance, a “new vendor” with a new approach that emerged as an alternative to the antivirus-heavy security vendors of the previous decade. But all too quickly, the limelight that FireEye was enjoying became way too intense. Financial losses, missed opportunities, and products that were good but never crowded out the incumbents weighed on the provider. Mandiant gained its own fame with the release of the APT1 report and became one of the few go-to incident response firms after responding to multiple break-ins by State Nexus actors.
FireEye never became the seller it was supposed to be
FEYE’s portfolio included security hardware that spanned almost the entire technology stack, but these devices never really supplanted other controls. Firewalls are still around, and sandboxing functionality has become a feature of them. The other offerings from FEYE such as TAP and Helix have never taken over the area of security analysis or security orchestration, automation and response (SOAR). The company constantly looked for the dominance Mandiant enjoyed over the incident response market, but never found it. While the products could not take a dominant position, Mandiant slowly began to reinvent itself through legacy services and Software as a Service (SaaS).
The FireEye story of seeing where the markets go is perhaps what it should be remembered most for. In addition to acquiring Mandiant, FireEye acquired one of the previous cyberthreat intelligence companies – iSIGHT Partners – which joined forces with the Mandiant team. It acquired an early SOAR player in Invotas (now Helix) and acquired Respond Software. But seeing what’s coming and acting early isn’t enough, and in all of those cases FireEye products have never become a must-have. While the Mandiant side of the business stood out the most over the same period and was named a leader in several Forrester Wave ™ reviews, FireEye security products did not fare as well in our ratings. The relationship between the two sides of the company was never the same, and eventually Mandiant realized that older FireEye solutions were holding it back.
Mandiant Find FireEye Products “Work” For Customers
In several phone calls in 2020, Kevin Mandia mentioned that the company had committed to moving away from a FEYE-only ecosystem of products within its service practice. The sale to STG has certainly proven this, so no half measures. Mandiant gained momentum through SaaS offerings such as Mandiant Security Validation, Mandiant Advantage Threat Intelligence, Mandiant Managed Detection and Response, and its existing incident response business. The security market now values the ability to integrate far more than the ability to bundle, although the combination of both plants also works.
Services that drop products is not the norm
In such M&A transactions, the product provider often buys the service provider. Higher margins, more cash flow and higher multiples put software and SaaS companies in a better position to buy service companies than vice versa. But we’ve seen – and written about – the increasing number of companies entering the market with services wrapped around their own IP in the managed detection and response (MDR), cybersecurity consulting, and managed security service markets. Managed SaaS or bundled solutions with “managed platforms” are trendy and will continue to be. The economics of SaaS are compelling for vendors – and buyers – but SaaS is just a product that is hosted elsewhere by someone else. Security teams are still using the solution. By overlaying managed security service functionality on top of SaaS and selling bundles, vendors and end users get the best of both worlds.
Much like FireEye’s entry into SOAR or its more recent early entry into the security breach and attack space with its acquisition of Verodin (now known as Mandiant Security Validation), the company continues to take the right steps well ahead of its competitors. Just because these steps weren’t always successful doesn’t mean they were a bad choice, and they acted as a catalyst for competitors to do the same.
STG knows something we don’t know – or thinks it does
Whatever the reasons STG acquired McAfee, RSA, and now FireEye, each of these vendors represents a once proud security brand that failed to move to the cloud and switched to SaaS way too late, and then had to watch how their market share disappeared to the competition. The capital gains from these acquisitions must be huge, or the private equity firm is confident it can put these broken businesses back together. Perhaps STG is planning to create some sort of cybersecurity supergroup reminiscent of the Damn Yankees.
STG has either expanded its collection of multi-billion dollar boat anchors or set the stage for an amazing comeback story. There is certainly no lack of ambition. The likely outcome is a scaled-down vendor of the product portfolio, an exciting new rebranding announcement in 18 to 24 months, and the IPO of an innovative security company that we should all not remember as the barely-put together components of McAfee, RSA, and FireEye.
Mandiant will benefit from the sale of its acquirer
For end-user security leaders who want to see how this works out, it seems Mandiant is able to continue its forward momentum by rationalizing itself. Mandiant struggled to sell its “control independent” services while tied to the FireEye brand. That is now a problem solved. The split will also allow Mandiant to capitalize on its intelligence services and grow its managed defense business, fulfilling one of the most frequent requests from our customers in our recent Wave evaluation in the MDR space. By being more open to monitoring and managing the security controls of all vendors, the cyberthreat intelligence teams benefit from improved visibility into the global threat landscape. As Kevin Mandia said, this removes all of Mandiant’s prejudice.
FEYE will benefit from STG’s bank account and its removal from the investor spotlight when it is upgraded. The risk is that it will be merged and saddled with a Frankenstein creation that includes McAfee and RSA, which are unlikely to solve more problems than they create. FireEye shines when compared to STG’s other two major cybersecurity “gaps”. However, being the best player on a bad team still means that you will lose most of your games. To date, cybersecurity company PE acquisitions have generated too much activity for investors but little, if any, innovation for end users.
Five years from now, we expect Mandiant to be a highly recognizable security brand, while FireEye is likely to be placed in a renamed IPO full of “synergies” … to investors.
This post was written by Vice President and Principal Analyst Jeff Pollard and originally appeared here.
Cybersecurity Insider Newsletter
Strengthen your company’s IT security by staying up to date with the latest cybersecurity news, solutions, and best practices. Delivery on Tuesdays and Thursdays