FireEye acquired privately held Mandiant in a transaction valued at around $1 billion. The deal consists of
21.5 million newly issued shares (NASDAQ: FEYE), options to purchase shares of FireEye stock, and approximately $106.5 million of net cash to the former Mandiant security holders.
Mandiant is a leading provider of advanced endpoint security products and security incident response management solutions. It has more than two million endpoints installed globally. The solution is designed to tell a company when it has been compromised and what the material impact of the breach is. The company was founded in 2004 by Kevin Mandiant and is based in Washington, D.C..
The acquisition, which recognizes the ever-increasing intensity of cyber attacks and follows nearly two years of collaboration, creates the industry’s leading advanced threat protection vendor with the ability to find and stop attacks at every stage of the attack life cycle. The transaction closed on December 30, 2013.
The combination of FireEye and Mandiant brings together two highly complementary companies, each a recognized leader and innovator in security, and creates an organization uniquely qualified to meet organizations’ needs for real-time detection, contextual threat intelligence, and rapid incident response.
FireEye offers a purpose-built, virtual machine-based Multi-Vector Virtual Execution (MVX) engine that conducts signature-less analysis atop a patented, virtualization technology purpose-built for security. The MVX engine is designed to provide scalable, accurate, and timely protection across the primary threat vectors – Web, email, file, and mobile.. FireEye now has more than two million virtual machines deployed worldwide, providing real-time, dynamic threat protection to more than 1,500 government, enterprise, and small and mid-sized customers.
Mandiant’s endpoint products are already integrated with the FireEye platform. The companies have been collaborating for 2 years.
FireEye said the combined organization unifies the critical components required to provide state-of-the-art cyber security: the most complete library of actionable threat intelligence on advanced threats and a product suite that can apply that intelligence to detect and prevent attacks on both the network and on endpoints.
“Organizations today are faced with knitting together a patchwork of point products and services to protect their assets from advanced threats,” said David DeWalt, chairman of the board and chief executive officer of FireEye. “Together, the size and global reach of FireEye and Mandiant will enable us to innovate faster, create a more comprehensive solution, and deliver it to organizations around the world at a pace that is unmatched by other security vendors.”
In February 2013, A highly publicized report from Mandiant, a security consulting firm based in Arlington, Virginia, linked cyber attacks on over 140 U.S. corporations to a specific unit of China’s People’s Liberation Army.
The report, called “APT1: Exposing One of China’s Cyber Espionage Units,” details how it has the PLA’s Unit 61398 systematically carried out spear-phishing attacks and stole confidential data from leading companies across multiple industries. Mandiant claims the widespread attacks are on-going.
In addition to describing the methodology of the attacks, the Mandiant report provides domain names, MD5 hashes of malware and X.509 encryption certificates associated with the attackers.
Some highlights of the widely-cited Mandiant report:
- APT1 has systematically stolen hundreds of terabytes of data
- APT1 is believed to have dozens, if not hundreds of human operators.
- APT1 maintains an extensive infrastructure of computer systems around the world.
- In over 97% of the 1,905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language.
- Mandiant observed APT1 establish a minimum of 937 Command and Control (C2) servers hosted on 849 distinct IP addresses in 13 countries. The majority of these 849 unique IP addresses were
- registered to organizations in China (709), followed by the U.S. (109).
