The big announcement on Thursday by Mandiant and CrowdStrike that the two companies would collaborate more on security projects was well-received by the industry overall, but some security analysts wondered what the move means strategically for Google’s recent acquisition of Mandiant — and any other future deals by Amazon, Microsoft, and other Big Tech companies.   

On the surface, Mandiant has been best known for its incident-response teams and CrowdStrike for its Falcon anti-virus, endpoint and threat intelligence platform, so combining the leading IR company with a strong toolset makes sense.

Both companies are well known in the industry. Mandiant for informing the public of the SolarWinds breach and managing the investigation following the ransomware attack last May on Colonial Pipeline, and CrowdStrike for leading the investigation of the hack on the Democratic National Committee in 2016.

“Symbolically, the announcement is a tremendous public validation of CrowdStrike,” said Frank Dickson, program vice president for security and trust at IDC. “The separation of FireEye and Mandiant allows for the consideration of any security products. Mandiant chose CrowdStrike.”

While the new relationship presents some interesting opportunities, Dickson did point out some looming questions: Google is an investor in Cybereason. Google also has plans to acquire Mandiant. While strategic partnerships are not uncommon, “one has to wonder how ownership changes effect long-term strategies,” said Dickson.

Jon Oltsik, senior principal analyst and ESG Fellow, said the Mandiant-CrowdStrike news fits into the coopetition category. On the one hand, Oltsik said some organizations using CrowdStrike may also want Mandiant for IR. Alternatively, those using Mandiant for IR may feel that CrowdStrike works best for endpoint forensics and then ongoing monitoring. 

“From an industry perspective, CrowdStrike and Mandiant are two leaders in threat research/intelligence so, in theory, everyone benefits from further collaboration,” Oltsik said. “All of the other big players [in tech] are doing similar things, albeit a bit differently. Amazon wants control, but works with partners opportunistically. For example, it just announced support for a virtual Palo Alto Network firewall on AWS. Microsoft approaches the market similarly, but remember it was rumored that Microsoft wanted to buy Mandiant. This indicates it wanted a security-centric division offering services and visible market leadership.”

Jeff Pollard, vice president and principal analyst at Forrester, added that while there’s some overlap between the companies, these are two organizations with histories of performing incident response activities in some of the most consequential breaches. Pollard said the most interesting areas that may spur new threat intelligence and research will come from where they diverge.

“Different methodologies, focus areas, skills, and personnel guarantee that one knows something the other doesn’t,” Pollard said. “This partnership could yield incredible results from those areas, as they learn from one another.”

Kevin Dunne, president at Pathlock, said the combination of the two companies offers a best-of-breed solution, including both software and flexible resourcing. 

“This will let companies build their own security operations centers with the flexibility to grow them on-demand,” Dunne said. “Notably, this combination was available when Mandiant was part of FireEye, however, FireEye decided to focus on pure security software solutions which triggered their divestment of Mandiant to Google earlier this year. Overall, we expect managed service and software vendors to continue to partner to provide a flexible and scalable solution to solve customer needs.”