Google’s acquisition of Mandiant for an estimated $5.4 billion represents a defining moment for both the cybersecurity industry and modern business as a whole. Google’s vast user base – from everyday users to enterprise customers – who rely on Google Workspace and all of Google’s other consumer and business applications every day, will now benefit from Mandiant’s security intelligence gathering and attack prevention capabilities.
As an industry, we were already heading towards the broad use of threat intelligence to prevent cyberattacks. So, how will this merger work and what does it look like for Google? Google becomes enabled with Mandiant’s deep context into the threat techniques, tools and information (intelligence) used to perpetrate attacks. This includes lots of data: trade secrets, compromised credentials, software vulnerabilities, and mobile/cloud data. By applying this context to big data analytics and artificial intelligence, the team can more effectively automate detection, protection, and response.
Mandiant brings first-hand knowledge of threat vectors, tools, malware and tools used by cyber criminals — and Google has unique insights into phishing, malware, botnets as well as half the mobile app traffic (Android). Google and other cloud/data analytics platforms have first-hand information of traffic, applications, devices and users being attacked or perpetrating the attack. Joining forces brings a powerful approach towards cyber intelligence and dealing with cyber threats: together Google and Mandiant can now harness unlimited compute power and data analytics to use context in combatting cyberattacks: pre- (prevention), during (detection), and post (response), in quasi real-time.
In addition to elevating Mandiant’s position in the market, this acquisition – which includes the addition of hundreds of hands-on security consultants amid a worldwide talent shortage – will further differentiate Google Cloud’s deep focus on cybersecurity in its race to compete with other players like Microsoft Azure Sentinel and AWS Cloud Security.
With this deal, it’s reasonable to question whether the industry will experience a buying spree. Consolidation in the cybersecurity sector is inevitable and very symbiotic, especially given the global shift to digital transformation and the constant demand to outpace cybercrime by evolving threat actors. Recent geopolitical affairs, major supplier hacks like JBS last year and Toyota’s hack just last week, and daily ransomware attacks have also heightened interest in mergers and acquisitions as well. Large companies will continue to buy innovation otherwise they will become irrelevant and disintermediated. They’ll also need new solutions to expand their addressable market to continue fueling their growth and momentum. They will acquire businesses that have unique capabilities and defensible intellectual property – including unique data that are hard to replicate. The targets of choice will be modern solutions that are easy to consume and deployable, specifically cloud-native working at scale. Area 1 Security being acquired by Cloudflare represents a clear example of this trend.
They may also look to fill capability gaps along a few dimensions, like speed, coverage, and access to relevant data. The ability to share this type of information in real time to achieve Collective Defense – a unified, immediate approach by sector, geographic regions and the global community. Collective Defense has been well defined by IronNet to let organizations across both private and public sectors share and collaborate as they defend together. They’ll also need to have access to large collections of compromised data that are used to perform these attacks. Constella comes to mind on this front, since it holds the largest breach data collection on the planet, with over 100 billion attributes and 25 billion curated identity records spanning more than 100 countries and 50 languages.
In cybersecurity we are trying to protect information derived from data, processed by applications, running on physical/virtual devices (mobile/desktops/servers/microservices) all interconnected by diverse networks and by individuals. It’s complex and multifaceted, requiring continuous innovation and collaboration along the spectrum of startup to enterprise, with each entity playing a unique role in the orchestration of defense and protection. Every organization, big and small, has been trying to protect the digital future and Google’s acquisition of Mandiant stands as a prime example of that.
Alberto Yepez, co-founder and managing director, Forgepoint Capital