[HN Gopher] Google to Acquire Mandiant
___________________________________________________________________
Google to Acquire Mandiant
Author : ideksec
Score : 312 points
Date : 2022-03-08 11:39 UTC (11 hours ago)
(HTM) web link (www.mandiant.com)
(TXT) w3m dump (www.mandiant.com)
| jansan wrote:
| This is quite a lot of money and Kevin Mandia obviouly made some
| right decisions in his life. But what is Google really after
| here? The employees (must be quite flutering to be valued at 10
| million on average), the products, the marketshare?
| mellavora wrote:
| a 10m average could indeed cause a heart to flutter.
| tims33 wrote:
| A typical consulting acquisition for someone like Accenture
| could be $250-500k per head. I realize this firm is deeply
| specialized and at the top of their industry, but it is a
| massive premium.
| lmeyerov wrote:
| Google is coming from ~last place on enterprise+gov security
| relative to Microsoft and Amazon, which is maybe 75% of the
| market (and ignoring the Splunks of the world), and the
| ability to grow there requires real skills in services.
| Mandiant, in turn, is in a league of their own here, in brand
| if not practice. More about amazing IR/hunt/etc, vs say SIEM
| configuration, so a lot of line blurring & potential skillset
| clash for achieving their value, but still. Google+MS
| internal security teams are likewise trusted, but only
| Microsoft's are considered collaborative, so Google's are
| ~useless from a services gap perspective. So from a strategic
| view, this jumps them from last place to ~first. (And
| Microsoft's main value in buying would have been just to
| prevent AWS/Google from doing so.)
|
| So as long as they have amazing handcuffs on the CEO, it's
| probably more like $1M per employee and $100M+ for the CEO
| (if real handcuffs) + brand.
|
| An independent Mandiant is amazing for the ecosystem, but so
| goes. Over all though, probably still net win for folks
| involved + community - Google getting even more serious here
| is great!
| tediousdemise wrote:
| I find it interesting that this acquisition is allowed... but
| when Lockheed Martin tried to acquire Aerojet Rocketdyne, it was
| shot down by the FTC.
|
| Why does Big Tech get a pass? Is it because they feed the
| government free data on every single American and foreign
| national?
| octagons wrote:
| I spent 5 years at Mandiant on the "proactive" team that
| performed penetration testing and similar services. The
| divestiture of the FireEye product was the best thing to happen
| to Mandiant since the acquisition by FireEye. The two business
| units were constantly at odds.
|
| I'm genuinely surprised by this acquisition, however. Mandiant's
| business model (consulting services) was successful despite the
| pressures and operational dissonance from the product side. When
| I left, they were well-poised for natural growth and to capture a
| larger market share of managed security services. I'm sure there
| is a model for success under Google, but I doubt many of the
| employees below the C-level wanted to go this direction.
| frozenice wrote:
| OT: popups and banners managed to cover the whole page... :/
| https://photos.app.goo.gl/PqV9FpqyPCujtFTJ6
| _joel wrote:
| Most of the HN crowd use adblockers
| frozenice wrote:
| I use them on my desktop, too. There are none in this WebView
| embedded in this mobile app, though.
| tjpnz wrote:
| That's more of an annoyance than an ad.
| swarnie wrote:
| Two clicks after OS install is annoying?
|
| We really are a privileged bunch aren't we =)
| _joel wrote:
| That's just untrue. Takes 2 seconds to install uBlock
| origin.
| SquareWheel wrote:
| I think you misinterpreted the parent comment. The banner
| being shown in the screenshot is being described as an
| annoyance, not an ad.
| stonemetal12 wrote:
| Yeah, but now I have to manage on a per site basis about
| half a dozen different settings. I find it a necessary
| evil on mobile to control bandwidth usage, but on desktop
| I find it easier to just not visit or immediately leave
| low quality websites.
| ezekg wrote:
| Sometimes I wonder if the people who work on such websites even
| occasionally visit their own site. I just don't understand.
| moltke wrote:
| They're likely prescribed by PR people who think of everyone
| in bulk and less intelligent than themselves. The people
| actually building the site probably hate it.
| shadowgovt wrote:
| The issue is that not every team remembers to test incognito
| from time-to-time.
|
| Those popups are all cookie-hidden if the cookies are set.
| Easy for an engineer working regularly on the product to
| accrete the cookies necessary to hide most of them over time.
|
| (Concretely in this case, I bet 99% of the engineers on that
| site have forgotten GDPR is a thing, especially since their
| compliance is being handled by third-party provider TrustArc.
| Easy for a frequent visitor to forget that every new visitor
| will get asked about the cookie use permission on the first
| visit).
| afrcnc wrote:
| It's like that on almost any site these days.
| mmaunder wrote:
| What is with the massive dive in Revenue post 2018?
|
| https://imgur.com/a/GvulfLe
| munificent wrote:
| COVID-19? I imagine a hell of a lot of revenue charts look
| similar around that timeframe.
| motohagiography wrote:
| Smart, even if it's just to scale TAG and secure that capability
| in a period of global instability with a heavy cyber component.
| As another commenter calculated $10M/employee is pretty good -
| especially if Google had excess cash on its balance sheet. That
| $10M/employee in cash is going to be worth maybe $8M in
| purchasing power in 3-5 years, less after, and getting cash into
| productive assets is a bit of a scramble right now. Regardless of
| what some folks in security think of FireEye, strategically it
| seems pretty smart.
|
| Maybe we should bet on a wave of other big acquisitions by
| companies with big cash reserves as well?
| rattray wrote:
| For others who hadn't heard of this company, quoting from the
| link:
|
| > Mandiant's more than 600 consultants currently respond to
| thousands of security breaches each year. Paired with research
| from more than 300 intelligence analysts, these resulting
| insights are what power Mandiant's dynamic cyber defense
| solutions - delivered through the managed multi-vendor XDR
| platform, Mandiant Advantage.
| dna_polymerase wrote:
| So, if you'd unbullshit this description, what are they doing?
|
| This reads like they are a PR company covering everything
| computer.
| dogman144 wrote:
| They do the IR retainer work for companies that are serious
| about security with real threats.
|
| In other words, it is the company that detected a breach of
| its own systems via dogfooding, that turned out to be the
| only detection that occurred of a breach of the entire US
| govt more or less - Solarwinds.
|
| Mandiant got the jump on every US govt agency in detecting
| arguably the largest espionage event of the digital age.
| hexo wrote:
| What is IR?
| dogman144 wrote:
| (security) incident response. most companies have in-
| house security teams to do a portion or a lot of the IR
| process. If a serious breach occurs, a security team
| usually will call in a specialized team of consultants
| from an IR firm like Mandiant.
| bitexploder wrote:
| They perform incident response and forensics for
| organizations that are compromised. Incident response is the
| highest bill rate infosec consulting you can do. It requires
| travel (used to, still does some today) and decently high
| technical skills. They are big and can combine the data their
| consultants collect into an intelligence platform that they
| sell as well.
| OrvalWintermute wrote:
| > Incident response is the highest bill rate infosec
| consulting you can do. It requires travel (used to, still
| does some today) and decently high technical skills
|
| I take a tiny bit of issue with that.
|
| Cryptography consulting is a higher labor rate, and higher
| end pen-testing w TS SCI+full poly, and application
| security gurus are above, or equal to IR.
|
| There are currently poaching wars going on around talented
| IR folks. A fortune 500 recently hired away an IR colleague
| with whom I collaborated around tap & agg with a FAANG type
| offer, RSUs, the whole shebang
| dogman144 wrote:
| Ya would also add smart contract auditing as possibly the
| highest billing right now. Pushes $400/hr for freelancing
| and similar w2 comp.
| sumdude1847 wrote:
| IR/forensics consulting is definitely more than $400/hr.
| tptacek wrote:
| It is not my experience that IR people bill $3k days ---
| though Mandiant definitely has billed out projects that
| high.
| OrvalWintermute wrote:
| Nope.
|
| Have seen labor rates across Fireye, and a host of
| others.
| sumdude1847 wrote:
| Then the rates you have seen are incorrect, old, or the
| result of special circumstances.
| dogman144 wrote:
| Hm would like to see JDs for that, unless you're
| referring to the really white glove stuff (ex-whatever,
| no name consultancies with incredible reps).
| bitexploder wrote:
| By volume. Cryptography consulting is a very lucrative
| niche but there is an order of magnitude less of it
| happening based on my wild guesses. I have run a high end
| boutique for 9 years and been doing infosec consulting
| for 15 years tho, so my guess is somewhat informed, I
| hope.
|
| Even high end appsec, seceng, and legit reversing pays
| below crypto and IR. We just can't charge as much for it
| for all but the most niche and demanding environments,
| which is not the bulk of what's out there.
|
| I am thinking averages here. I know there is high paying
| work in each domain, but the skills used are also highly
| developed, etc. If you wanted to build a high end
| consultancy with a lot of work IR is a great choice. I
| know ToB has done awesome in crypto
| (blockchain/contracts) space, etc. but I think IR work is
| a little easier to get into and build a business on
| without having really advanced and niche skills.
| tptacek wrote:
| This is like saying that Walmart cashiers have a higher
| bill rate than M&A attorneys, because there are so many
| more of them --- they're higher "by volume".
| tptacek wrote:
| IR is nowhere close to the highest bill rate infosec
| consulting you can do. Not even in the ballpark of it.
| Jabbles wrote:
| Do you have a rough ranking? Nothing formal, just your
| best guess.
| tptacek wrote:
| Difficult or "gated" specialties (like automotive)
| command higher bill rates --- so hardware, automotive,
| cryptography, maybe some kernel work (I don't know anyone
| that has a formal specialty practice in "kernel", it
| bleeds into other stuff).
|
| IR is a huge practice area, lots and lots of people do
| it, and the line-level consulting work here is stuff that
| isn't at all difficult or specialized (log file analysis,
| imaging). There's specialty work in IR too, of course
| (there are firms that specialize in memory forensics, for
| instance), and that bills higher.
|
| Mandiant is like the PwC of IR firms; Mandiant can get
| contracts that bill basic log file analysis out at
| $3k/day, because they're Mandiant. That doesn't mean the
| person doing that work is seeing proportionally more
| income themselves, or that a team of people striking out
| on their own from Mandiant are going to be able to bill
| comparably.
|
| On the other hand, a team of cryptographers or hardware
| reversers at a big firm probably could expect to see
| comparable bill rates after starting up their own firm.
| terracatta wrote:
| Kevin Mandia was always incredible at finding a grade A talent
| pipeline of IR professionals that enabled Mandiant to always be
| the folks that responded to the incidents "that mattered" (his
| words).
|
| Their APT-1 report
| (https://www.mandiant.com/resources/apt1-exposing-one-of-chin...
| they released in 2013 was at the time unprecedented and brought
| awareness to nation-state sponsored hacking to a much broader
| audience than ever before.
|
| As someone who worked there in the early days (a little over 100+
| employees) as an entry-level peon, I always felt I had the
| ability to walk into Kevin's office at anytime and tell him
| something I thought was important and get attention and respect
| back.
|
| While much of the organization has changed in the last 3 years,
| the constant has always been Kevin and the amount of work they
| put in to recover from the disastrous FireEye acquisition,
| preserve the brand's integrity, and to parlay that into such a
| positive acquisition for the employees and shareholders is an
| incredible outcome.
|
| Congratulations to both Google and Mandiant.
| uejfiweun wrote:
| When I was a FireEye intern, I got to meet Kevin Mandia and it
| really left an impression on me. He came up to me unprompted
| after an all hands and introduced himself, and seemed genuinely
| interested in me and what I was working on. Then, my co-intern
| came up, and Mandia actually remembered his name and everything
| from his previous internship at the company. I remember
| thinking, _this_ is a great and highly motivating CEO. It 's
| awesome to see that his hard work has paid off, I hope I get to
| work with him directly someday.
| Folcon wrote:
| The link above has a typo, here's the corrected link:
| https://www.mandiant.com/resources/apt1-exposing-one-of-chin...
| orf wrote:
| What happened with the FireEye acquisition?
| dmhmr wrote:
| FireEye was nowhere on the same level as Mandiant and the two
| companies split and FE was purchased by STG for $1.2 billion.
| _rfdu wrote:
| The core Mandiant infrastructure on cloud is run by 3 people
| _rfdu wrote:
| It's run on aws
| TameAntelope wrote:
| Holy shit they're going to have to migrate again, that's
| mildly hilarious considering the clusterfuck the first
| migration was.
| brlebtag wrote:
| So Google can close it later.
| johndfsgdgdfg wrote:
| HN should have a policy that stops any threads promoting
| Google. Evil company like Google shouldn't be promoted on HN.
| badrabbit wrote:
| Clash of cultures for sure. High turnover at GCP security (Or so
| I am told) and Google consultants? Wow. My experience has been
| they are very tech/innovation focused, holding a customer's hands
| and spoonfeeding them is not their style at all. Lots of
| medium/large businesses have Mandiant as a retainer so when They
| get pwned due to whatever mess, Mandiant comes in and cleans up.
| munificent wrote:
| Is it just me, or does it seem crazy that we all just accept that
| private businesses are obligated to protect themselves from
| state-sponsored hacking?
|
| Imagine if Wal-Mart had to fund a private air force and patrol
| over their stores in order to combat foreign bombers coming in
| and everyone was like, "Yeah, that's just how it goes."
|
| Isn't a primary responsibility of government to protect its
| citizens and businesses from other states' militaries?
| JohnHaugeland wrote:
| Businesses also need to protect themselves from burglary,
| despite that we have the police; fire, despite the fire
| department; et cetera.
|
| Government is not an abdication of responsibility.
| Gelob wrote:
| good point but the government/FAA controls the skies and not
| the internet which may or may not be a good thing
| jrochkind1 wrote:
| Are you suggesting the NSA should spend most of it's budget on
| ensuring domestic businesses have better security (even if that
| means foreign businesses do too), instead of ensuring that
| foreign businesses have bad security (even if it means domestic
| do too, and that's being overly charitable and thinking US-
| based businesses being hackable by them isn't one of their
| goals too).
|
| What a shocking idea!
| hadlock wrote:
| The same could be said for buying door and window locks vs the
| responsibility of local police to guard your home.
| d4mi3n wrote:
| This feels a bit reductionist. Parent post specifically calls
| out state-sponsored actors. It's fine to expect and require
| doors, windows, and locks. It is _not_ fine to expect a
| commercial business or individual to have their own tanks and
| military on hand.
|
| Organizations do bear responsibility for their security
| posture--and many have spectacularly failed in this
| responsibility--but let's not pretend that an employee being
| phished is equivalent to something on the level of the
| SolarWinds hack or any one of the many nasty bits of malware
| coming out of Russia.
|
| State sponsored attacks are well funded and leverage one more
| or 0-days, which by definition cannot be defended against.
| The only way to stay ahead of a 0-day is to find it first,
| and that requires resources and expertise even large
| organizations are hard pressed to find in the numbers
| required.
| fuzzylightbulb wrote:
| I think that the closer metaphor would be if an American
| business was having to hire private security resources because
| it was on some resource finding expedition in an unsavory part
| of the world, which is exactly what happens all the time.
| Exposing your business to the internet is like opening up an
| infinite number of storefronts everywhere, and a good number of
| those places are not where you want to be.
| throw10920 wrote:
| Exactly - the internet is a hostile place, because of its
| openness, which is (was?) a core design trait. As much as it
| hurts, you can't have the freedom of the internet without
| allowing bad actors some degree of freedom, too.
| Godel_unicode wrote:
| I wish people would think this through, think about the federal
| government protecting you from state-sponsored terrorism.
|
| Do you really want the TSA on the internet? Because that's what
| you're asking for...
| throwoutway wrote:
| Congrats to Mandiant! I really hope they don't go the same way as
| the spinout/reorg of Chronicle...
| sklargh wrote:
| This is less of an acquisition and more of a marketing expense
| for GCP. A stellar Rolodex and a great way to meet new clients,
| especially if they succeed in the breach.
| [deleted]
| mysterydip wrote:
| If I was a customer of Mandiant, I'm not sure how I'd feel about
| this. Plenty of potential resources both financial and manpower
| to improve services, but somewhere in the back of my mind would
| be "is Google going to hoover up all my data during an incident
| response?"
| danpalmer wrote:
| I don't really understand the basis for this comment/thought. I
| know it's a fairly common one, but I just don't think it tracks
| reality in any way.
|
| Google has a reputation for taking in a lot of data about user
| behaviour for targeting ads. That's pretty well defined data
| though, from well-defined sources, with well-defined semantics.
| Things like page views.
|
| How would Google ever be able to "hover up all your data" and
| get any benefit from it? What is the data? Where did it come
| from? What are the semantics? How are users identified? How is
| that mapped to users Google knows about?
|
| It's just entirely impractical to do anything with it, and
| that's leaving aside the fact that I imagine it would violate
| the terms of service, the contracts Google may have with
| businesses, and may constitute a significant legal issue with
| regards to data misuse.
|
| How exactly do you imagine that Google could do this, and what
| exactly would their motivation be to do so?
|
| Mandatory disclaimer: I work at Google, but not on any of the
| above and I only just started. My feelings on this are only
| informed by my previous time as a customer of Google Cloud.
| mupuff1234 wrote:
| Or maybe they would think something like "Google has the best
| reputation and track record in terms of security than almost
| any other corporation".
| TameAntelope wrote:
| I spent a few years there, FireEye messed Mandiant up something
| fierce, but Mandiant was never able to get its product going
| (with or without FireEye). Maybe Google can figure that part out.
|
| I wonder what will happen to the engineers; there is definitely a
| lot of expertise at that company, specifically in the IR/security
| side.
| mmaunder wrote:
| What is their main source of revenue? They did about $483M in
| 2021.
| syshum wrote:
| Unlikely, google is good at Killing the products they
| acquire... not much else
| 0xbadc0de5 wrote:
| Possible acqui-hire - perhaps it's not the product they're
| after...
| speed_spread wrote:
| 10 million per head is a hell of a sign-in bonus
| jcims wrote:
| I feel like this is an informal announcement that the product
| has been killed. Where would it live in the GCP portfolio?
|
| As an engineer I would be stoked. The resources that Google can
| bring in terms of data, compute and depth of analytical skills
| would be very appealing. It's probably going to be a disaster
| for the product folks but i think the engineers will be happy.
| At least for a little bit.
| philprx wrote:
| Well, it seems that the Google Chronicle was a semi-failure
| from all the signals that were coming out. I hope i'm wrong
| about Chronicle. Maybe this is a future replacement/iteration
| / improvement.
|
| This could be a way to improve their offering and remove the
| "security argument" showstopper for cloud migrations.
| jnwatson wrote:
| There's not a huge overlap between Chronicle and Mandiant.
| Mandiant makes most of its money off intel and incident
| response. Chronicle sells tools to do those.
| late2part wrote:
| Most everyone I know says that Chronicle was a failure.
| dogman144 wrote:
| Mandiant ending up as a glorified GuardDuty and Detective
| for GCP would be a travesty although I doubt that would be
| the outcome.
| dmhmr wrote:
| Having used Chronicle, it felt like an underwhelming paper
| thin demo product compared to what the industry offers. May
| as well scrap it and lean on Mandiant's experience for a
| replacement.
| cmrdporcupine wrote:
| My experience having gone through an acquisition @ Google
| (albeit 10 years ago and in a different space) is you might
| go in with the thoughts like yours expressed here: "wow,
| cool, think of all the resources Google has to make our
| product even better."
|
| In reality: your product will be sunsetteded and replaced
| with a Google-created version of the same thing within two
| years; your key management (and other) talent will pace
| around for 3-4 years in frustration waiting for their stocks
| and acquisition bonuses to fully vest, and eventually most of
| the talent that can get a competing offer that is close to
| Google's proverbial buckets of cash will take that and leave.
|
| That said, it might be different in Google Cloud where more
| of the infrastructure is closer to industry standard
| infrastructure instead of Google's bespoke creations. And
| there's a focus on the needs of what people outside of Google
| do and how they do it.
| jcims wrote:
| I did a short stint at Google and I saw this very thing. I
| think the one thing that's a little bit different with
| Mandiant is that it's largely a services organization. If
| they pigeonhole it as Google Cloud security then folks will
| bail very quickly. If they find a way to also extend it
| into their enterprise customer case as a value added
| service then I could see it being pretty interesting.
| pinewurst wrote:
| Assuming the engineers aren't forced to re-interview for
| their own jobs in the common Google acquisition fashion.
| vntok wrote:
| Of course they should be interviewed back, what's the
| alternative?
|
| _Hey team, so this is Steve from another department in
| another company. He 's been assigned to our team, so. Of
| course we're handling text in the Chromium engine and
| Steve's backgound is in threat analysis, but I guess we'll
| figure something along the way. Welcome, Steve_
| jacobr1 wrote:
| The alternative is that they basically keep working on
| the same things. Maybe now there is some integration
| project.
| jcims wrote:
| Especially since they likely have 2-3 years of services
| contracts to burn through and don't really have an org
| they directly overlay with inside Google. Enterprise
| security to an extent but also not.
| sulam wrote:
| In an acquisition of this size, it's not typical to
| interview. HTC engineers did not have to interview AFAIK
| and having been at Fitbit I can say for sure that no
| engineers had to interview.
|
| Interviewing happens with startups. When there aren't
| interviews the assumption is that Perf will take care of
| non-performers.
| TameAntelope wrote:
| The domain experts are best-in-class.
|
| The engineers probably would need to be re-interviewed.
| Heh.
| achow wrote:
| Interesting. A month back Microsoft was exploring this
| acquisition.
|
| _Microsoft Corp. is in talks to acquire cybersecurity research
| and incident response company Mandiant Inc... Mandiant shares
| surged 18% in New York, bringing its market value to almost $4.3
| billion.. A deal might also push cloud rivals Amazon.com Inc. and
| Alphabet Inc.'s Google to pursue their own similar acquisitions_
|
| https://www.bloomberg.com/news/articles/2022-02-08/microsoft...
|
| And from the current event:
|
| _..acquired by Google LLC for $23.00 per share in an all-cash
| transaction valued at approximately $5.4 billion_
| qzw wrote:
| Seems like they have ~500 employees, so the price is over
| $10M/employee. Obviously a good time to sell a security company
| right now.
| htrp wrote:
| its also 10mn per employee for a services company (afaik
| their saas revenue streams are secondary)
| tonyedgecombe wrote:
| It's an interesting concept buying a services business like
| that. Nearly all the value is in the staff who are all free
| to walk if they feel inclined.
| djrogers wrote:
| > Nearly all the value is in the staff who are all free
| to walk if they feel inclined.
|
| That hasn't been my experience with security services
| companies. Sure, people matter, but the processes,
| technology, and leadership can keep a good one on track
| regardless of who leaves.
| moneywoes wrote:
| Wouldn't the better comparison be based on revenue?
| ocdtrekkie wrote:
| Google doesn't buy revenue, they buy employees.
| ISL wrote:
| and in this case, an organization.
| RC_ITR wrote:
| Likely MS made the offer, and Mandiant's bankers shopped it
| around to Google.
|
| As much as Investment Bankers maybe be a drain on society, they
| DO provide value to certain capital-holders.
___________________________________________________________________
(page generated 2022-03-08 23:01 UTC)