Paradigm Shift in the Security Industry: FireEye acquires Mandiant

As an industry veteran, I’ve witnessed my share of IT transformations. Yup, I’m old enough to remember the transitions from mainframes to mini-computers, to client/server computing, to Internet computing, etc. Each of these IT tectonic shifts also led to changes in the balance of power within the industry. IBM owned business computing in the 1970s with its 370 mainframe but the transition to client/server gave rise to a number of new stars like HP, Microsoft, Oracle, and Sun.The current security industry is going through a similar transition. Security “mainframe” products like network firewalls and endpoint antivirus software are giving way to new types of products and services that combine real-time security intelligence, endpoint/network defenses, and security analytics/forensics. Why? Enterprises simply can’t continue to rely on security technologies that are becoming less-and-less effective and easily circumvented by an army of hacktivists, cyber crooks, and nation states.While this security industry paradigm shift is well understood, few companies have capitalized as much as FireEye. Over the past few years, the company had the right design, product, and aggressive go-to-market strategy to crash the enterprise security party and proceed to a wildly-successful IPO. Now, just as security royalty and Sand Hill Rd. upstarts are planning their FireEye incursions, the company struck again with its bold acquisition of the security “big bang theory” firm, Mandiant.Why is this a potential game-changer? FireEye continues to drive a new model for malware detection but it is missing some critical pieces like endpoint coverage and forensic/analytics capabilities. In the past, FireEye depended upon partners like Bit9, Blue Coat (Solera), and Guidance Software in these areas but this wasn’t going to help the company fully capitalize on the ongoing security market transition over the long-term. With Mandiant in hand, FireEye becomes a much more formidable company as it gains:• An endpoint platform. While Mandiant is known for forensic clean-up work, it also sells sophisticated software for endpoint malware detection and forensics. Network/endpoint visibility and coverage is exactly what the market is asking for. • Additional security intelligence. FireEye was already pretty solid here but it doesn’t hurt to throw in additional security intelligence from a market leader. FireEye can now jump into the burgeoning market for stand-alone security intelligence – especially in government, financial services, and technology markets.• Professional services. Mandiant has a reputation for its post-breach firefighting but this is just a fraction of what this talented team can do. Given the pervasive security skills shortage, FireEye shouldn’t have any trouble finding work and growing its services business over time.FireEye just moved beyond product to an anti-malware architecture for prevention, detection, and response. It also has the security intelligence and professional/managed services to establish CISO relationships, become a key security partner, and grab lucrative enterprise deals.FireEye is also betting that it can capitalize on Mandiant’s relationships with government agencies and federal integrators to grab its share of future cybersecurity spending inside the Beltway. On the flip side, FireEye hopes to give Mandiant something it never had – an enterprise-savvy sales and marketing team who can translate Mandiant federal security geek-speak into CISO value.So what happens next? Industry players like Cisco, IBM, McAfee, Palo Alto Networks, and Trend Micro will keep an eye on FireEye/Mandiant while claiming that they already have the pieces in place to compete. Bit9 and perhaps Guidance may be acquired and Sand Hill Rd. will likely aggressively push a portfolio of companies at Check Point, Juniper, and Symantec. In the meantime, FireEye will be well positioned for information security market transitions and immediate enterprise requirements.