informa
4 min read
article

Mandiant to Use CrowdStrike Technology in Its Incident Response Services

Collaboration between the two firms will help organizations better identify and protect against complexity cyberthreats, chief executives from both companies said.

Mandiant will use CrowdStrike's Falcon endpoint detection and response (EDR) technology in delivering incident response services and consulting engagements to customers under an agreement announced Thursday between the two major cybersecurity players.

Starting sometime later this year, Mandiant — which recently agreed to be acquired by Google for $5.4 billion — will extend its Mandiant Managed Defense service to CrowdStrike's Falcon customers as part of the arrangement.

The top executives from both companies described the collaboration as bringing together industry-leading capabilities for helping organizations defend against cyberattacks in an increasingly complex threat environment. In a statement, CrowdStrike co-founder and CEO George Kurtz said the two companies have worked together on customer engagements for several years and had developed a mutual respect for each other's technical expertise and capabilities.

"This partnership between two mission-focused companies strengthens cyber defenses at a time when cyberattacks have become a notable business issue faced by organizations every day," added Kevin Mandia, chief executive officer of Mandiant.

Richard Stiennon, chief research analyst at IT-Harvest, says the collaboration makes complete sense. "George Kurtz and Kevin Mandia have worked together for over two decades," he says. "While Mandiant became the preeminent incident response firm, CrowdStrike became the leader in endpoint detection and response."

Together they deliver capabilities that incident response teams want, Stiennon says: EDR everywhere to discover what happened, and incident response capabilities to recover from the attack and eradicate any persistent malware left behind. "This deal will benefit CrowdStrike while cementing the solution that Mandiant can bring to bear," he says. Also, with Mandiant being acquired by Google, CrowdStrike will have a partnership with Google, Stiennon adds.

Different Paths
Both CrowdStrike and Mandiant are publicly traded companies that have taken somewhat different paths to becoming major players in the cybersecurity industry.

Mandiant, in recent years especially, has established itself as one of the industry's go-to companies for breach response and investigation. One example is its role in helping Colonial Pipeline recover after a ransomware attack in 2021 forced the pipeline giant to temporarily shut down its entire operation for the first time in its history. In November 2021, when the online stock training platform Robinhood experienced a breach that exposed data belonging to millions of customers, the company hired Mandiant to investigate the incident. The security firm has been involved in numerous other major investigations, including the 2014 breach at Sony, the 2017 incident at Equifax that impacted more than 140 million Americans, and a 2019 breach at Capital One that exposed data on some 100 million customers.

While Mandiant's core expertise is around incident response and consulting, CrowdStrike is a major player in the EDR market. The company's expertise lies in delivering technology for detecting and responding to vulnerabilities and security incidents. Analyst firms like Gartner have consistently ranked the company's Falcon platform as among the leaders in the endpoint and workload protection category.

Both CrowdStrike and Mandiant have also been involved in numerous well-regarded investigations of advanced persistent threat groups and nation-state activity from China, Russia, and other countries.

John Pescatore, director of emerging security trends at the SANS Institute, says collaborations of this sort between a large security consulting company and a highly visible security product company are not unusual.

Fernando Montenegro, an analyst at Omdia, views the partnership as a convenient collaboration between well-known vendors but not one that necessarily shifts things considerably for end-user organizations.

"Reducing this to its component parts, we have a well-respected security incident response provider indicating they will work with a popular security offering," he says. Such collaborations are typical of security industry dynamics he says. What will be interesting is how this partnership will progress considering that Google is in the process of acquiring Mandiant, Montenegro says.