Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.

5 Min Read
Mandiant logo on a smartphone in the forefront of a backdrop representing cybersecurity.
Source: SOPA Images Limited via Alamy Stock Photo

In late February, Microsoft reportedly dropped out of the running to acquire cybersecurity services firm Mandiant.

Yet the interest of the cloud giant — and the eventual price tag set by the winner, Google, of $5.4 billion — suggests that a consolidation is underway. But rather than a few large security-focused companies driving consolidation, the acquisition activity suggests that the big winners will be large cloud companies that better integrate cybersecurity into their services and offer new products and services based on their expertise.

In the same way that Microsoft's addition of endpoint security to Windows through its Windows Defender service has caused concern among endpoint security vendors, the fact that Microsoft is looking for a security-services provider may be a cause for concern in that industry, says Jeff Pollard, vice president and principal analyst at Forrester Research.

"It's been obvious for a few years now that these tech titans out there — Microsoft Azure, Amazon Web Services, and Google Cloud — were interested in cybersecurity and were monetizing cybersecurity in a way that others could not," he says. "Security vendors took a long time to understand cloud — and you could argue that many still don't — so when you take the Microsoft's and Google's fundamental understanding of cloud engineering and cloud operations, they can deliver enterprise software and services in a way that security vendors just don't have the expertise for."

Google's planned purchase of Mandiant for $5.4 billion will be the second-largest acquisition by the company, following the its purchase of Motorola Mobility's mobile device manufacturing business for $12.5 billion in 2011, and beating out the 2014 acquisition of home automation maker Nest Labs for $3.2 billion in 2014, according to reports. The company first moved into security in 2009, with its acquisition of reCAPTCHA, and continued with the purchase of antivirus scanning service VirusTotal in 2012, anti-spam and email security provider Impermium in 2014, backup and disaster-recovery firm Actifio in 2020, and security orchestration, automation, and response (SOAR) firm Siemplify in 2022.

In the short term, the announced acquisition adds uncertainty for Mandiant customers but likely will not change the outlook of Google Cloud customers, except to reassure them that the company is paying attention to cybersecurity, says Gadi Naveh, cyber data scientist with Canonic Security, a security-as-a-service startup.

"Over time, the acquisition of a prominent cybersecurity leader such as Mandiant has the potential to build out Google Cloud's native security capabilities," he says. "While existing Google Cloud customers who have already engaged Mandiant may find it easier to work with a single vendor, the change of corporate ownership is unlikely to change day-to-day security operations processes."

Google Plans: More Services, More Cloud Integrations
Overall, Google has only discussed its plan in broad terms and does not plan to shake up the industry — at least initially.

The online giant pointed to five areas that it expects to be strengthened by its purchase of Mandiant. While Google launched its own advisory services in October 2021, the company sees Mandiant as a way to add practical depth to its goal of helping organizations improve their security strategies across hybrid cloud and on-premises environments. Along with Siemplify, Mandiant's portfolio would also help Google expand its automation and response tools and allow clients to more easily respond to attacks. Testing and validation services and managed defense are two other areas that could be bolstered by the Mandiant buy.

One area where the combination of the two companies could really make a difference is in vulnerability research and threat intelligence, says Forrester's Pollard. The capabilities of the two companies, if they manage to augment the research team with real-world threat intelligence, could be significant, he says.

"Google has sponsored security research and threat research now for quite a long time, and that is a key component of what Mandiant brings to the table from a threat intelligence and incident response perspective," Pollard says. "And with those two coming together, that could be one of the more interesting things to come out from this."

Will Cloud Fully Take Over Security?
Yet how well Google can sell security services is still up in the air. In the past, leading companies in different industries have argued that they could launch a platform from which all security could be provided, but those predictions really never have been realized, says John Pescatore, director of emerging security trends at the SANS Institute.

Pescatore instead views the acquisition as a way to improve Google's ability to protect its cloud, and detect and respond to attacks on behalf of its customers.

"I don't think that Google will grow Mandiant's revenues," he says. "I think Google will use Mandiant's talent to make its infrastructure more secure and make their customers' footprint more secure."

Google will also have significant challenges in terms of contending with hybrid infrastructure and concerns with placing all security functions in the control of a single vendor, says Canonic Security's Naveh.

"IT environments don’t always conform to the discrete layers of infrastructure, platform, and software," he says. "While the Google Cloud team may have plans to bundle Chronicle with a Mandiant-powered managed services on top, some security leaders may prefer diversification at the expense of the promise of convenience."

Finally, the Mandiant purchase still leaves holes in Google's security services and capabilities, says Forrester's Pollard. In particular, the company still does not have a significant endpoint detection and response capability that integrates into the cloud — often called extended detection and response, or XDR.

"When you take a look at some of the constituent elements, there are still some gaps there in the overall portfolio," Pollard says. "Mandiant did not complete Google in every way, from a capability perspective, but it definitely augments a lot of the Google capabilities with the expertise that Mandiant brings."

About the Author(s)

Robert Lemos, Contributing Writer

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights