Mandiant Reveals The SaaS: Mandiant Recovers From FireEye
Revenge Of The SaaS – Mandiant Dumps FEE
Mandiant, in a cybersecurity divorce with fewer leading indicators that the dissolutions of Kim and Kanye has sold the product section of the company to Symphony Technology Group (STG), for $1.2 billion. STG will take over FireEye’s position as the “almost-acquired vendor”. In Q4 2021, the long and complicated story of two companies that should never have been combined will be over.
A Culture Clash Starting Day One
Mandiant and FireEye cultures never really merged. FireEye employees were experts in hardware sales, while Mandiant had a culture that was more focused on mastery and expertise. While both groups were able to show their brilliance, the dream team they envisioned was never realized. This misalignment wasn’t corrected and it was a result of the post-acquisition braindrain that saw a Mandiant diaspora launch startups, run other security companies and lead security programs as chief information security officer. FireEye employees also left the company quickly and continued doing much the same.
Mandiant was a cybersecurity darling. It had just experienced a successful IPO and its stock price soared 80%. FEYE quickly became a leading innovator in the cybersecurity sector. FEYE was a leading security company, a “new vendor” that had a different approach to security than the anti-virus-heavy vendors of the previous decade. FireEye was too excited to enjoy the spotlight. Vendors suffered financial losses, missed opportunities, and products which were great but did not replace incumbents. Mandiant was made famous by the APT1 Report. It became one of the few go-to incident response companies after responding to numerous intrusions from state-nexus actors.
FireEye was never the vendor it was rumored to be.
FEYE’s portfolio contained security hardware that sat across nearly the entire technology stack. However, those devices never really replaced other controls. Firewalls are still in existence, and sandbox functionality was added to them. TAP and Helix, FEYE’s other products, did not take over the security analytics (or security orchestration automation and response) market. The company searched tirelessly for the Mandiant dominance in the incident response market, but never found it. Mandiant began to reinvent itself slowly through legacy services, and software-as-a-service (SaaS) although the products did not achieve a dominant market position.
FireEye’s ability to see where the markets are heading well before the rest is probably the most important thing that it should be remembered for. FireEye not only bought Mandiant but also acquired iSIGHT Partners, an earlier cyberthreat intelligence firm that joined with Mandiant. FireEye also acquired Respond Software, a SOAR player in Invotas (now Helix). However, it is not enough to see what is coming and act early. In all cases, FireEye products did not become must-haves. While the Mandiant business side performed well, and was able to participate in many Forrester Wave(tm Leader) evaluations, FireEye products didn’t fare as well. Mandiant eventually recognized that legacy FireEye solutions were keeping them back and the relationship was not equal.
Mandiant Creates FireEye Products That “Work” for Clients
Kevin Mandia stated that the company is committed to a FEYE-only product ecosystem in its services practice during multiple earnings calls. That was evident after the sale to STG. There were no half measures. Mandiant gained momentum with its SaaS offerings, including Mandiant Security Validation and Mandiant Advantage Threat Intelligence. Mandiant Managed Detection and Response was also available. Security market values integration more than bundles, but both can be valuable.
Services Do Not Sell Products
In M&A transactions such as this, often the service vendor purchases the product vendor. Software and SaaS companies are better positioned to purchase services companies because they have higher margins, cash flow, multiples and more cash. We’ve written extensively about the growing number of companies that launch services wrapped around their IP in managed detection, response (MDR), cybersecurity consulting and managed security service markets. Bundled solutions, such as managed SaaS or bundles that include “managed platform”, are a hot trend. SaaS’s economics are attractive for buyers and vendors, but SaaS is a product hosted elsewhere by another person. Security teams still use this solution. Vendors and end users can get the best of both worlds by layering managed security services capability on top SaaS and selling bundles.
Similar to FireEye’s move into SOAR or its recent early move in breach and attack space with the acquisition Verodin (now Mandiant Security Validation), this company continues making the right moves ahead of competitors. These moves didn’t always work out, but they did provide a catalyst for others to follow their lead.
STG Thinks It Knows What We Don’t
Whatever the reason STG bought McAfee and RSA and FireEye, each vendor represents a once proud security company that failed to migrate to the cloud, pivoting too late to SaaS and then seeing its market share fall to rivals. These acquisitions are likely to have huge capital benefits, or private equity firms believe they can bring these companies back together. Maybe STG has plans to create a cybersecurity super group, similar to the Damn Yankees.
STG either has added to its fleet of boat anchors worth billions of dollars or set the stage for a remarkable comeback story. It doesn’t lack ambition. It is likely to result in a reduced product portfolio vendor, an exciting new rebranding announcement within 18-24 months, as well as an IPO by an innovative security company that all of us shouldn’t be so familiar with as the barely glued-together parts of McAfee and RSA.
Mandiant will benefit from the sale of its acquirer
End user security professionals who are interested in seeing how it plays out can see Mandiant’s forward momentum. Mandiant appears to have streamlined itself to keep its forward momentum. While attached to FireEye, Mandiant had difficulty selling its “controls-agnostic services”. This is now solved. Mandiant will be able to leverage its intelligence-driven services, and expand the Managed Defence business. This is one of the most requested requests by its clients in the Wave evaluation of the MDR space. The cyberthreat Intelligence teams will be able to monitor and manage any vendor’s security controls more effectively, which will allow them greater visibility into the global threat environment. This removes any bias from Mandiant, as Kevin Mandia stated.
FEYE gains from STG’s bank account and is removed from the investor spotlight while it retools. It is possible that it is merged with McAfee or RSA, which would be a risky move that will not solve any more problems than it creates. FireEye is a better player than STG’s two other big-brand cybersecurity “has beens”. However, being the best player on an inept team means you will lose most of your games. The PE acquisitions of cybersecurity companies have resulted in a lot of activity for investors, but very little innovation for end users.
We expect Mandiant to be a well-known security brand in five years. FireEye will likely be buried in a renamed IPO with many “synergies”…for investors.