FireEye, a provider of solutions that help companies block advanced cyber attacks, is putting its power as newly public company to work by making a significant strategic acquisition that surprised both the security industry and Wall Street alike.
The cybersecurity firm announced on Jan. 2 that it has acquired privately held Mandiant, a company best known for its breach investigation (incident response) services, and a provider of endpoint security products, in a deal that valued at roughly $1 billion, mostly in stock.
Under the deal, which closed on Dec. 30, FireEye issued 21.5 million shares of stock and paid $106.5 million in cash for Mandiant.
Mandiant received significant media attention in February 2013 for its bold APT1 report, which exposed one of China’s most active cyber espionage units connected to the People’s Liberation Army, and supported allegations of China’s involvement in state-sponsored espionage.
“Mandiant is often the first call that is made when a serious breach has occurred in an organization,” David DeWalt, chairman of the board and CEO of FireEye, said during an investor call late Thursday afternoon. “Strategically, Mandiant brings us closer to the breach when it occurs, and we believe this is critical to increasing pull for our products, shortening our sales cycle and accelerating our growth.”
While the services side of the acquisition is important, Mandiant also brings a set of key technologies to FireEye’s product portfolio, giving the security firm an entrance into the endpoint security market and the opportunity to upsell and cross sell products and recurring subscriptions across its combined customer bases.
FireEye counts over 1,500 customers across more than 40 countries, including over 100 of the Fortune 500, while Mandiant counts more than 500 customers, including 33 percent of the Fortune 100 as clients.
Mandiant’s endpoint products, which are already integrated with the FireEye platform, enable security teams to make faster, more accurate decisions about potential security incidents while eliminating blind spots.
FireEye has developed purpose-built, virtual machine-based security platform, the core of which its virtual execution, or MVX, engine, identifies and protects against known and unknown threats that existing signature-based technologies are unable to detect.
FireEye can now leverage Mandiant’s Incident Response (MIR) endpoint management framework to port FireEye’s virtual machine technology to the endpoint, DeWalt said.
According to DeWalt, the MIR platform lets the company take detection out of the network, pass it immediately to the endpoint and remediate it seconds. “This completes FireEye,” he said.
“The combined product portfolio will cover all the major attack points within an organization, and our expanded services capacity will allow us to quickly pivot to incident response when necessary to reduce the impact of security breaches,” the company said.
Mandiant will be integrated with FireEye to provide global services and cloud solutions, including security consulting, incident response, and managed services.
Kevin Mandia, Mandiant’s founder and CEO, has taken the position of senior vice president and chief operating officer of FireEye, and will be accountable for the company’s combined service business and cloud business.
According to DeWalt, with nearly 2,000 employees the company will be able to sell, support and service a wider array of products. Roughly 500 new employees will come from Mandiant.
“Going forward, Mandiant will be integrated with FireEye, to provide global services and cloud solutions, including security consulting, incident response, and managed services,” DeWalt said.
Strengthened Security Intelligence
“FireEye and Mandiant can also leverage unique respective intelligence platforms to create a comprehensive capability to quickly detect any type of threat – known or unknown – and do this with attribution of the adversary,” DeWalt said.
Mandiant currently tracks the characteristics and behaviors of more than 300 adversaries.
“With more than 2 million virtual machines and 2 million endpoint sensors, we believe we now have the most advanced threat intelligence system for gathering and analyzing in the world,” DeWalt said.
In Q1 2014, the company is planning to launch a virtual-machine based IPS solution that leverages these intelligence capabilities and reduces false positives, DeWalt said.
“When you have an intrusion prevention system, the signatures that we load into the platform can make or break the detection on the IPS product, DeWalt said. “Mandiant gives us a huge harness of signatures that we can add into the framework.”
FireEye has stated that Q4 2013 revenue is now expected to be in the range of $55 to $57 million, compared with previous guidance of $52 to $54 million. Total revenue for 2013 is expected to be between $159 and $161 million, compared with previous guidance of $156 to $158 million, the company said.
Total fourth quarter billings are expected to be in the range of $95 to $100 million, compared with previous guidance of $82 to $86 million. Total billings for the year are expected to be between $254 and $259 million, compared with previous guidance of $240 to $245 million.
According to FireEye CFO Michael Sheridan, the acquisition of Mandiant will boost total company revenue for 2014 to $400 to $410 million, compared with the previous expected range of $240 to $250 million. Total billings for 2014 are now expected to be within the range of $540 to $560 million, compared with the previous expected range of $350 to $370 million, the company said.
Shares of FireEye have soared past $61 per share, up from the closing price of $41.13 the day before the acquisition of Mandiant was announced.
In response to the acquisition and improved guidance, investment firm Goldman Sachs upped its price target on FireEye’s stock to $45 from $40 per share–a price that is still more than $15.00 below the current trading price.