Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Google to Acquire Mandiant for $5.4 Billion in Cash

Google on Tuesday said it has agreed to acquire cybersecurity firm Mandiant in an all-cash deal valued at roughly $5.4 billion.

Google on Tuesday said it has agreed to acquire cybersecurity firm Mandiant in an all-cash deal valued at roughly $5.4 billion.

The official announcement came shortly after rumors of Google’s interest in the security firm emerged Monday. 

Trading of Mandiant shares were halted late Monday after reports of Google’s interest. 

Less than a month after news surfaced that Microsoft was interested in buying Mandiant at a price tag in the range of $4 billion, Google stepped in to acquire the threat intelligence and incident response company credited for discovering the Solarwinds supply chain compromise.

Considered a premier incident response firm tracking advanced nation-state threat group activity, Mandiant was originally acquired by FireEye in December 2013. The two firms were split apart in late 2021 in a $1.2 billion private equity transaction that separated the Mandiant Solutions unit from FireEye’s endpoint protection and cloud security product.

Google is investing in cybersecurity to drive its cloud computing portfolio, and has beefed up its own security lineup with the recent acquisition of Siemplify to add to the Chronicle SIEM platform and the VirusTotal malware analysis platform.

Upon the close of the acquisition, Mandiant will join Google Cloud.

“Google Cloud offers customers a robust set of services including pioneering capabilities such as BeyondCorp Enterprise for Zero Trust and VirusTotal for malicious content and software vulnerabilities; Chronicle’s planet-scale security analytics and automation coupled with services such as Security Command Center to help organizations detect and protect themselves from cyber threats; as well as expertise from Google Cloud’s Cybersecurity Action Team,” Google said.

Mandiant has more than 600 consultants and 300 intelligence analysts that respond to thousands of security incidents each year, including many of the highest profile attacks. 

“After divorcing FireEye, Mandiant spent very little time being single as suitors lined up,” said Forrester VP and Principal Analyst Jeff Pollard. “Rumors swirled that Microsoft was the destination, but Google came in and outbid Microsoft for the firm. GCP [Google Cloud Platform] is playing catchup to Microsoft in cybersecurity and lacks its competitors’ inherent advantages in the enterprise: endpoint and active directory. That forces it to pay a premium and be more aggressive, which its signaled a willingness to do.” 

“This acquisition adds strong services to GCP’s portfolio and immediately adds expertise to Google Cybersecurity Action Team,” Pollard added. “Mandiant found a matchup with deep pockets as it reinvents itself. But significant gaps remain for the combined entity. Perhaps the most critical of those gaps is on the enterprise endpoint. GCP relies on EDR to complete its XDR offering, so we expect an EDR tool is next on its shopping list.” 

Under the terms of the agreement, Google will pay $23.00 per share of Mandiant, totalling approximately $5.4 billion, inclusive of Mandiant’s net cash.

The acquisition is subject to customary closing conditions and is expected to close later this year.

The cybersecurity industry has seen record activity in terms of funding and merger and acquisitions (M&A) recently. According to a study conducted by SecurityWeek, more than 430 cybersecurity-related mergers and acquisitions were announced in 2021.

*Updated commentary

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

M&A Tracker

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a...

Cybersecurity Funding

SecurityWeek investigates how political/economic conditions will affect venture capital funding for cybersecurity firms during 2023.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


More than 450 cybersecurity-related mergers and acquisitions were announced in 2022, according to an analysis conducted by SecurityWeek


Forty cybersecurity-related M&A deals were announced in January 2023.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.