Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

M&A Tracker

New FireEye Service Evaluates M&A Cyber Risks

Threat protection firm FireEye this week launched a new service designed to help organizations manage the risks associated with corporate Mergers & Acquisitions (M&A).

Threat protection firm FireEye this week launched a new service designed to help organizations manage the risks associated with corporate Mergers & Acquisitions (M&A).

Combining and connecting different platforms, applications, architectures and other technology systems stemming from a merger or acquisition can be a daunting task for IT security teams. Even before any merger happens, acquiring assets or operations with a high risk profile could be a risk for the acquiring entity itself and be enough to abandon a potential deal.

The new Mandiant Mergers & Acquisitions (M&A) Risk Assessment service is an offering designed to help decision makers understand the cyber security risks present in a potential or pending acquisition.

FireEye Logo“The M&A Risk Assessment is a week-long service evaluating key security components utilizing sector specific best practices and global control frameworks,” FireEye explained.

By leveraging FireEye’s threat intelligence and Mandiant’s incident response experience, FireEye says that companies will be able to identify threats earlier in the M&A process. After analyzing an environment, Mandiant’s consultants generate risk ratings of target security areas and develop recommendations that customers, their legal partners, and other M&A partners can use to make appropriate decisions.

FireEye says the M&A Risk Assessment evaluates four core security areas:

Threat Detection & Response to evaluate the maturity and thoroughness of a target organization’s response processes and technologies

Access Controls to identify whether proactive controls have been established to prevent unauthorized access to sensitive data

Infrastructure Security to ensure that effective controls are in place from network to endpoints to prevent compromise

Advertisement. Scroll to continue reading.

Data Safeguards to determine if proper capabilities exist to identify, monitor and protect high-value information assets

“Whether a business grows organically, through investments, or via mergers and acquisitions (M&A), it can be difficult for the security team to keep up,” FireEye’s Joshua Goldfarb wrote in a 2015 SecurityWeek column. 

“There has been a very supportive deal environment for M&A activity in parallel with the increasingly complex and effective attacks we have responded to over the last few years,” Holly Ridgeway, director, information security programs at FireEye, said in a statement. “As attackers have already utilized M&A activity to gain access to other organizations, it is critical that teams take an intelligence-led approach to evaluating and advising on the risks a target organization can introduce earlier in the process and in lock-step with legal and other partners.” 

FireEye is partnering with legal firms in order to help their customers be aware of cyber risks prior to a security incident. The new Mandiant M&A Risk Assessment service launched with FireEye law firm partner Pillsbury Winthrop Shaw Pittman.

“FireEye Cyber Risk team partners with law firms that specialize in M&A. Our law firm partners recognize and support the need and solution for a cyber security due diligence that is embedded into their legal process,” said Karen Kukoda, director of cyber risk partnerships.

Earlier this year, FirEye launched a cyber security assessment service for operators of of industrial control systems (ICS). 

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...