Security Experts:

New FireEye Service Evaluates M&A Cyber Risks

Threat protection firm FireEye this week launched a new service designed to help organizations manage the risks associated with corporate Mergers & Acquisitions (M&A).

Combining and connecting different platforms, applications, architectures and other technology systems stemming from a merger or acquisition can be a daunting task for IT security teams. Even before any merger happens, acquiring assets or operations with a high risk profile could be a risk for the acquiring entity itself and be enough to abandon a potential deal.

The new Mandiant Mergers & Acquisitions (M&A) Risk Assessment service is an offering designed to help decision makers understand the cyber security risks present in a potential or pending acquisition.

FireEye Logo“The M&A Risk Assessment is a week-long service evaluating key security components utilizing sector specific best practices and global control frameworks,” FireEye explained.

By leveraging FireEye’s threat intelligence and Mandiant's incident response experience, FireEye says that companies will be able to identify threats earlier in the M&A process. After analyzing an environment, Mandiant’s consultants generate risk ratings of target security areas and develop recommendations that customers, their legal partners, and other M&A partners can use to make appropriate decisions.

FireEye says the M&A Risk Assessment evaluates four core security areas:

Threat Detection & Response to evaluate the maturity and thoroughness of a target organization's response processes and technologies

Access Controls to identify whether proactive controls have been established to prevent unauthorized access to sensitive data

Infrastructure Security to ensure that effective controls are in place from network to endpoints to prevent compromise

Data Safeguards to determine if proper capabilities exist to identify, monitor and protect high-value information assets

“Whether a business grows organically, through investments, or via mergers and acquisitions (M&A), it can be difficult for the security team to keep up,” FireEye’s Joshua Goldfarb wrote in a 2015 SecurityWeek column. 

"There has been a very supportive deal environment for M&A activity in parallel with the increasingly complex and effective attacks we have responded to over the last few years," Holly Ridgeway, director, information security programs at FireEye, said in a statement. "As attackers have already utilized M&A activity to gain access to other organizations, it is critical that teams take an intelligence-led approach to evaluating and advising on the risks a target organization can introduce earlier in the process and in lock-step with legal and other partners." 

FireEye is partnering with legal firms in order to help their customers be aware of cyber risks prior to a security incident. The new Mandiant M&A Risk Assessment service launched with FireEye law firm partner Pillsbury Winthrop Shaw Pittman.

"FireEye Cyber Risk team partners with law firms that specialize in M&A. Our law firm partners recognize and support the need and solution for a cyber security due diligence that is embedded into their legal process," said Karen Kukoda, director of cyber risk partnerships.

Earlier this year, FirEye launched a cyber security assessment service for operators of of industrial control systems (ICS). 

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.