Security Experts:

Connect with us

Hi, what are you looking for?


M&A Tracker

New FireEye Service Evaluates M&A Cyber Risks

Threat protection firm FireEye this week launched a new service designed to help organizations manage the risks associated with corporate Mergers & Acquisitions (M&A).

Threat protection firm FireEye this week launched a new service designed to help organizations manage the risks associated with corporate Mergers & Acquisitions (M&A).

Combining and connecting different platforms, applications, architectures and other technology systems stemming from a merger or acquisition can be a daunting task for IT security teams. Even before any merger happens, acquiring assets or operations with a high risk profile could be a risk for the acquiring entity itself and be enough to abandon a potential deal.

The new Mandiant Mergers & Acquisitions (M&A) Risk Assessment service is an offering designed to help decision makers understand the cyber security risks present in a potential or pending acquisition.

FireEye Logo“The M&A Risk Assessment is a week-long service evaluating key security components utilizing sector specific best practices and global control frameworks,” FireEye explained.

By leveraging FireEye’s threat intelligence and Mandiant’s incident response experience, FireEye says that companies will be able to identify threats earlier in the M&A process. After analyzing an environment, Mandiant’s consultants generate risk ratings of target security areas and develop recommendations that customers, their legal partners, and other M&A partners can use to make appropriate decisions.

FireEye says the M&A Risk Assessment evaluates four core security areas:

Threat Detection & Response to evaluate the maturity and thoroughness of a target organization’s response processes and technologies

Access Controls to identify whether proactive controls have been established to prevent unauthorized access to sensitive data

Infrastructure Security to ensure that effective controls are in place from network to endpoints to prevent compromise

Data Safeguards to determine if proper capabilities exist to identify, monitor and protect high-value information assets

“Whether a business grows organically, through investments, or via mergers and acquisitions (M&A), it can be difficult for the security team to keep up,” FireEye’s Joshua Goldfarb wrote in a 2015 SecurityWeek column. 

“There has been a very supportive deal environment for M&A activity in parallel with the increasingly complex and effective attacks we have responded to over the last few years,” Holly Ridgeway, director, information security programs at FireEye, said in a statement. “As attackers have already utilized M&A activity to gain access to other organizations, it is critical that teams take an intelligence-led approach to evaluating and advising on the risks a target organization can introduce earlier in the process and in lock-step with legal and other partners.” 

FireEye is partnering with legal firms in order to help their customers be aware of cyber risks prior to a security incident. The new Mandiant M&A Risk Assessment service launched with FireEye law firm partner Pillsbury Winthrop Shaw Pittman.

“FireEye Cyber Risk team partners with law firms that specialize in M&A. Our law firm partners recognize and support the need and solution for a cyber security due diligence that is embedded into their legal process,” said Karen Kukoda, director of cyber risk partnerships.

Earlier this year, FirEye launched a cyber security assessment service for operators of of industrial control systems (ICS). 

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

M&A Tracker

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.