Threat protection firm FireEye this week launched a new service designed to help organizations manage the risks associated with corporate Mergers & Acquisitions (M&A).
Combining and connecting different platforms, applications, architectures and other technology systems stemming from a merger or acquisition can be a daunting task for IT security teams. Even before any merger happens, acquiring assets or operations with a high risk profile could be a risk for the acquiring entity itself and be enough to abandon a potential deal.
The new Mandiant Mergers & Acquisitions (M&A) Risk Assessment service is an offering designed to help decision makers understand the cyber security risks present in a potential or pending acquisition.
By leveraging FireEye’s threat intelligence and Mandiant’s incident response experience, FireEye says that companies will be able to identify threats earlier in the M&A process. After analyzing an environment, Mandiant’s consultants generate risk ratings of target security areas and develop recommendations that customers, their legal partners, and other M&A partners can use to make appropriate decisions.
FireEye says the M&A Risk Assessment evaluates four core security areas:
• Threat Detection & Response to evaluate the maturity and thoroughness of a target organization’s response processes and technologies
• Access Controls to identify whether proactive controls have been established to prevent unauthorized access to sensitive data
• Infrastructure Security to ensure that effective controls are in place from network to endpoints to prevent compromise
• Data Safeguards to determine if proper capabilities exist to identify, monitor and protect high-value information assets
“Whether a business grows organically, through investments, or via mergers and acquisitions (M&A), it can be difficult for the security team to keep up,” FireEye’s Joshua Goldfarb wrote in a 2015 SecurityWeek column.
“There has been a very supportive deal environment for M&A activity in parallel with the increasingly complex and effective attacks we have responded to over the last few years,” Holly Ridgeway, director, information security programs at FireEye, said in a statement. “As attackers have already utilized M&A activity to gain access to other organizations, it is critical that teams take an intelligence-led approach to evaluating and advising on the risks a target organization can introduce earlier in the process and in lock-step with legal and other partners.”
FireEye is partnering with legal firms in order to help their customers be aware of cyber risks prior to a security incident. The new Mandiant M&A Risk Assessment service launched with FireEye law firm partner Pillsbury Winthrop Shaw Pittman.
“FireEye Cyber Risk team partners with law firms that specialize in M&A. Our law firm partners recognize and support the need and solution for a cyber security due diligence that is embedded into their legal process,” said Karen Kukoda, director of cyber risk partnerships.
Earlier this year, FirEye launched a cyber security assessment service for operators of of industrial control systems (ICS).