Join today’s leading executives online at the Data Summit on March 9th. Register here.
While there are numerous drivers behind Google’s acquisition of cybersecurity powerhouse Mandiant, the fact that the security opportunity with Google is “more interesting” for a company like Mandiant — than it would’ve been with Microsoft — is key, a Gartner analyst told VentureBeat.
Google announced today it has reached an agreement to acquire Mandiant in an all-cash deal worth $5.4 billion, which is expected to close “later this year,” the companies said.
On Monday, Bloomberg reported that Microsoft — which had reportedly previously been in talks to acquire Mandiant — was no longer in the running to make the acquisition. The Information had earlier in the day reported that Google was looking to acquire Mandiant instead.
For Mandiant, there would be a stark difference between joining up with Google and getting acquired by Microsoft, according to Peter Firstbrook, a research vice president and analyst at Gartner.
Mandiant CEO Kevin Mandia most likely saw a “way more exciting” future with Google than with Microsoft, Firstbrook said. “If I was Kevin Mandia, I would be thinking, ‘Microsoft would turn us into a body shop to do repetitive tasks,’” Firstbrook said in an interview.
Microsoft and Mandiant declined to comment when reached by VentureBeat today.
Microsoft is very geared around enhancing its own, broad ecosystem of products and services, and that is a driving force for its security strategy, Firstbrook said.
“Microsoft would want [Mandiant] to manage its own products — Active Directory, Defender, Microsoft Exchange, SharePoint,” he said. “Microsoft is very focused on integrating its own products together.”
Google, on the other hand, “doesn’t really have skin in the game” in most security product areas, apart from in securing cloud workloads, Firstbrook said.
Besides cloud, “if you think about all the other security controls, they really don’t have a product. They don’t have endpoint security. They don’t have email security. They don’t have CASB [cloud access security broker], or firewalls,” he said. “So, they’re pretty agnostic to all of that. Whereas Microsoft is not agnostic to most of them.”
And in some ways, a heavy focus on a single security vendor is exactly what Mandiant has been working to get away from. The company split off from FireEye in October, but even before that point, the Mandiant business had begun working to diversify its emphasis on one vendor (FireEye) by adding support for Microsoft Defender for Endpoint last May.
Then a month ago, Mandiant added support for a third endpoint detection and response (EDR) vendor, SentinelOne — and indicated at the time that it was looking to add even broader vendor support going forward.
‘More interesting challenge’
Thus, linking up with Microsoft could have been seen as the exact opposite of what Mandiant’s strategy has been of late. The largely agnostic Google Cloud makes a lot more strategic sense in that regard.
“Mandiant probably wanted to go with Google more because it is a more interesting challenge. It’s across all products instead of just across Microsoft,” Firstbrook said. “I think Microsoft wanted a body shop and some templates. So, it wouldn’t have been as interesting.”
During a news conference with reporters and analysts today, Mandia emphasized the fact that his company will have the freedom to support “heterogeneous” environments that “use lots of different security technologies to secure themselves.”
“I feel this merger between Mandiant and Google Cloud allows us to be the brains behind so much of those controls that people are depending on,” Mandia said during the news conference. “It’s Mandiant, not coupled to just FireEye endpoint, FireEye email and FireEye network-based security. It’s now Mandiant with Google Cloud, partnered with … all the different products that people rely on.”
Importantly, the timing right now is still close to the beginning of Google Cloud’s push into enterprise security, rather than well into the efforts, as it would’ve been at Microsoft.
Google Cloud is “just getting started in enterprise security,” Firstbrook said. “So they’re not a big player yet.”
Another critical factor is that “there’s a coming transformation here” in cybersecurity, he said. “Security is going to be very much a data-centric problem.”
Currently, much of the crucial security data is still in on-premises systems such as Splunk — but “over the next few years, it’s going to move to the cloud,” Firstbrook said. “And Google obviously has a big advantage in cloud infrastructure and cloud cost. And they’re a pretty big data and analytics shop.”
Ultimately, he said, “if security is going to be a data-centric problem going forward, the vendors with an inexpensive, scalable and analytics-based backend are going to be winners.”