Make no mistake, it was all about the cloud.
Mandiant's $5.4 billion price tag was chump change for Google's parent Alphabet, with a stock market value of $1.7 trillion. The acquisition of one of America's leading cybersecurity companies was a cloud play in a race that Google's been losing.
Google's 10% share of the cloud infrastructure services market trails Microsoft Azure's 21%, and is dwarfed by Amazon Web Services' 33%, according to Synergy Research Group.
The triumvirate rakes in increasing sums of the $178 billion market to store and protect data for companies around the world.
Security is just part of the sale's pitch.
"Let's face it, Google's in a sort of a death race with AWS and Azure in terms of cloud supremacy, right," said Garrett Bekker, a principal research analyst with S&P Global's 451 Research. "To some extent, security is a tool that helps them get there more than an end in and of itself."
Google's gobbling up of Mandiant is the latest in a sector feeding frenzy. There were more than 200 M&A deals last year, with aggregate disclosed deal valuations exceeding $55 billion. In the past five years, there were more than 1,000 cybersecurity M&A deals, data from CB Insights show.
This week recorded a $616.5 million acquisition, with SentinelOne's plans to add Attivo Networks' identity security to its XDR suite.
In addition, private equity investors injected almost $27 billion — about $41 million on average — into 823 companies last year, more than double the investment the prior year.
What's curious is who has the appetite and why.
Of the top 25 M&A deals with disclosed valuations in the past five years, 13 were from private equity and one was venture capital, CB Insights data show. The priciest: a private equity group's $14 billion purchase of McAfee and Thoma Bravo's $12.3 billion deal for Proofpoint.
Top 10 cybersecurity M&A deals, 2017-2022
| Company | Acquirer | Price | Year |
|---|---|---|---|
| McAfee | Permira, Crosspoint Capital Partners, Advent International, GIC, CPP Investments, Abu Dhabi Investment Authority | $14B | 2022 |
| Proofpoint | Thoma Bravo | $12.3B | 2021 |
| Atalla Hardware Security Module | Micro Focus | $8.8B | 2017 |
| Avast | NortonLifeLock | $8.6B | 2021 |
| Auth0 | Okta | $6.5B | 2021 |
| Mimecast | Permira | $5.8B | 2021 |
| Quest Software | Clearlake Capital Group | $5.4B | 2021 |
| Mandiant | $5.4B | 2022 | |
| Gemalto | Thales Group | $5.4B | 2019 |
| LastPass | Francisco Partners, Evergreen Coast Capital | $4.3B | 2019 |
SOURCE: CB Insights
But 11 of the acquisitions were shrewd bids from companies buying more innovative and nimble security companies to fortify their toolboxes. Cisco's $2.35 billion purchase of Duo Security in 2018, is a prime example.
There are more than 4,000 cybersecurity companies today, quadruple the number five years ago when 451's Bekker began counting.
"There's an argument to be made that there's just way too many security vendors," Bekker said. "To some extent it's sort of a natural culling."
Mandiant was ripe for acquisition. The threat intelligence and incident response firm takes center stage in the most high-profile threats — it was the company that found the SolarWinds hack in 2020. It's a boutique firm and the demand is so great, Mandiant has to turn clients away. It saves its resources for the most sensitive of cases, like the Colonial Pipeline ransomware attack last year.
Once it sold its FireEye products division last fall, it sharpened its incident response focus, but analysts questioned the amount of money Mandiant would have to invest in R&D to compete against larger competitors. Mandiant and Google declined to comment beyond what was already publicly shared.
Melding with Google takes away that concern. Fueled by Google's prowess in analytics, data and AI, the potential for automation Mandiant insights would be a boon for the average firm trying to shore up their security gaps.
"What people want to buy is confidence," said Peter Firstbrook, VP analyst at Gartner.
"You can't just sell products anymore. It's not enough to just sell software," he said. "You have to sell with it the people that can get the job done because most buyers, they don't even have time to test anything, let alone operationalize it and maintain it."
Recent data from Panaseer shows companies manage 76 separate security tools on average, up from 64 tools in 2019, according to a survey of 1,200 senior security leaders.
Mandiant and Google would provide a happy marriage, capitalizing on the security vendors' operational knowledge and understanding of key threat signals. That, combined with Google's data and cloud experience makes for a big opportunity, he said.
But brain drain is one of the primary risks in any acquisition, as key personnel flee or are poached.
"Cloud consolidated infrastructure to deliver economies of scale on computing infrastructure," Firstbrook said. "Mandiant is consolidating the brainpower necessary to run that or secure that into a central location for economies of scale."
The deal is expected to close later this year. Cybersecurity Dive will follow the integration and the race for cloud supremacy.
