Google makes some noise in the security market. Did they get lured into a bad deal?

Posted by

Google’s announcement that it would be buying security firm Mandiant for $5.4 billion made some waves in the security world this week. Google paid a hefty 57% premium over Mandiant’s February share price. There are two big takeaways. First, Google has learned an important lesson from losing cloud share from Microsoft: cybersecurity needs to be integrated into any enterprise cloud deployment.

In his book Influence; the Psychology of Persuasion, Robert Cialdini writes of the marketing principle of scarcity:

We want what we’re afraid we can’t have. Fear of losing out on something can be an extremely powerful motivator. Availability might be threatened by limited quantity, a time deadline, or by competition. Whatever the reason, the item in question becomes more attractive to us if we think we can’t have it. Whether it’s a potential mate, a used car, or an item on sale, once its availability is threatened we WANT it!

There were anonymous rumors that Microsoft was looking to buy Mandiant as well. And there is where it gets interesting. There is one thing more important than a rumor: the reason the rumor got leaked. Understanding deception is the lifeblood of Mandiant. Mandiant’s teams constantly collect intelligence on adversaries who hide their intentions. Could Mandiant have been the source of the Microsoft rumors and pushed Google into a bad deal?

Keep in mind that in mid-2021 Microsoft purchased a very solid threat intelligence platform company, RiskIQ, for around $500 million. That’s about one-tenth of what Google paid for Mandiant, a services company. In fact, the $5.4 billion Google paid for Mandiant is almost as much as the $5.54 billion of total revenues Google Cloud made in all of FY2021!

Microsoft already has every major services company on the planet selling Microsoft cloud services. Buying a big-name services company for a high price simply does not seem to be something Microsoft would need or want to do.

Let’s see what the Google CFO, Ruth Poret, said about the acquisition:

She added that investments like Mandiant are necessary to compete with the largest cloud players, market leader Amazon Web Services and number-two Microsoft Azure…

“The way we look at it (investments) is we’re obviously not competing with our peers at the scale they were then, we are competing at the scale they are now in a market that is accelerating,” Porat said.

Sounds like a move made to keep from being left behind rather than a solid strategic acquisition.

Mandiant has a rock solid reputation in incident response, and leverages that service offering to be a leader in cyber threat intelligence. It tried to combine products and services into a diversified company under the FireEye name, but that experiment fizzled out and they split apart in 2021. Since the split, Mandiant stock has been, at best, a flatline over several years, while competitors like CrowdStrike have soared. We recently discussed how sky-high security product company valuations are making buyouts very expensive for all but the biggest players. Mandiant is a security services company with a relatively low market cap and solid brand name that Google could easily purchase for cash.

But why Mandiant? Although detailed figures are not publicly available, some security insiders note that Mandiant leverages their stellar incident response reputation as an inroad to sell their other services. Did you have a breach? We’ll figure it out for you. And to make sure it doesn’t happen again, we will sell you our pen testing, incident response exercise planning, breach simulation, and threat intelligence services. (None of the latter are best-of-breed.)

Mandiant has perhaps the best brand name in security incident response and intelligence, with CrowdStrike a strong player in that space as well. In contrast, Google’s core business is repackaging and selling data it collects from people and enterprises. Will a company that has a breach want Google sifting through their log files? I’m not sure that will sit well with many companies. And if Google can’t get incident response business, their other services like threat intelligence will suffer. Google is one of the few companies around that can afford to make a $5.4 billion mistake.

Will the Mandiant acquisition work out for Google? Time will tell, but right now I see the winners in this deal to be Microsoft and CrowdStrike.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s