Google buying Mandiant ( FireEye)

Mandiant( formerly FireEye) will join Google Cloud.

From Google’s press…

“Today, organizations are facing cybersecurity challenges that have accelerated in frequency, severity and diversity, creating a global security imperative. To address these risks, enterprises need to be able to detect and respond to adversaries quickly; analyze and automate threat intelligence to scale threat detection across organizations; orchestrate and automate remediation; validate their protection against known threats; and visualize their IT environment in order to identify and simulate new threats. The cloud represents a new way to change the security paradigm by helping organizations address and protect themselves against entire classes of cyber threats, while also rapidly accelerating digital transformation.”


I think with Security becoming more important than ever and a top priority for all businesses/organizations private and public, acquisitions like these will become more common.

All of these signs bode very well for best of the breed cloud native Security leaders like ZScaler, CrowdStrike, SentinelOne, CloudFlare and the one perhaps no one thinks of much as a Security Company…Datadog for Application Security.

And I also don’t think any of those will sell out maybe with the exception of SentinelOne ( but that’s just my feeling)


Very Very Long Datadog, ZScaler, CrowdStrike and SentinelOne.


Wasn’t FireEye at the center of the Solar Winds debacle in 2020?

Unless Google is getting their technology for a song, I wouldn’t broadcast the acquisition if I were Google.


Recall that Mendiant and SentinalOne recently formed a strategic partnership in which SentinelOne’s Singularity XDR has been integrated into Mandiant Advantage (a multi-vendor XDR platform)that seems to be at the core of Mendiant’s capabilities.…

I’ve no idea how the Google Cloud acquisition affects this partnership.

It may be that SentinelOne’s Singularity XDR becomes part of the Google cybersecurity offerings via Mendiant.

At the top of the referenced links there is a banner that in turn links to acquisition announcements…which don’t contain much beyond what has already been reported in this thread.



FireEye was the company that was attacked and discovered the Solarwinds breech and quietly published detection scripts to the community. And yes FireEye lost some red team/blue team attack code in this breech.

Lest you forget that Mandiant is considered the foremost IR company in the world and has access to every government’s head of state. If you work in the cybersecurity space, you know this. You also know that Google has a very strong security posture and tools. Google would not buy Mandiant if it was not an attractive jewel, especially the people.

Last year FireEye split into two pieces; Trellix and Mandiant. Trellix is private. Trellix has the detection appliances and endpoint/cloud services. Mandiant is primarily incident response and has an agreement with Sentinel One. This could have some ramifications to Sentinel One down the road.



So are you thinking that Google might be heading to buy Sentinel also Zane? Or do you think this is a negative for Sentinel?



Mandiant is primarily incident response and has an agreement with Sentinel One. This could have some ramifications to Sentinel One down the road.

Zane, do you mean

More competition from Google/Mandiant?
Cancellation of the agreement?
or More business to SentinelOne from the agreement?




The questions you ask have no absolute answers as you know and I only have speculation.

More competition from Google/Mandiant?

I don’t see any competition here directly to Sentinel One. AFAIK Google currently does not have endpoint detection/protection agents or a XDR product which is Sentinel One’s bread and butter market position. If someone knows otherwise, enlighten me. I am sure Google must have some higher level SIEM/SOAR cloud ML capabilities with a data lake that receive endpoint IOCs (indicators of Compromise), but Google is not a player in endpoint AFAIK. I think Mandiant went with Sentinel One over Crowdstrike because CRWD already had its own IR team. Thus would have been a competitors.

Cancellation of the agreement?

Mandiant will certainly gain more malware knowledge from Google’s vast view of the world’s miscreant actors. But Mandiant requires tools that they can use on sight during an Incident Response (IR firefight) engagement. Think Felix the Cat’s bag of tricks cartoon. (sadly dating myself here). Mandiant always has its own tricks but also appear to be using the Threat Hunting capabilities of Sentinel One. So if they continue to be satisfied with the threat hunting and XDR capabilities of Sentinel One, I predict they will stay with them for the duration of the partnership. They will not change as long as the Sentinel tools are working the best for them and Google has nothing better The details of this Sentinel partnership are unknown and I doubt that Mandiant would give exclusivity to Sentinel One.

or More business to SentinelOne from the agreement?

Recall my previous post " … once the IR firefighting service is complete, many times the enterprise wants the installed software service to remain. In this case, albeit that Mandia will make the sale as a 3rd party for Sentinel. So Sentinel may get revenue and recognition."

This should continue to help Sentinel One. Mandiant is a contract service provider so growth is limited by obtaining skilled headcount. It is possible that Google could significantly expand this headcount by moving their people to Mandiant. In turn this could bring more business to Sentinel One.…

swami is now signed out