FireEye buys Mandiant in cybersecurity merger

NEW YORK: FireEye announced a nearly $1 billion deal Thursday to buy Alexandria, Va.-based Mandiant, combining two of the country's most high-profile cybersecurity firms at a time when U.S. corporations have become increasingly concerned about hackers.
Mandiant has become well known for its work tracking down security breaches that originate in China and can lay dormant in corporate computer networks for years. The firm has worked with The Washington Post as well as the New York Times and other media companies.
FireEye, based in California, bought Mandiant for $989 million in stock and cash, executives said Thursday. The deal was approved by both companies' boards and closed on Dec. 30.
With Thursday's announcement, Mandiant will become a public company for the first time. The decade-old firm says it does about $100 million a year in sales. Its 500 employees serve about 500 customers, most of which are in the Fortune 500, chief executive Kevin Mandia said in an interview.
Most of Mandiant's and FireEye's customers are U.S. corporations, but the companies hope that the merger will give them a strong position to expand internationally.
That could create tension between FireEye and the U.S. government as the company seeks more foreign clients, many of whom have grown suspicious of Washington during the ongoing controversy over NSA surveillance.
Although Mandiant and FireEye operate in the same industry, their capabilities are distinct. FireEye monitors customers' computer networks and detects when their security has been compromised. Mandiant, meanwhile, sells an incident-response platform that helps businesses determine when sensitive information has been breached and, the company says, automatically closes vulnerabilities.
Together, Mandiant and FireEye will be better equipped to move quickly from detection to response, said David DeWalt, FireEye's chairman and chief executive.
"What we're able to do now is go from basically alert to detection to a fix in minutes or seconds," he said. "If FireEye detects a breach, we can immediately communicate that to the Mandiant platform and essentially verify scope on all of the computers."
Mandiant accepted FireEye's deal even though it had considered making an initial public offering, Mandia said. In September, FireEye's IPO performed above expectations, beating its $16 price estimate by about $4 a share.
The company is trading at $41 a share.
FireEye has been pouring money into new markets and products. The company lost nearly $139 million over the past year as it spent on research and development.
Despite the losses, information security experts say they are optimistic about FireEye's growth, noting that demand for its products isn't going to shrink anytime soon.
"If we were to be optimistic about 2014, we could say that boards will finally pay attention to cybersecurity risks," said Allan Friedman, a cybersecurity scholar at the Brookings Institution and George Washington University. "There could be any number of senior officers who are going to be getting calls from their board saying, 'What are we doing about this?' and those people are going to go running to expert companies."