Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy

Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.

5 Min Read
Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy
Getty Images

In late February, Microsoft reportedly dropped out of the running to acquire cybersecurity services firm Mandiant.

Yet the interest of the cloud giant — and the eventual price tag set by the winner, Google, of $5.4 billion — suggests that a consolidation is underway. But rather than a few large security-focused companies driving consolidation, the acquisition activity suggests that the big winners will be large cloud companies that better integrate cybersecurity into their services and offer new products and services based on their expertise.

In the same way that Microsoft's addition of endpoint security to Windows through its Windows Defender service has caused concern among endpoint security vendors, the fact that Microsoft is looking for a security-services provider may be a cause for concern in that industry, says Jeff Pollard, vice president and principal analyst at Forrester Research.

"It's been obvious for a few years now that these tech titans out there — Microsoft Azure, Amazon Web Services, and Google Cloud — were interested in cybersecurity and were monetizing cybersecurity in a way that others could not," he says. "Security vendors took a long time to understand cloud — and you could argue that many still don't — so when you take the Microsoft's and Google's fundamental understanding of cloud engineering and cloud operations, they can deliver enterprise software and services in a way that security vendors just don't have the expertise for."

Related:The State of Cloud Security

Google's planned purchase of Mandiant for $5.4 billion will be the second-largest acquisition by the company, following the its purchase of Motorola Mobility's mobile device manufacturing business for $12.5 billion in 2011, and beating out the 2014 acquisition of home automation maker Nest Labs for $3.2 billion in 2014, according to reports. The company first moved into security in 2009, with its acquisition of reCAPTCHA, and continued with the purchase of antivirus scanning service VirusTotal in 2012, anti-spam and email security provider Impermium in 2014, backup and disaster-recovery firm Actifio in 2020, and security orchestration, automation, and response (SOAR) firm Siemplify in 2022.

In the short term, the announced acquisition adds uncertainty for Mandiant customers but likely will not change the outlook of Google Cloud customers, except to reassure them that the company is paying attention to cybersecurity, says Gadi Naveh, cyber data scientist with Canonic Security, a security-as-a-service startup.

"Over time, the acquisition of a prominent cybersecurity leader such as Mandiant has the potential to build out Google Cloud's native security capabilities," he says. "While existing Google Cloud customers who have already engaged Mandiant may find it easier to work with a single vendor, the change of corporate ownership is unlikely to change day-to-day security operations processes."

Google Plans: More Services, More Cloud Integrations

Overall, Google has only discussed its plan in broad terms and does not plan to shake up the industry — at least initially.

The online giant pointed to five areas that it expects to be strengthened by its purchase of Mandiant. While Google launched its own advisory services in October 2021, the company sees Mandiant as a way to add practical depth to its goal of helping organizations improve their security strategies across hybrid cloud and on-premises environments. Along with Siemplify, Mandiant's portfolio would also help Google expand its automation and response tools and allow clients to more easily respond to attacks. Testing and validation services and managed defense are two other areas that could be bolstered by the Mandiant buy.

One area where the combination of the two companies could really make a difference is in vulnerability research and threat intelligence, says Forrester's Pollard. The capabilities of the two companies, if they manage to augment the research team with real-world threat intelligence, could be significant, he says.

"Google has sponsored security research and threat research now for quite a long time, and that is a key component of what Mandiant brings to the table from a threat intelligence and incident response perspective," Pollard says. "And with those two coming together, that could be one of the more interesting things to come out from this."

Will Cloud Fully Take Over Security?

Yet how well Google can sell security services is still up in the air. In the past, leading companies in different industries have argued that they could launch a platform from which all security could be provided, but those predictions really never have been realized, says John Pescatore, director of emerging security trends at the SANS Institute.

Pescatore instead views the acquisition as a way to improve Google's ability to protect its cloud, and detect and respond to attacks on behalf of its customers.

"I don't think that Google will grow Mandiant's revenues," he says. "I think Google will use Mandiant's talent to make its infrastructure more secure and make their customers' footprint more secure."

Google will also have significant challenges in terms of contending with hybrid infrastructure and concerns with placing all security functions in the control of a single vendor, says Canonic Security's Naveh.

"IT environments don’t always conform to the discrete layers of infrastructure, platform, and software," he says. "While the Google Cloud team may have plans to bundle Chronicle with a Mandiant-powered managed services on top, some security leaders may prefer diversification at the expense of the promise of convenience."

Finally, the Mandiant purchase still leaves holes in Google's security services and capabilities, says Forrester's Pollard. In particular, the company still does not have a significant endpoint detection and response capability that integrates into the cloud — often called extended detection and response, or XDR.

"When you take a look at some of the constituent elements, there are still some gaps there in the overall portfolio," Pollard says. "Mandiant did not complete Google in every way, from a capability perspective, but it definitely augments a lot of the Google capabilities with the expertise that Mandiant brings."

About the Author(s)

Robert Lemos

Dark Reading, Contributing writer

Robert Lemos is a veteran technology journalist and a former research engineer. He's written for more than two dozen publications, including CNET, Dark Reading, MIT's Technology Review, Popular Science and Wired News. He has won five awards for journalism and crunches numbers on various trends using Python and R. 

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like