Mandiant, the cyber security firm behind the discovery of the SolarWinds Orion super-hack in 2020, has been acquired by Google for $5.4bn. Google has outlined plans to roll Mandiant’s security tools into Google Cloud’s ‘shared fate’ model.
The shared fate model describes a system where the cloud provider takes a guiding role in the security of a customer’s cloud environment, with secure blueprints and a secure-by-default configuration. In older ‘shared responsibility’ models, customers were expected to have full understanding and control over some areas, leading to grey areas of threat detection.
“Together, Google Cloud and Mandiant will help reinvent how organisations protect themselves, as well as detect and respond to threats,” said Thomas Kurian, CEO of Google Cloud (pictured), in a press release announcing the deal.
Following one of the largest recorded cyber attacks on Bangladesh Bank, the central bank of Bangladesh, in February 2016, made via the SWIFT global interbank payments network, Mandiant was hired to assist in the subsequent investigation. Its security teams identified and advised on responses to the active malware which was affecting 96 systems across the bank.
Attackers had used compromised credentials to target the bank’s account with the Federal Reserve Bank of New York, attempting to steal $951m through the authorisation of around 30 fraudulent transactions to accounts in Sri Lanka and the Philippines.
A spokesperson for the Mandiant incident response team noted: “The attackers had utilised encryption, anti-forensics, and other sophisticated techniques to permit their malware to operate in a manner that evaded detection by the bank’s security infrastructure.”
Within days of the response service starting, the bank was able to deploy measures to block the attackers’ access. Mandiant reported a further attack was made two weeks later and the bank was able to immediately halt the access.
Among its other financial services customers, Mandiant has also provided an automated data assessment tool for cloud treasury management vendor Kyriba, screening out non-critical events and freeing up security resources.
In a blogpost on the Google acquisition, Kevin Mandia, CEO of Mandiant wrote, “We are building a “security brain” that scales our team to address the expertise shortage,” describing automation in Mandiant’s extended detection response platform. Mandia went on to express support for Google Cloud’s shared fate model and the ‘reinvention’ of threat detection, “This will benefit not only a growing base of customers and partners, but the security community at large.”
Founded in 2004 and headquartered in Virginia, Mandiant was previously acquired in 2013 for $1bn by FireEye (now known as Trellix), and was sold off in 2021 for $1.2bn in a deal led by PE firm Symphony Technology Group. Mandiant is Google Cloud’s second security acquisition of the year, following Siemplify, a security orchestration, automation and response (SOAR) provider, in January.