FeatureGoogle’s agreement to buy Mandiant for $5.4 billion in cash will have an impact on a number of segments of the security sector. Google Cloud already has Chronicle, its security information and event management SIEM offering, to which it added security orchestration automation and response SOAR capabilities through its acquisition of Siemplify in January 2022.
Now, with the acquisition of Mandiant, Google adds the following:
- Mandiant Advantage platform for detection, response, validation and attack surface management
- The incident response services for which Mandiant is well known
- The Mandiant managed detection and response, MDR platform along with threat intelligence
Gartner does not believe that Google Cloud will expand further into the endpoint protection platform, endpoint detection and response space, by seeking to acquire an EPP, EDR player.
Google’s agreement to buy Mandiant will have an impact on a number of security segments
Previously, on a Gartner webinar, Mandiant laid out the strategy of the new Mandiant following the sale of the FireEye products business to STG.
Attendees heard the following:
- Mandiant would pursue a multivendor extended detection and response XDR strategy
- Mandiant divested the FireEye products to pursue a vendor-agnostic strategy
- Mandiant wanted to be data-ingestion-neutral
- Mandiant planned to partner with everybody.
Mandiant management also mentioned its relationship with Microsoft Defender, where Mandiant wraps its MDR services around Microsoft’s endpoint security technology.
Subsequently, Mandiant made a few product announcements that could be compelling. One was the integration of attack surface management into the Mandiant Advantage Platform, and the other was the announcement of its alliance with SentinelOne, where Mandiant Advantage would be integrated with SentinelOne’s Singularity XDR.
Google Cloud has said it is deeply committed to supporting the technology partners of Mandiant and Microsoft
Google Cloud has said that it is deeply committed to supporting the technology partners of both companies, including the endpoint ecosystem. This sounds like the strategies and partnerships Gartner clients heard about from Mandiant in November 2021 will be maintained, including the Microsoft endpoint partnership.
Google Cloud’s strategy is to enable customers to utilise their existing investments, regardless of where they might reside on-premises, Google Cloud Platform, other clouds, a combination and so on. Even if competing SIEM vendors do not want to partner, Google can run in parallel to those solutions, much like Microsoft Sentinel runs in parallel with existing SIEM solutions.
Gartner does not believe Google Cloud will expand further into endpoint protection
Mandiant’s services provide an excellent opportunity, should they pursue it, to add useful and sophisticated threat, strategic readiness, orchestration and workflow content to Chronicle. The ability to support poly cloud SIEM monitoring and threat detection via Chronicle and provide MDR services with Mandiant will challenge both SIEM and MDR vendors.
Vendor-delivered service wrappers are expected to increase as security product vendors are being asked to provide services on their products. According to Gartner, by 2025, more than 25% of technology vendors will offer a vendor-delivered service wrapper, up from 10% in 2021.
By acquiring Mandiant, Google Cloud gets to participate in the strong growth of the MDR segment
By acquiring Mandiant, Google Cloud gets to participate in the strong growth of the MDR segment. It is possible that the strong growth of MDR services, coupled with Google’s acquisition of Mandiant, could ignite additional consolidation of MDR pure-plays by other security vendors that may want to step up their MDR capabilities.
Google’s acquisition of Mandiant, could ignite additional consolidation of MDR pure-plays by other security vendors
MDR is an extremely fragmented market and Gartner has noted well above 100 providers in our research and will likely remain fragmented, even with some consolidation, given the variety of MDR service delivery styles and the range of buyers in the market.
Google Cloud’s strategy is to enable customers to utilise existing investments, on-premises, Google Cloud Platform, other clouds, a combination, and so on.
Excerpted and adapted from Gartner Invest Insight: Potential Implications of Google’s Acquisition of Mandiant, 24 March 2022.
