It's been a while since I wrote an update here - apologies for the long gap. It has been one challenging journey getting on track and uprunning. I thank you all for your support. Updates will be regular from here on.

Now for the update.

Google announced on March 8 that it is acquiring the cybersecurity firm Mandiant, Inc., for $23 per share in an all-cash transaction, placing the latter's value at approximately $5.4 billion. This acquisition also happens to be the company's second-biggest ever after Motorola Mobility.

From the Google Cloud website:

Google LLC today announced that it has signed a definitive agreement to acquire Mandiant, Inc., a leader in dynamic cyber defense and response, for $23.00 per share, in an all-cash transaction valued at approximately $5.4 billion, inclusive of Mandiant’s net cash. Upon the close of the acquisition, Mandiant will join Google Cloud.

As a recognized leader in strategic security advisory and incident response services, Mandiant brings real-time and in-depth threat intelligence gained on the frontlines of cybersecurity with the largest organizations in the world. Combined with Google Cloud’s cloud-native security offerings, the acquisition will help enterprises globally stay protected at every stage of the security lifecycle.

This acquisition benefits Google Cloud in many ways; it helps Google add end-to-end cloud security to its portfolio of cloud services, allowing it to better compete with Amazon and Microsoft. In addition, Mandiant provides Google Cloud access to cyber intelligence gathering capabilities along with a team of hundreds of security consultants. In January this year, the company acquired Siemplify - a security orchestration, automation, and response (SOAR) provider. Siemplify gave Google Cloud the capability to security alert to fix capabilities, and Mandiant essentially extends this further with services traversing the entire security lifecycle; advisory services, threat detection and intelligence, automation and response tools, testing and validation, and managed defense services.

Microsoft and Mandiant

What's notable is that Google showed its interest in acquiring only recently. Microsoft was in talks with Mandiant in February; however, the company pulled out of the negotiations, citing a possible mismatch between the two. If these negotiations had succeeded, Mandiant would have extended the security capabilities of Microsoft further - note that Microsoft is already a significant player in the security space, having developed substantial cyber intelligence capabilities of its own over the last few years. The company also made a few acquisitions in the security space (RiskIQ and ReFirm Labs). What possibly could have gone wrong during the negotiations is that the companies may have fallen short of agreeing on how to combine their capabilities to benefit their customers and partners (Microsoft is a strategic partner of Mandiant, too), or perhaps there weren't many positives to gather from Mandiant for Microsoft concerning new services added to its already formidable portfolio of security services.

Note that for Microsoft, Mandiant extended its services further. In contrast, for Google, it is more about filling in gaps in capabilities. Google needed a push, which Microsoft provided when the company started its talks in February. After all, one company's miss can be another's grab. In addition, Mandiant provided enough context for its capabilities, being in the middle of the SolarWinds cyberattack in 2020, along with FireEye (FireEye acquired Mandiant in 2013; however, both split in June 2021). It was FireEye that found out about the cyberattack and notified the world.

Google and Mandiant

If you think about it, had the negotiations between Microsoft and Mandiant gone through, it would have extended the former's capabilities. However, the benefits would have reached only a limited set of clients or customers. With Google acquiring Mandiant, the precincts of a broader spectrum of clients (Google's clients added to the gamut) benefitting from the security services come into the picture. The market benefits from these dynamics. Imagine all the best capabilities concentrated in a small space or with one company; this would be detrimental. To this end, Google's statement that the acquisition would only increase the competition in the industry stands true.

With the inclusion of specialized intelligence capabilities from Mandiant, Google would be able to automate cyber defense against various forms of attack that the world is witnessing.

In addition, businesses need cyber security services that work across different clouds and integrate well with other end-point security products. The same is true for on-premise environments, too. These are the aspects that Mandiant enables for Google. Finally, think about the best security services being invisible to the customers (security as a service); this would help customers concentrate on their core functions rather than the underlying technology or cloud infrastructure stacks. This aspect (security as a service or managed services) will grow in importance, considering the recent slew of cyberattacks that have plagued companies. These cyberattacks are increasing in their sophistication and severity.

By enhancing its security capabilities, Google should be able to increase its brand recognition as a security vendor and thus benefit from higher adoption of its cloud services by businesses and government agencies. The company would also benefit from Mandiant's close relationship with the US government agencies relying on the latter for specialized cyber intelligence. To be noted is that Google has pledged to invest $10 billion in cybersecurity over the next five years.

Cyberattacks, the US Government and Russia

On December 08, 2020, the cybersecurity firm FireEye told the world that hackers had breached its network, evading the company's security for a carefully laid out cyberattack. Unfortunately, FireEye was not the only company facing the ordeal; the hackers had breached the networks of approximately 18,000 companies. These companies were essentially clients of a network management software provider, SolarWinds. Hackers used the updates that the company sent for its network management software, Orion, as a medium to infiltrate the company customers' networks. SolarWinds' customers included Microsoft, Cisco, the US government agencies (homeland security, treasury, state department, etc.), and security companies. As a result, the hackers could access the source codes of these technology companies. This attack, otherwise called the SolarWinds attack, exposed how extensive can be the influence of supply chain attacks when hackers compromise widely used software as a source to infiltrate and infect anyone who uses it. In addition, hackers leave multiple backdoors to access information.

Notably, this breach went untraced for almost nine months, and none of the Fortune 500 technology companies or the US government security agencies could detect it, placing a question mark on their defenses against such attacks. Add to this; government agencies extensively use the cloud services provided by these technology companies. Furthermore, with the possibility of multiple backdoors left behind by the hackers in the networks, the attack was unprecedented, as a cleanup of such a breach could take years, if not months. Finally, the tradecraft of this attack routed the blame of Russia, which is perhaps known to have tailored these attacks previously for espionage purposes. Other countries are also involved in such practices. On March 8, 2022, Mandiant stated that a Chinese state-sponsored espionage campaign hacked at least six US state governments, using the widespread Log4j vulnerability.

From Bloomberg:

The Office of the Director of National Intelligence’s annual threat assessment is a relentlessly bleak, 31-page document that lays out many of the potential dangers facing the U.S., from nuclear and biological weapons to infectious diseases and climate change.

The report also provides a useful reminder of countries and criminal groups that pose a threat to U.S. government and businesses in cyberspace. Russia is a major concern, as Americans remain wary of potential retaliatory hacks related to U.S. sanctions and other actions in response to the invasion of Ukraine.

But there were also other countries flagged as risks to U.S. cybersecurity. Hackers aligned with the Chinese government represent the “most active” threat, the report states, and one capable of affecting Americans’ daily lives. “China almost certainly is capable of launching cyberattacks that would disrupt critical infrastructure services within the United States.”

China isn’t the only force to consider. For instance, Iran’s “growing expertise and willingness to conduct aggressive cyber operations make it a major threat.” The report notes that Iran was responsible for multiple cyberattacks between April and July 2020 against Israeli water facilities, reflecting “its growing willingness to take risks when it believes retaliation is justified.”

North Korea, meanwhile, is “well positioned to conduct surprise cyberattacks given its stealth and history of bold action.” And transnational cybercriminals are “increasing the number, scale and sophistication of ransomware attacks, fueling a virtual ecosystem that threatens to cause greater disruptions of critical services worldwide.”

And yet, Russian remains a persistent danger in cyberspace.

The Kremlin “views cyber disruptions as a foreign policy lever to shape other countries’ decisions,” according to the report. Russia is particularly focused on improving its ability to target critical infrastructure, including underwater cables and industrial control systems, both in the U.S. and in allied countries. That’s because compromising such machinery “improves and demonstrates its ability to damage infrastructure during a crisis,” the report says – a particularly ominous warning given current events.

Technology is fast becoming an overarching aspect and a critical factor within the precincts of espionage and foreign policies.

In the cyberattack context (company-wide or nation-state-wide), building on the defense systems works to the company's or a country's advantage. When continuously advanced defense systems are in place, the attacker or hacker has to find new ways to attack or infiltrate, increasing the costs of the attack. This thought process is the everyday basis for the acquisitions made by Microsoft and Google, which have gone to acquire specialized security companies ever since the SolarWinds attack. This thought process is in addition to their strategy to compete for market shares in the cloud services space. What makes the defense systems of these companies essential is that their technologies (products and services) are fast becoming an overarching aspect (because of their widespread usage) and a critical factor within the precincts of espionage and foreign policies.