Cybersecurity: why Google is buying Mandiant

Coveted by Google and Microsoft, Mandiant finally fell into the hands of the former, for $5.4 billion. A buyout that meets several objectives.

This Tuesday, September 13, American justice validated the acquisition of Mandiant by Google for the tidy sum of 5.4 billion dollars. An acquisition that will allow Google to strengthen its know-how in cybersecurity, as well as its reputation, Mandiant being a respected firm in the sector. To briefly introduce it: Mandiant has discovered one of the biggest flaws in American cybersecurity and has huge databases of actors in the cybercriminal world.

The kings of investigation

Mandiant came to public attention by exposing the Solarwinds cyberattack, which affected the United States from late 2019 to mid-2020. Solarwinds was a Texas-based company that sold IT management software and monitoring. The company had strong cybersecurity, since its clients were the American federal agencies (FBI, DEA, NSA, CIA), the Pentagon as well as large American groups such as Microsoft and CISCO. But in 2020 Mandiant will discover that Solarwinds defenses have been easily bypassed by hackers working for Russian intelligence (SVR). Indeed, the Mandiant investigators will prove that the ORION software sold by Solarwinds served as a Trojan horse for the hackers. ORION allowed them to penetrate the computer systems of the Pentagon and US government agencies.

In addition, Solarwinds had not properly trained its employees. As a result, their passwords were very easy to find. For example, 1234 and QWERTY were the most popular passwords among his collaborators, godsend for hackers. To top it off, the ORION software was poorly protected. All these flaws have allowed Russian hackers to infiltrate Solarwinds and then by domino effect among its customers. Mandiant’s investigation revealed this cyberattack which endangered the national security of the United States. It is this investigative side that interests Google at Mandiant, but it is not the only one. If this investigation made the headlines because of the organizations affected, the company has several hundred reports, on other cyberattacks, as well as on groups of hackers, state or not. This knowledge could be very useful to Google.

A ransomware specialist

Mandiant’s other great asset is its anti-ransomware fighter specialization. The company has been able to develop a protocol that allows its customers to assess their level of resistance to this type of threat. A tool that has avoided many disappointments for Mandiant’s client companies. Kept secret, it is of particular interest to Google, and above all the possible profits it could derive from it. Knowing that the Californian firm already has some know-how for DDos type attacks but is fairly new to ransomware.

Soon a google-cybersecurity?

We come to the main reason that prompted Google to buy Mandiant, the desire to have an entity specializing in cybersecurity. Indeed, the Alphabet subsidiary knows that the years to come will be eventful in terms of cyber risk, a consequence in particular of an increasingly tense global geopolitical context. The firm’s cloud product, Google Cloud, has already had to deal with cyberattacks targeting its users. All attacks have so far been repelled but knowing that the attacks are likely to increase in complexity, the Californian company prefers to ensure its defenses with Mandiant know-how. Google also wants to be able to become a major player in the cybersecurity sector. This purchase should make it possible to catch up with Microsoft, because the Alphabet industry, rightly or wrongly, feels left behind by Bill Gates’ company in terms of cybersecurity.

Leave a Comment