Yesterday, Google has announced its intent to acquire Mandiant, a leading provider of cybersecurity defense and response services, for $5.4 billion – the company’s second-largest acquisition to date. When the deal is closed, Mandiant will join Google Cloud, further expanding its new parent company’s portfolio of security services, both in its own cloud and across multi-cloud and hybrid environments.

To be completely honest, my initial reaction was somewhat akin to “Oh, poor Mandiant, they just won’t leave it alone…” After all, the company had quite an interesting history. Established in 2004, Mandiant has quickly established itself as one of the leading vendors in threat intelligence, incident response, and security consulting. However, in 2013 it was acquired by FireEye in a deal of over $1 billion.

For 7 years, Mandiant operated as a unit within FireEye, growing and increasing its brand recognition even further with such high-profile investigations as the SolarWinds supply chain attack or the Colonial Pipeline ransomware incident. However, in June 2021, Mandiant has again emerged as an independent company after a split that has seen FireEye’s products sold to a private equity group. This freedom didn’t last long, as we can observe now since Alphabet is keen to close the acquisition as quickly as possible.

Still, my first reaction was, of course, wrong. Mandiant is anything but “poor” and joining Google Cloud will only open massive new prospects for it, both in terms of reaching much larger customer bases and accessing Google’s own cloud infrastructure. So, while the company’s independent presence was short, its future as a part of the Google Cloud platform seems secure. More interesting, however, is understanding the future benefits of the deal for Google…

As we already mentioned while discussing the company’s earlier acquisition of Siemplify, Google is working hard to establish itself as a full-featured security service provider. While Google Cloud has long been recognized as one of the world’s largest cloud service providers, just having a lot of hardware is no longer enough for a reliable competitive advantage. In the times when large-scale security attacks have become a daily norm, data leaks and ransomware attacks can ruin even large businesses, and compliance regulations come with increasingly hefty fines, security has become a crucial differentiating factor for choosing the right provider for your next cloud project.

Fifteen years after the first public cloud has emerged, AWS remains the largest cloud service provider by size and revenue; trying to compete with it by building more data centers is still not a viable strategy. Sooner or later, other providers came to the realization that attracting customers with unique innovative capabilities and services is the right way. Oracle has the best databases, Google has the best API management, IBM has great managed services, etc. However, no single cloud is best at everything, and thus, “multi-cloud” is quickly becoming the new “hybrid” for modern large-scale cloud projects.

And in this new multi-cloud world, you must ensure that critical workloads and sensitive data remain constantly observable, properly governed, and securely protected against a multitude of cyber threats and other risks. Securing your own cloud is no longer enough – customers expect your security tools to provide holistic coverage across your competitors as well.

Microsoft was perhaps the earliest adopter of this strategy, and it has paid off quickly. In the recently published Leadership Compass on Intelligent SIEM Platforms, we have recognized the company’s security analytics platform Microsoft Sentinel as an undisputed market leader despite its relatively short history. Microsoft Defender for Cloud is also the first solution to provide security posture management across all three big clouds.

Now, it’s Google’s turn to boost its security services, and the company has decided to go big by adding a veteran leader in threat intelligence, attack surface management, and automated defense to its already substantial portfolio. This is a clear indication that Google is no longer focusing on “cloud-native” startups, but wants to see large, more traditional enterprises among its customers, and is ready to cater to their complex, hybrid, multi-cloud requirements.

All these developments indicate a welcome departure from the old-school mentality of “my cloud is better than yours” towards more open and mutually beneficial partnerships and multi-cloud collaboration projects. For the customers, consistent multi-cloud security is a must, and seeing the market becoming more competitive is a definite win. KuppingerCole will continue to observe these developments and cover all aspects of security from and for the cloud in our research.