Mandiant

Last updated

Mandiant, Inc.
FormerlyRed Cliff Consulting (2004–2006)
Company type Subsidiary
Industry Information security
Founded2004;20 years ago (2004)
FounderKevin Mandia
Headquarters Reston, Virginia, U.S.
Key people
Kevin Mandia, CEO
RevenueIncrease2.svg US$483 million (2021)
Number of employees
2,335 (December 2021)
Parent
Website mandiant.com
Footnotes /references
[1]

Mandiant is an American cybersecurity firm and a subsidiary of Google. Mandiant received attention in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021.

Contents

In March 2022, Google announced that it would acquire the company for $5.4 billion and integrate it into its Google Cloud division, with the firm becoming fully incorporated in September 2022.

Founding

Kevin Mandia, a former United States Air Force officer who serves as the company's chief executive officer, founded Mandiant as Red Cliff Consulting in 2004 before rebranding to its current name in 2006. [2] In 2011, Mandiant received funding from Kleiner Perkins Caufield & Byers and One Equity Partners to expand its staff and grow its business-to-business operations, providing incident response and general security consulting along with incident management products to major global organizations, governments, and Fortune 100 companies. [3] [ additional citation(s) needed ]

History

Mandiant is the creator of OpenIOC (Open Indicators of Compromise), an extensible XML schema for the description of technical characteristics that identify threats, security hackers' methodologies, and evidence of compromise. In 2012, its revenues were over $100 million, up 76% from 2011. [4]

In February 2013, Mandiant released a report documenting evidence of cyber attacks by the People's Liberation Army, [5] specifically Pudong-based PLA Unit 61398, [6] targeting at least 141 organizations in the United States and other English-speaking countries extending as far back as 2006. [7] In the report, Mandiant referred to the espionage unit as "APT1". [8]

In December 2013, Mandiant was acquired by FireEye for $1 billion. [9] [10] In October 2020, the company announced Mandiant Advantage, a subscription-based SaaS platform designed to augment and automate security response teams which combined the threat intelligence gathered by Mandiant and data from cyber incident response engagements; [11] in December, the company investigated a major supply chain attack by SolarWinds on U.S. government infrastructure. [12] [13] [14]

In May 2021, Mandiant was contracted to assist in the response to a ransomware incident impacting Colonial Pipeline, a fuel pipeline operator that supplies close to half of the gasoline, diesel, and other fuels to the East Coast of the U.S. [15] [16] In June, the company was spun off FireEye as part of the latter's acquisition by Symphony Technology Group. [17] [18] In August, the company acquired Intrigue, which specialized in surface management. [19]

In 2022, Axios reported that Mandiant reporters identified a pro-China disinformation campaign targeting American voters ahead of the 2022 midterm elections. [20]

On May 4, 2023, Mandiant announced its integration for MISP, Splunk SIEM and SOAR. [21]

Acquisition by Google

In March 2022, it was announced that the company would be acquired by Google for $5.4 billion and subsequently integrated into the Google Cloud division. [22] Following the announcement, Fortune reported that while the deal could face antitrust scrutiny, the acquisition "could help increase competition" rather than harm it. [23]

In April 2022, it was reported that the Department of Justice (DOJ) Antitrust Division was probing the deal for potential violations of federal antitrust law. [24] However, Mandiant revealed in July 2022 that the DOJ granted the acquisition approval. [25] Following a review over potential competition concerns, the Australian Competition & Consumer Commission (ACCC) announced it would not oppose the deal. [26]

On September 12, 2022, the deal closed and integration between Mandiant and Google Cloud began. Following the acquisition, Mandiant was allowed to maintain its brand as a subsidiary of Google Cloud. [27] [28]

Flare-On

Since 2014, every year around autumn the company organizes a well-known cybersecurity reverse engineering challenge called Flare-On, with participants from around the world.

Related Research Articles

<span class="mw-page-title-main">Industrial espionage</span> Use of espionage for commercial purposes rather than security

Industrial espionage, also known as economic espionage, corporate spying, or corporate espionage, is a form of espionage conducted for commercial purposes instead of purely national security.

<span class="mw-page-title-main">Ivanti</span> American IT software company

Ivanti is an IT software company headquartered in South Jordan, Utah, United States. It produces software for IT Security, IT Service Management, IT Asset Management, Unified Endpoint Management, Identity Management and supply chain management. It was formed in January 2017 with the merger of LANDESK and HEAT Software, and later acquired Cherwell Software. The company became more widely known after several major security incidents related to the VPN hardware it sells.

<span class="mw-page-title-main">Broadcom</span> American semiconductor company

Broadcom Inc. is an American multinational designer, developer, manufacturer, and global supplier of a wide range of semiconductor and infrastructure software products. Broadcom's product offerings serve the data center, networking, software, broadband, wireless, storage, and industrial markets. As of 2023, some 79 percent of Broadcom's revenue came from its semiconductor-based products and 21 percent from its infrastructure software products and services.

<span class="mw-page-title-main">CyberArk</span> Israeli software company

CyberArk Software Ltd. is an Israeli publicly traded information security company offering identity management. The company's technology is utilized primarily in the financial services, energy, retail, healthcare and government markets. CyberArk is headquartered in Petach-Tikva. The company also has offices throughout the Americas, EMEA, Asia Pacific and Japan.

SolarWinds Corporation is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offices in a number of locations in the United States and several other countries. The company was publicly traded from May 2009 until the end of 2015, and again from October 2018. It has also acquired a number of other companies, some of which it still operates under their original names, including Pingdom, Papertrail, and Loggly. It had about 300,000 customers as of December 2020, including nearly all Fortune 500 companies and numerous agencies of the US federal government.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat (APT) groups, against other countries.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

<span class="mw-page-title-main">Dmitri Alperovitch</span> American computer security industry executive (born 1980)

Dmitri Alperovitch is an American think-tank founder, author, philanthropist, podcast host and former computer security industry executive. He is the chairman of Silverado Policy Accelerator, a geopolitics think-tank in Washington, D.C., and a co-founder and former chief technology officer of CrowdStrike. Alperovitch is a naturalized U.S. citizen born in Russia who came to the United States in 1994 with his family.

<span class="mw-page-title-main">PLA Unit 61398</span> Chinese advanced persistent threat unit

PLA Unit 61398 is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong, Shanghai, and has been cited by US intelligence agencies since 2002.

<span class="mw-page-title-main">Symphony Technology Group</span> American private equity firm

STG Partners, LLC, doing business as Symphony Technology Group (STG), is an American private equity firm based in Menlo Park, California. Its Managing Partner and Chief Investment Officer is William Chisholm who co-founded the firm with Bryan Taylor and Dr. Romesh Wadhwani in 2002.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

Charming Kitten, also called APT35, Phosphorus or Mint Sandstorm, Ajax Security, and NewsBeef, is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

Double Dragon is a hacking organization with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Ghostwriter, also known as UNC1151 and Storm-0257 by Microsoft, is a hacker group allegedly originating from Belarus. According to the cybersecurity firm Mandiant, the group has spread disinformation critical of NATO since at least 2016.

References

  1. "Mandiant Inc 2021 Annual Report (Form 10-K)". U.S. Securities and Exchange Commission. March 1, 2022.
  2. "MANDIANT, A New Name for a Fast Growing Company; Red Cliff Consulting LLC Rebrands as Firm Offers Expanded Services, Education and Software Tools". Business Wire . February 14, 2006. Archived from the original on April 2, 2015. Retrieved January 5, 2016.
  3. Overly, Steven (February 17, 2013). "Mandiant in the spotlight as cyber attacks on companies increase" . The Washington Post . Archived from the original on February 18, 2013.
  4. Brad Stone and Michael Riley (February 7, 2013). "Mandiant, the Go-To Security Firm for Cyber-Espionage Attacks" . Bloomberg Business . Retrieved January 5, 2016.
  5. Harris, Paul (February 23, 2013). "Chinese army hackers are the tip of the cyberwarfare iceberg". The Guardian . Archived from the original on August 22, 2022.
  6. Xu, Weiwei (February 20, 2013). "China denies hacking claims". Morning Whistle. Archived from the original on June 29, 2013. Retrieved January 5, 2016.
  7. Sanger, David E.; Barboza, David; Perlroth, Nicole (February 18, 2013). "Chinese Army Unit Is Seen as Tied to Hacking Against U.S." . The New York Times . Archived from the original on February 19, 2013. Retrieved January 5, 2016.
  8. Wan, Ellen; Nakashima (February 19, 2013). "Report ties cyberattacks on U.S. computers to Chinese military" . The Washington Post . Archived from the original on February 19, 2013. Retrieved January 5, 2016.
  9. Perlroth, Nicole; Sanger, David (January 2, 2014). "FireEye Computer Security Firm Acquires Mandiant" . The New York Times . Archived from the original on January 4, 2014. Retrieved September 18, 2018.
  10. "FireEye acquires Mandiant in $1bn deal". BBC News . January 3, 2014. Archived from the original on July 7, 2022.
  11. Osborne, Charlie (October 6, 2020). "FireEye's Mandiant debuts new SaaS threat intelligence suite". ZDNet . Archived from the original on October 9, 2020. Retrieved October 7, 2020.
  12. Volz, Dustin (December 13, 2020). "U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia" . The Wall Street Journal .
  13. Turton, William; Mehrotra, Kartikay (December 14, 2020). "FireEye Discovered SolarWinds Breach While Probing Own Hack" . Bloomberg News . Archived from the original on December 16, 2020.
  14. McLaughlin, Jenna (December 13, 2021). "The state of U.S. cybersecurity a year after the SolarWinds hack". NPR .
  15. Turton, William; Mehrotra, Kartikay (June 4, 2021). "Hackers Breached Colonial Pipeline Using Compromised Password" . Bloomberg Business . Archived from the original on June 4, 2021. Retrieved June 5, 2021.
  16. Nakashima, Ellen; Torbati, Yeganeh; Englund, Will (May 8, 2021). "Ransomware attack leads to shutdown of major U.S. pipeline system" . The Washington Post . Archived from the original on May 8, 2021. Retrieved May 12, 2021.
  17. Sigalos, MacKenzie (June 2, 2021). "FireEye is selling its products business and name for $1.2 billion". CNBC .
  18. Duckett, Chris (January 18, 2022). "McAfee Enterprise and FireEye are now called Trellix". ZDNet . Archived from the original on January 19, 2022. Retrieved February 8, 2022.
  19. Alspach, Kyle (August 10, 2021). "Mandiant's Advantage Platform To Get A Boost With Intrigue Acquisition". CRN . Archived from the original on August 10, 2021.
  20. Sabin, Sam (October 26, 2022). "Researchers uncover new pro-China disinformation campaign targeting U.S. voters". Axios. Retrieved October 28, 2022.
  21. "New Mandiant Threat Intelligence Integrations for MISP, Splunk SIEM and SOAR, and Cortex XSOAR by Palo Alto Networks". Mandiant. Retrieved May 9, 2023.
  22. Shead, Sam (March 8, 2022). "Google to acquire cybersecurity firm Mandiant for $5.4 billion". CNBC . Archived from the original on March 8, 2022. Retrieved March 8, 2022.
  23. "Can antitrust regulators justify killing a Google-Mandiant deal?". Fortune. Retrieved October 28, 2022.
  24. Burt, Jeff. "US DOJ probes Google's $5.4b Mandiant acquisition". www.theregister.com. Retrieved October 28, 2022.
  25. Fitzgerald, Jay (July 18, 2022). "Google-Mandiant Deal Closer After DOJ Ends Antitrust Inquiry". CRN. Retrieved October 28, 2022.
  26. "Google's acquisition of Mandiant not opposed". The Bull. August 11, 2022. Retrieved October 28, 2022.
  27. Faife, Corin (September 12, 2022). "Google now owns the firm that found SolarWinds hack". The Verge . Archived from the original on September 12, 2022. Retrieved September 12, 2022.
  28. Sawers, Paul (September 12, 2022). "Google closes $5.4B Mandiant acquisition". TechCrunch. Retrieved September 13, 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.