The Washington PostDemocracy Dies in Darkness

Mandiant, which rooted out Chinese hackers for the NYT, is being snapped up for nearly $1 billion

Mandiant CEO Kevin Mandia. ( <a href="">Mandiant</a> )
Placeholder while article actions load

The past year saw the dramatic rise of information security firms in the face of sustained foreign spying against U.S. corporations. One of those firms, Mandiant, became a household name last January when The New York Times revealed its role in tracking down alleged Chinese hackers lying dormant within the Times's network. The Washington Post has also hired Mandiant to analyze and defend its own IT resources.

Now Mandiant is being acquired by another major player in the space. FireEye, Inc. has purchased the Alexandria-based firm in a $989 million mix of stock and cash, executives said Thursday. The deal, which closed on Dec. 30, involves 21.5 million shares of FireEye and $106.5 million in cash.

With Thursday's announcement, Mandiant will become a publicly-held company for the first time. The decade-old firm does $100 million a year in sales, and its 500 employees serve around 500 customers, most of which are in the Fortune 500, said CEO Kevin Mandia in an interview.

American companies account for 95 percent of Mandiant's business. The firms hope that merging will put the combined company in a strong position to expand internationally. But that could create tensions between FireEye and the U.S. government as the company seeks out more foreign clients, many of whom have grown suspicious of Washington in the wake of the ongoing controversy over NSA surveillance.

"The conversation around Microsoft and the NSA, or others who had relationships with them, is only creating more opportunities for companies like us," said David DeWalt, FireEye chairman and CEO, in an interview. Microsoft in December branded the U.S. government as an "advanced persistent threat" to businesses, invoking Mandiant's term of art for China's elite military hacking unit.

Though Mandiant and FireEye operate in the same industry, their capabilities are distinct. FireEye specializes in network monitoring and helps businesses detect intrusions. Mandiant, meanwhile, sells an incident response platform that sits on end-user devices and helps businesses determine when sensitive information has been breached and, the company says, automatically closes vulnerabilities.

Together, Mandiant and FireEye will be better equipped to move quickly from detection to response, according to DeWalt.

"What we're able to do now is go from basically alert to detection to a fix in minutes or seconds," he said. "If FireEye detects a breach, we can immediately communicate that to the Mandiant platform and essentially verify scope on all of the computers."

Mandiant accepted the FireEye deal despite considering a potential initial public offering, Mandia said. In September, FireEye's own IPO performed above expectations, beating its $16 price estimate by about $4 a share. The company is currently trading at $41 a share.

FireEye has been pouring vast sums into new markets and products. The company lost nearly $139 million over the last year, 40 percent of which was spent on R&D. Despite the losses, information security experts are optimistic about FireEye's growth. That's because the demand for its products isn't going to shrink anytime soon.

"If we were to be optimistic about 2014, we could say that boards will finally pay attention to cybersecurity risks," said Allan Friedman, a cybersecurity scholar at the Brookings Institution and George Washington University. "There could be any number of senior officers who are going to be getting calls from their board saying, 'What are we doing about this?' and those people are going to go running to expert companies."