Microsoft is in talks to acquire cybersecurity research and incident response company Mandiant, according to people familiar with the discussions, a deal that would bolster efforts to protect customers from hacks and breaches.

The deliberations may not result in an offer, said the people, who asked not to be identified because the talks are private. Mandiant and Microsoft declined to comment. Mandiant shares surged 7% to $19.02 in New York on Wednesday, bringing its market value to almost $4.6 billion. Microsoft stock gained 2.2% to $311.21.

Adding Mandiant would build up Microsoft’s arsenal of products for protecting clients and responding to cybersecurity threats. The software giant bought two smaller cybersecurity companies last year, and said last month that it had amassed $15 billion in security software sales in 2021, up almost 45% from a year earlier. The Redmond-based company last year named former Amazon.com cloud executive Charlie Bell to oversee its security efforts, and said it had 3,500 employees working to safeguard customers “from the chip to the cloud.”

More

“This would be a smart move for Microsoft,” said Bloomberg Intelligence’s Anurag Rana. “In the future, the cloud with most security features would win.” A deal would enable Microsoft to better compete with companies focused solely on security and might also push cloud rivals Amazon.com and Alphabet‘s Google to pursue their own similar acquisitions, he said. 

Mandiant became a stand-alone company again last year when FireEye — which had acquired Mandiant in 2013 — sold its eponymous security-product business for $1.2 billion to a consortium led by Symphony Technology Group. While FireEye’s products focus on security for networks, email and cloud systems, Milpitas, California-based Mandiant’s work is primarily in incident response and cyberintelligence cases.

Advertising

The potential deal would give Microsoft even deeper insight into consequential hacks. The ubiquity of Microsoft’s Windows operating system already gives the company data on high profile breaches. That, combined with Mandiant’s consultants, who are often called on to investigate and triage hacks by state-backed and advanced criminal actors, would give the combined companies unparalleled cybersecurity knowledge. 

Mandiant was founded almost two decades ago by Kevin Mandia, a former U.S. Air Force officer, eventually becoming known for its incident response services.

FireEye acquired Mandiant in 2013, providing cybersecurity services and notably releasing a series of threat intelligence reports detailing alleged state-sponsored hacking originating in countries such as China and Russia.

FireEye was involved in numerous major breach investigations, including the suspected North Korean intrusion at Sony Pictures Entertainment in 2014. Equifax also retained FireEye’s services following the 2017 breach there.

Cyberthreats have been rising in severity globally, with Microsoft’s products often in the crosshairs. In March 2021 attackers linked to China used flaws in the code of Microsoft’s Exchange software to break into tens of thousands of organizations. In a breach disclosed in December 2020, suspected Russian hackers compromised popular software from Texas-based firm SolarWinds, inserting malicious code into updates for SolarWinds software, an attack that also affected Microsoft and many of its customers.

In October, Microsoft said the hackers behind the SolarWinds cyberattack were engaged in a fresh campaign to compromise global networks by targeting the technology supply chain, including resellers and providers of cloud technology.

Microsoft Philanthropies underwrites some Seattle Times journalism projects.