Incident responders are the rapid response teams in the cyber security industry. You will always be called when there is a hacker alarm. If a ransomware has already been used, then for them it is all about cleaning up. Ideally, however, criminal hackers or cyber spies are discovered before they can cause any major damage. Then the first responders have a particularly tricky task. You need to quickly and quietly find and fix the gaps that hackers used to get into the network, and then arc the attackers out. Incident response teams are therefore something like elite units in cyber security. One of the most famous units has been employed by the US cyber security company Mandiant for almost 20 years, which has now been taken over by the US technology group Google for 5.4 billion euros.
The fact that Kevin Mandia founded one of the most successful cyber security companies in the world is hardly surprising given his career. In 1992 he began his service as an officer in the US Army. Six years later, he joined the Air Force as a cyber security specialist. Mandia made contacts in the army that are probably still useful to this day. In 2000, Mandia retired from the service. After a short stint with the US arms manufacturer Lockheed Martin, he founded his own cyber security company: Mandiant. His approach was unusual and original for the time. Mandia not only wanted to eliminate threats, above all he wanted to understand the enemy, his employees should learn as much as possible about the attackers.
Mandia recruited rows of former cyber soldiers and ex-employees of the American services with the three letters, i.e. NSA, CIA and FBI, for whom this almost intelligence task was nothing new. Mandia’s philosophy paid off by 2013 at the latest. A report by his company about the previously mysterious Chinese hacker unit 61398, which was scouring hundreds of US companies for company secrets on behalf of the Chinese government, made waves in the US.
At the time, it was an open secret that the Chinese government used every means to catch up technologically with Western countries. President Barack Obama at the time also declared defense to be a top priority. There was hardly any public evidence. Mandiant’s report did that for the US government. On 76 pages, it showed how the Chinese spies went about their work of stealing ideas. Mandiant, which was already considered an extremely good incident response company at the time, became world famous overnight.
What does Google want with the elite hackers?
The company is well paid for this status today, the deployment of its experts in hacker attacks often costs twice what normal companies charge, says Andreas Rohr from DCSO, a German company that also offers incident response and security for German industry -Solutions tested. But the Mandiant hackers are definitely worth their money, says Rohr.
And what does Google want with the elite hackers? The group has already announced that Mandiant, like the security provider Siemplify, which was taken over at the beginning of the year, will remain independent. That should be reasonable, especially given Mandiant’s thriving business — the company has been profitable for years — and brand awareness. Rohr expects that Mandiant’s know-how will primarily strengthen the Google Cloud in the future. Artificial intelligence in cybersecurity has been a much, and maybe too much, hyped topic for years, but the detailed Mandiant data on malware, infrastructure and attackers together with Google’s data processing capabilities should be a promising combination, according to Rohr.
The takeover also follows the major consolidation trend in the industry. Customers are increasingly turning to integrated solutions from Microsoft, Google, and others, rather than sourcing their own security solutions from email, endpoint, cloud, and other security providers. Microsoft recently had the edge in the race, with the Mandiant takeover Google can close the gap a bit.