If it's not clear, here's a summary. FireEye acquired Mandiant a while ago for ~1B. FireEye had all the jazzy physical tech of the time like good, hardened sandboxes, sensors, etc, stuff you physically sell. Mandiant had the incident response and threat Intel expertise to analyze the telemetry from those physical appliances. Pairing made sense.
Now a days, Mandiant's IR and threat Intel offering is strong as ever, but people don't want just 1 companies sensors and telemetry products, they want to use whatever they want. There's also been new strong players into the physical sensor business like Microsoft and Crowdstrike just to name 2. So by splitting Mandiant can gain freedom to do all the things they do best but also integrate with other companies products, while FireEye can still develop leading products sold as standalone items. Mandiant has sold the big parts of what used to be FireEye for ~1.2B. So total Mandiant -> FireEye -> Mandiant
It's a good move that splits both organization segments in a way that makes sense for each. Disclaimer, I work for FireEye.
That is one way to look at it. Another way to look at it, which seems superficial and yet likely explains much, is that Kevin Mandia really likes being CEO of a company that’s named after him.
Microsoft has been pulling its punches for a long time here. We all thought Sysmon+ETW+WEF would be the death of EDR, yet... nope. Why will this year’s acronym be any different?
ATP is a fully integrated product, both from a business (E3/E5/etc) and technical solution... for example for O365 mail security it's a much cleaner integration than an appliance solution.
Unlike Sysmon/ETW/WEF, the Microsoft rep can sell ATP with incentives during 1 EA cycle, and then sell the M365/E5 bundle with phone, etc in the next. Microsoft's superpower has always been smart bundling strategy.
Now a days, Mandiant's IR and threat Intel offering is strong as ever, but people don't want just 1 companies sensors and telemetry products, they want to use whatever they want. There's also been new strong players into the physical sensor business like Microsoft and Crowdstrike just to name 2. So by splitting Mandiant can gain freedom to do all the things they do best but also integrate with other companies products, while FireEye can still develop leading products sold as standalone items. Mandiant has sold the big parts of what used to be FireEye for ~1.2B. So total Mandiant -> FireEye -> Mandiant
It's a good move that splits both organization segments in a way that makes sense for each. Disclaimer, I work for FireEye.