FireEye computer security firm buys Mandiant

In a deal that may have broad repercussions for companies and governments fending off sophisticated hackers and state-sponsored digital attacks, FireEye Inc., a provider of security software, has acquired Mandiant Corp., a company known for emergency responses to network breaches.

The deal, in both cash and stock, is worth more than $1 billion, based on the current value of shares in FireEye.

The acquisition, which closed Monday but was not publicly announced until after the markets closed Thursday, was the biggest security deal of 2013. It merges two darlings in the $67 billion global computer security market that together could form a formidable competitor to antivirus giants like Symantec and Intel’s McAfee.

David G. DeWalt, FireEye’s chief executive, ran McAfee before it was sold to Intel in 2010. DeWalt was rumored to be a contender for the top job at Intel, but surprised company insiders when he left to join FireEye in 2012.

Mandiant is best known for sending in emergency teams to root out attackers who have implanted software into corporate computer systems. Much of its work focused on attacks from China, and last year it made headlines with a detailed study of a hacking group known as “Comment Crew” that provided the strongest evidence yet that the hackers were closely linked to a cyberunit of China’s People’s Liberation Army, outside of Shanghai.

The combination of the two companies — one that detects attacks in a novel way, another that responds to attacks — comes at a moment when corporate America is increasingly wary of relying on the federal government to monitor the Internet and warn of incoming attacks.

That wariness has increased since the revelations of Edward Snowden, the former National Security Agency contractor who removed thousands of documents before he took temporary refuge in Moscow.

The documents have made it evident to companies that the United States monitors adversaries as well as its allies, including friendly governments, international organizations, and the networks of some Internet companies. Some of them could turn to companies like FireEye and Mandiant for protection, an interesting twist as many of Mandiant’s employees come out of the US intelligence world.

“After the Snowden events, in the current political climate no one can say to the government, ‘Please, come on in and monitor our networks’,” said Kevin Mandia, the founder of Mandiant, who is becoming chief operating officer of the combined company.

Mandiant is privately held, and the big winners in the acquisition will clearly be Mandia and the company’s venture backers. Mandiant has raised $70 million from Kleiner Perkins Caufield & Byers, the venture capital firm, and One Equity, an investment arm of JPMorgan Chase & Co.

FireEye’s success has depended on a technology for detecting attacks that works quite differently from most antivirus products. The majority of antivirus products, both inexpensive versions for individuals and more sophisticated filtering systems for companies, monitor the Web and identify malicious software that has begun to hit victims around the world.

But by the time the attack has been identified and blocked, the malicious software has had a chance to do damage — siphoning a company’s trade secrets, erasing data or emptying a customer’s bank account.

FireEye’s software works differently. It isolates incoming traffic in virtual containers and looks for suspicious activity in a sort of virtual petri dish before deciding whether to let the traffic through.