Peter Parks, AFP/Getty ImagesThe 12-story building in Shanghai’s northern suburb of Gaoqiao where a Chinese military-led hacking group allegedly conducted a series of attacks on U.S. companies’ networks.By Jim Finkle
BOSTON — Cybersecurity company FireEye has acquired Mandiant, the computer forensics specialist best known for unveiling a secretive Chinese military unit believed to be behind a series of hacking attacks on U.S. companies.
FirEye (FEYE) shares jumped more than 20 percent after Thursday’s announcement of the $1.05 billion cash-and-stock deal, which FireEye said closed Monday. It unites two companies with relatively new technologies for thwarting cyber attacks, and brings together two of the most-respected executives in the security industry: FireEye CEO Dave DeWalt and Mandiant founder Kevin Mandia.
While sales of older anti-virus products have been on the decline, security experts expect strong growth in both FireEye’s cloud-based systems for detecting malicious software and Mandiant’s software that analyzes cyber attacks.
About a year ago the two companies entered into a technology development agreement that made it easier to deploy their products together. With the merger, FireEye will gain Mandiant’s team of forensics investigators.
“They have these very strong Navy ‘cyber’ Seals who respond to breaches and are very good at what they do,” DeWalt said about Mandiant. He had previously served as chairman of Mandiant’s board.
“My aim is to create the strongest security company in the world,” DeWalt said in an interview.
FireEye, which has yet to post a profit, said the acquisition will be immediately accretive to earnings and expects the combined company’s revenue to grow about 50 percent this year. In comparison, Symantec (SYMC), the biggest maker of anti-virus software, has said it expects fiscal 2014 revenue to drop 3 percent to 4 percent.
Mandiant is best known for its forensics services. The company rose to prominence in February 2013 when it published a report detailing what it said were links between a Shanghai-based unit of the People’s Liberation Army and a long list of attacks on U.S. companies. Beijing denied all allegations in the report.
“If you combine FireEye’s advanced persistent threat technology with Mandiant’s endpoint protection, it really makes them a major force in the cyber-security industry,” said FBR analyst Daniel Ives.
Mandiant, which has long been profitable, generates sales of more than $100 million a year, according to DeWalt.
Also on Thursday, FireEye announced preliminary revenue for the fourth quarter above its previous estimate. It said fourth-quarter revenue would be between $55 million and $57 million, compared to its previous estimate of between $52 million to $54 million.
DeWalt has declined to say when he expects the company to be profitable.
FireEye, which has a market capitalization of around $5 billion, will pay for Mandiant with a combination of stock and cash. It issued 21.5 million shares and options, which were worth $939 million on Monday, when the stock closed at $43.69.
A company spokesman said it had about 140 million shares outstanding after the deal was completed.
It will also pay $106.5 million in net cash to Mandiant’s shareholders, who include Mandia as well as Silicon Valley venture capital firm Kleiner Perkins Caufield & Byers and One Equity Partners, the private investment arm of JPMorgan Chase (JPM).
Brenon Daly, M&A research director for 451 Group, said that FireEye was paying approximately 10 times Mandiant’s annual revenue. That is about the same revenue multiple that Cisco Systems (CSCO) paid in its $2.7 purchase of Sourcefire, last year’s biggest deal in the information security industry, he said.
“This is one of the first time we have seen one of the new high-flying IPOs use the currency generated through the IPO process to pull of this large a transaction,” Daly said.
DeWalt said he owns some shares in Mandiant and will disclose the size of his stake within a few days through a filing with the Securities and Exchange Commission.
FireEye shares rose 23.51 percent in extended trade after closing down 5.69 percent at $41.13 on Nasdaq.
FireEye’s rivals include Palo Alto Networks (PANW), which went public in 2012 in one of that year’s most successful IPOs.
Mandiant was founded in 2004 by Kevin Mandia, a former U.S. Air Force cyber-forensics investigator who co-authored an influential textbook on the subject. The company made its name by automating processes used to investigate computer breaches.
The company was largely unknown outside the computer security world until February of last year, when it fingered the People’s Liberation Army’s Shanghai-based Unit 61398 as the most likely driving force behind a Chinese hacking group known as APT1.
Other security companies had published reports on cyberattacks, but had shied away from so clearly identifying their perpetrators.
DeWalt said FireEye would consider releasing similar reports now that it owns Mandiant.
“You will probably see us continue to do it when it is appropriate,” he said. “There is some incredibly egregious behavior.”
DeWalt is the former chief executive of anti-virus software maker McAfee who sold McAfee to Intel Corp. (INTC).
Mandia was named FireEye’s chief operating officer. He said in an interview that he plans to move to Silicon Valley, where FireEye has its headquarters, from the Washington D.C. area.
“I’m in this for the long-term,” he said. “This is as exciting as heck for me.”