FireEye Failed, Mandiant is for Sale and it’s Time for Microsoft to Get Serious with Enterprise Security

 An autopsy of FireEye’s missteps and why Microsoft should Acquire Mandiant and create a Security Division

It’s widely rumored that Microsoft (MSFT) is in talks to acquire Mandiant (MNDT), the company once known as FireEye (FEYE). As an industry analyst focused on cloud, cybersecurity and other disruptive technologies, I’ve been tracking FireEye and Mandiant for many years. In this article I will share three foundational problems that prevented FireEye from succeeding, and why I think a Microsoft acquisition makes sense.

FireEye was once a stock darling. The company was a “pure-play” cybersecurity company and IPOed in 2013 with much fanfare. The IPO popped 80% on its first day of trading – pricing its initial shares at $20 a share, but closing the day out at $36. The stock would eventually rise to $97 as the company burned through cash while also increasing revenue. But like many companies on the sugar high of a rising stock price, eventually the bears came. FireEye couldn’t run from the fact that the company lacked a clear path to profitability.

Problem 1: IPO pops are exciting, but too much cash was left on the table

The IPO of 15.2 million shares in 2013 raised about $304 million for the company. Who could complain about that? Me.

Although underwriters need to price an IPO stock at an attractive price, if it’s too low, the company risks losing out on millions of dollars that could go towards R&D, talent acquisitions, technology acquisitions, and building a longer runway until profitability. At the end of FireEye’s first day of trading, the company’s initial offering of 15.2 million shares was valued at more than 547 million dollars! Suddenly the $304 million raised from the IPO seems paltry. If we even split the difference, and if the stock was IPOed at $28 a share, the company would have put an additional $121.6 million dollars in its coffers.

Problem 2: FireEye became drunk with its stock performance

Rather than moving on from its IPO and focusing on expanding its product offerings and gaining wider adoption, FireEye management became focused on the Wall Street perception of the company. Just six months after the IPO, the company (along with its founder and initial investors) offered another 14 million shares, this time priced at $82 a share. This secondary offering raised an additional $460 million dollars of cash – and also resulted in the founder and investors unloading 8.4 million shares! FireEye itself only sold 5.6 million of its own shares.

At the end of 2013, FireEye bought Mandiant, a response and remediation services company for roughly $1 Billion Dollars in stock and cash. Much of the 2014 secondary stock offering was to repay the company for acquiring Mandiant (more than $100 million of cash was paid).

Problem 3: The downfall from a cybersecurity technology business to a services organization

Although the widely covered FireEye hack may have served as a deathblow to the company, the transformation from a high-flying security software business to a services business had already occurred. There is no doubt that FireEye had some amazing security tools to spot advanced persistent threats and zero-day exploits, but the company could never create the market momentum to become a profitable enterprise security vendor. Instead, the Mandiant response and response services became what the company was known for.

Yes, the company had some great technology, but it was accompanied by highly skilled, highly recruited and highly paid security professionals. There is a reason why Wall Street and private equity loves software companies and has a disdain for services models – software is endlessly scalable while services require more and more people to scale.

Wrapping up the problems: FireEye’s software offerings never evolved as standalone cybersecurity offerings while the company lost focus on what made its stock so valuable – the need across all industries for more advanced cybersecurity offerings. Instead, the company evolved into a services organization and eventually sold off the FireEye product business for $1.2 Billion in 2021.

Microsoft has two speeds—the company goes big and fast or slow and deliberate

After years of walking a fine line between being an advocate or a naysayer of open source, the company went big with its $7.5 billion acquisition of GitHub in 2018. More recently, the company announced its intent to acquire Activision Blizzard for roughly $67.7 billion in cash to propel the company into Web3, the metaverse, and bring in a massive amount of application development talent.

At the same time, Microsoft was slow and deliberate with rolling out its cloud computing platform, Microsoft Azure. As a co-author of Hybrid Cloud for Dummies (2010) and Cloud for Dummies 2nd Ed (2020) I can confidently tell you that CIOs and cloud leaders were very skeptical of Microsoft’s initial cloud offerings. In the dozens of early conversations I had with enterprise leaders, their initial impressions of Azure were that it was an “okay” cloud offering for .NET “shops.” In fact CIOs would often tell me that the only reason they’re looking at Azure is that their Microsoft sales lead included Azure for free in large deals.

Fast forward to today, and there isn’t a doubt that Azure is a critical enterprise cloud platform. In fact, the tables have turned and CIOs are being offered cheap/free Microsoft Office licenses alongside their Azure deals.

Microsoft Security – It’s time to get serious with enterprise security

Microsoft has a wide range of security offerings – everything from consumer virus scanners to Kubernetes and cloud-native security enterprise solutions. The company has been pushing its security know-how for many years, but it can often seem disjointed. It leads enterprise customers to wonder whether Microsoft has pure cybersecurity offerings or if the company is meeting the minimum checkboxes to win businesses.

It’s time for Microsoft to create a security business that stands on its own. In our multicloud, hybrid cloud world, it’s not realistic that businesses will just remain “Microsoft shops” and consume whatever offerings are included in an enterprise deal.

Much the way IBM did in 2011 with its acquisition of Q1 Labs (QRadar) and the creation of the IBM Security Division, it’s time for Microsoft to align its security offerings under a standalone division. Microsoft security’s pitch to clients can’t be “wait, there’s more”. Instead, Microsoft Security must have its own go-to-market approach and opinion on providing enterprise security. An acquisition of Mandiant can serve as the impetus for creating Microsoft Security and showcasing Microsoft’s security abilities beyond technologies that are intrinsically tied to the Microsoft ecosystem.


If you’ve been holding FireEye/Mandiant stock since the “good old days” after the IPO, don’t get too excited. The company has seen many suitors, including IBM and Cisco along with others. But for Microsoft, Mandiant can be a rallying point to create a legitimate cybersecurity division that isn’t tied to the Windows, Office and Azure ecosystem.