Managed security software provider FireEye has acquired fellow security vendor Verodin for around $250m in cash and stock. The deal is expected to add about $20m to FireEye billings in 2019 and more than $70m for the full year 2020.
The Verodin Security Instrumentation Platform, which tests security systems, adds “significant new capabilities” to FireEye's portfolio, said the buyer, by identifying gaps in security effectiveness due to equipment misconfiguration, changes in the IT environment and evolving attacker tactics.
Verodin will integrate with FireEye Helix security orchestration capabilities to help customers prioritise and automate continuous improvement of security controls. Customers will also be able to implement Verodin cyber security measurement and validation solutions “as-a-service” through the FireEye Managed Defense service and as an Expertise On Demand automated service, said FireEye.
Verodin solutions will continue to be available on a standalone basis through Verodin resellers, as well as through the global community of FireEye channel partners.
FireEye said: “Equipped with our frontline intelligence, the Verodin platform will measure and test security environments against both known and newly discovered threats, empowering organisations to identify risks in their security controls before a breach occurs, and enabling them to rapidly adapt their defenses to the evolving threat landscape.”
Kevin Mandia (pictured), chief executive officer at FireEye, said: “Security effort does not equal security effectiveness. That is why security-conscious customers red-team their networks – they need the unvarnished truth of how effective their security programmes are. Verodin gives us the ability to automate security effectiveness testing using the sophisticated attacks we spend hundreds of thousands of hours responding to, and provides a systematic, quantifiable and continuous approach to security programme validation.
“We believe there is no better way to train people and instrument better security than by continually attacking the environment and adapting security controls to the real threats.”