Key Observations from FireEye’s ~$1.0B Acquisition of Mandiant

Share Button

FireEye’s $1.0B acquisition of Mandiant marked the 2nd cyber security transaction in the past four months with a publicly disclosed valuation in excess of 9.0x TTM revenue. However, unlike Sourcefire, which Cisco Systems acquired in October 2013, Mandiant has more extensive ties back to the federal sector and a greater composition of services work (vs. products). Therefore, it is more relevant to take a detailed look into the drivers of this valuation and the implications for the government contracting community.

Mandiant was founded in 2004 and is the undisputed leader in security incident response management. The company received significant publicity in February 2013 after it published a report directly implicating China in recent cyber espionage attacks. However, prior to its publicized reports, the company was recognized across the cyber security community as the “Navy seal team” of cyber security breaches, and had secured equity investments from prominent private equity firms Kleiner Perkins Caufield & Byers and One Equity Partners LLC. Mandiant has historically generated approximately 40% – 50% of its annual revenue from its incident response service line. The 60% – 65% gross profit margin that Mandiant generates from services reinforces the high end, differentiated nature of this work. The remaining 50% – 60% of the revenue stream is derived from Mandiant’s product and recurring subscription and support business lines, which generate 72% – 82% gross profit margin. The company’s end-point based threat detection product provides for comprehensive real-time monitoring, allowing organizations to rapidly detect, analyze, and resolve security incidents before they impact their business. Founder Kevin Mandia, a former Air Force Special Agent and former government contractor, started Mandiant on the premise that “security breaches are inevitable and that the goal of great security programs is to eliminate the consequence of these breaches.” Therefore, there is a need for rapidly detecting incidents and containing them, thus eliminating the business impact of such inevitable breaches.

Source: FireEye, Inc. Conference Call and Webcast Presentation, January 2, 2014.

Not only are there significant product synergies that will enable FireEye to deploy a more sophisticated, full cycle solution offering, but the more standard revenue synergies associated with an acquisition exist in this deal as well. Mandiant has over 500 customers, with less than a 20% overlap with existing FireEye customers. More importantly, Mandiant has served over 33% of the Fortune 100 across a broad base of industries, which provides FireEye with new access to sell their cyber products to large, profitable accounts with the most stringent information security requirements. Additionally, FireEye’s international footprint will provide Mandiant greater global access for a company that has already been growing at a 50%, 3-year Compound Annual Growth Rate (CAGR). FireEye’s revenue synergy potential was presented in its acquisition summary in the slide below:  

Source: FireEye, Inc. Conference Call and Webcast Presentation, January 2, 2014.

While a ~10x TTM revenue valuation for a business with nearly half of its revenue derived from services may sound rich, there are undeniable near term opportunities for these businesses to rapidly grow. On a stand-alone basis, Mandiant has been growing at a 50% CAGR, so if you assume a consistent forward growth rate, the 2014P revenue multiple is only 6.67x. Moreover, because of the expertise and demand for Mandiant services, the company generates product-like profit margins approaching 65%. Wall Street analysts and institutional investors have certainly bought into the merger, as the share price of FireEye grew 38.6% on the day following the announcement[1], and has appreciated by 61.5% in the YTD period. This is particularly notable for the former Mandiant shareholders, who received approximately 90% of the merger consideration in the form FireEye stock prior to the run up in the share price.

The acquisition of Mandiant has direct relevance for the government contracting community. Similar to most contractors, Mandiant was founded by a former federal employee, who eventually worked for a contractor before starting his own company. Mandiant’s first clients were federal customers on services-based contracts, and the company still generates nearly half of its revenue through T&M type service contracts with commercial and federal customers. Mandiant has differentiated itself over the past ten years by obtaining the most cutting edge cyber security domain expertise and reinvesting its free cash flow into developing a unique product portfolio. The company successfully positioned itself to work on the most complex, mission critical cyber breaches and has been able to leverage that experience on future projects, becoming the industry leader. It’s certainly not an easy model to replicate, but even coming close to a Mandiant-type business should result in an attractive liquidity event. While federally focused services companies will never trade at significant multiples of revenue like Mandiant and Sourcefire, pure play cyber and data analytic firms focused on cutting edge, complex cyber security and data analytic requirements will command premium valuations compared to the broader government services market.

Sources: FireEye, Inc., Mandiant Corporation – M&A Call Transcript; FireEye, Inc. Conference Call and Webcast Presentation, January 2, 2014.


[1] FireEye provided updated Q4 guidance along with the Mandiant announcement, so it is impossible to determine the exact impact of the acquisition on the FireEye share price.

About Timothy Schmitt

Timothy Schmitt has written 8 post in this blog.

Share Button

View Archives

Blog Authors

Latest Webinar Videos