Facebook Might Target FireEye to Restore Reputation After ‘Embarrassing’ Security Breaches

Facing a $645,000 fine from the U.K.’s Information Commissioner’s Office for the Cambridge Analytica data breach, and the recent attack on its computer network that exposed the personal information of nearly 50 million users, Facebook could probably use some help in the cybersecurity department.

Could acquiring FireEye be the answer? This week brought reports saying Facebook is looking to acquire a cybersecurity company, and Thursday, Motley Fool listed four reasons why FireEye could be the acquisition target.

Dan Wire, FireEye’s vice president of global communications, tells Channel Partners “we don’t have any comment on these types of rumors.”

The 2112 Group’s Larry Walsh

Larry Walsh, CEO and chief analyst of The 2112 Group, and member of the Channel Partners Editorial Advisory Board, said Facebook probably believes it needs the credibility of a major security company to help fix its reputation “after a series of embarrassing security breaches and failure to stop political instigators.”

For such an acquisition to work, the cybersecurity company needs name-brand recognition, he said. Without it, Facebook won’t reap the benefits of generating the perception that it’s serious about security.

The cybersecurity company will need substantial revenue and healthy profit with interest, taxes, depreciation and amortization added back to it, Walsh said.

“Facebook is investing in perception over reality, but it doesn’t want to take on a losing bet,” he said. “Any acquisition will need to be fiscally sound.”

In addition, the company needs security capabilities that address Facebook’s core and related security issues, Walsh said. And it won’t be a hardware company, as Facebook is unlikely to take on the logistical challenges associated with selling and supporting physical devices, he said.

“If you apply this criterion, FireEye makes a lot of sense as its core competency is incident response, it has solid software security technology, and it’s a sizable company by revenue,” he said. “And while FireEye isn’t necessarily profitable and isn’t the best-known company outside of enterprise circles, it does have a solid reputation in the security industry and substantial government contracts.”

Ovum’s Rik Turner

Rik Turner, principal analyst at Ovum, said buying FireEye would certainly help Facebook.

“FireEye actually has some good tech and, these days, quite a broad portfolio that covers network, endpoint and cloud,” he said. “It also has some good threat intelligence.”

FireEye’s problems include starting out as an “excellent marketing organization with one product — network sandboxes,” Turner said.

“It had a very successful initial public offering (IPO), but then malware writers got good at detecting that they were in a sandbox,” he said. “It sold loads of big appliances, particularly to Wall Street, but the world moved on to virtual, then cloud. It had a few poor quarters of results and shed huge numbers of people.”

With all of these factors in mind, FireEye is “ripe for acquisition,” Turner said.

Tony Massimini, senior industry analyst, information and network security at Frost & Sullivan, said there are numerous issues to consider, such as how companies that use or want to use FireEye would feel about really doing business with Facebook.

Also, FireEye has focused on geopolitical situations with the United States and other countries globally, “and there’s a question as to how would these countries feel about working with (Facebook CEO) Mark Zuckerberg,” he said.

“Perhaps a deeper collaboration with FireEye and other cybersecurity vendors where it increased the amount of services it would purchase would be better and give more flexibility,” Massimini said. “Are they better off just engaging more versus buying.”