Trail of Bits vs Mandiant (part of Google Cloud)
Trail of Bits
Co-founded in 2012 by Dan Guido and headquartered in New York City, Trail of Bits combines academic-style security research with hands-on engineering. The firm is best known for advanced software assurance work across cryptography, AI/ML, blockchain, and low-level systems, and for releasing widely used open-source tooling such as the Slither smart contract analyzer.
Pros
- Strong academic and research-grade reputation with published peer-reviewed work
- Open-source tooling footprint including Slither, Echidna, Manticore
- Recognised leader in smart-contract auditing for top-tier protocols
- Engineering depth that translates findings into custom defensive tooling
Cons
- Premium pricing and limited bench means long lead times
- Highly specialised, not a fit for routine commodity pentesting
- No published price list; bespoke statements of work per project
Pricing: Custom (contact sales)
Mandiant (part of Google Cloud)
Founded in 2004 by Kevin Mandia, Mandiant built a global reputation responding to the world's most high-profile breaches. After acquisition by FireEye in 2013 and by Google for ~$5.4B in 2022, the firm retained its brand and now operates inside Google Cloud as a specialist consultancy for incident response, threat intelligence, and offensive security.
Pros
- Frontline visibility into nation-state and ransomware intrusions through real IR casework
- Deep threat intelligence backed by APT group tracking (APT1, APT28, APT41)
- Backed by Google Cloud scale, telemetry, and engineering resources
- Brand recognition that satisfies board and regulator expectations after a breach
Cons
- Premium enterprise pricing with bespoke engagements and no public price list
- Lead times can be long outside an active retainer relationship
- Brand and roadmap increasingly tied to Google Cloud's strategic priorities
Pricing: Custom (contact sales)