Mandiant, a firm made famous for telling the world about Chinese state hackers such as the Comment Crew (aka ‘PLA 61398’), has been bought by security’s other hot property FireEye for $1 billion in shares and cash.

It’s a big price for such a small outfit – around 300 people if Mandiant’s Wikipedia page is accurate – but FireEye is a firm that shows every sign of being in a hurry. This makes it unusual and interesting. Security has for the longest time been a dark art that demands that firms grow more slowly and organically, acquiring here and there.  Not FireEye, which wants to get as big as possible and quickly.

Since raising over $300 million from its popular IPO in September, the firm’s shares have risen sharply in value, hence the engineering of basing the Mandiant acquisition on only $106.5 million of cash with the rest in stock. Mandiant’s owners are betting that the combined companies will be worth a lot more than they are apart, a probably justified hope.

Growing at what some grumble is an unhealthily rapid rate, the super-fashionable FireEye is now even larger. But is it necessarily better?

Clever publicity and research reports discussing the terror concept of the post-firewall age – Advanced Persistent Threats – have handed FireEye the sort of mindshare that has some worrying it might be over-selling its capabilities.

It’s hard to believe that despite being founded almost a decade ago, until 2012 nobody had heard of it outside the Valley. But then FireEye got the break of having the right APT-detection story at the right time and off it bounded like a dog with its jaws clamped around the last bone in the neighbourhood.

By contrast Virginia-based Mandiant’s attraction is that its business is built on selling emergency forensic services to firms that believe they have been compromised by sophisticated targeted attacks.  Its famous customers include The New York Times, torn open by Chinese hackers over a year ago, and The Washington Post.

In that sense, its ability isn’t the promise of detecting APTs so much as rooting out the extent of their activity on a very practical level once they have got past other defences. It also sells endpoint security tools as well as researching the modus operandi of state-backed attackers.

As Mandiant’s founder and CEO, Kevin Mandia put it, “the combination of FireEye and Mandiant will deliver end-to-end protection and meaningful value to customers.”

“The combined product portfolio will cover all the major attack points within an organization, and our expanded services capacity will allow us to quickly pivot to incident response when necessary to reduce the impact of security breaches.”

In other words, two anti-APT firms are better than one.

The challenge is that every other security firm out there, including several diversifying giants such as Juniper, Cisco, HP and IBM, see the same opportunities and must be eyeing FireEye with interest. Will they do it themselves or take the low road? Time will tell.