(Bloomberg) -- Microsoft Corp. is considering making a bid for cybersecurity-research and incident response company Mandiant Inc., according to a person familiar with the discussions, a deal that would bolster efforts to protect customers from hacks and breaches.

The deliberations may not result in an offer, said the person, who asked not to be identified because the discussions are private. Mandiant and Microsoft declined to comment. Mandiant shares jumped as much as 22% to $18.37 in New York following the report, while Microsoft stock gained about 1% to $303.83.

Adding Mandiant, with a market value of about $3.7 billion, would build up Microsoft’s arsenal of products for protecting clients and responding to cybersecurity threats. The software giant bought two smaller cybersecurity companies last year, and said last month that it had amassed $15 billion in security software sales in 2021, up almost 45% from a year earlier. The company last year named former Amazon.com Inc. cloud executive Charlie Bell to oversee its security efforts, and said it had 3,500 employees working to safeguard customers “from the chip to the cloud.”

Mandiant became a standalone company again last year when FireEye Inc. -- which had acquired Mandiant in 2013 -- sold its eponymous security-product business for $1.2 billion to a consortium led by Symphony Technology Group. While FireEye’s products focus on security for networks, email and cloud systems, Milpitas, California-based Mandiant’s work is primarily in incident response and cyber-intelligence cases.

Cyberthreats have been rising in severity globally, with Microsoft’s products often in the crosshairs. In March 2021 attackers linked to China used flaws in the code of Microsoft’s Exchange software to break into tens of thousands of organizations. In a breach disclosed in December 2020, suspected Russian hackers compromised popular software from Texas-based firm SolarWinds Corp., inserting malicious code into updates for SolarWinds software, an attack that also impacted Microsoft and many of its customers.

In October, Redmond, Washington-based Microsoft said the hackers behind the SolarWinds cyberattack were engaged in a fresh campaign to compromise global networks by targeting the technology supply chain, including resellers and providers of cloud technology.

(Updates with share prices in second paragraph.)

©2022 Bloomberg L.P.