News

Google Melds AI-Powered SecOps with Human Experts in New Security Command Center

• By David Ramel
• 03/19/2024

Google introduced a new cloud security offering that melds the cloud giant's AI-powered SecOps tech with Mandiant's on-call human threat experts.

Google's Security Command Center Enterprise was introduced last week, described as "the industry's first cloud risk management solution that fuses proactive cloud security and enterprise security operations -- supercharged by Mandiant expertise."

Designed for multicloud environments, it builds on the 2018-era Cloud Security Command Center in a packaged, multi-component solution that seeks to integrate often-separated cloud-native security initiatives with broader, all-encompassing enterprise security systems.

"Built on our Google security fabric, Security Command Center Enterprise can help to break down the silos of tools, teams, and data that separate cloud security and enterprise security operations," Google said. "It prioritizes cloud risk management by integrating the critical response capabilities of modern SecOps with threat intelligence from Mandiant, so organizations can identify high-risk issues and drive accountability for keeping their multicloud environments safe."

Mandiant, which Google acquired in 2022, supplies human expertise as part of its Mandian Hunt threat hunting service that last year was integrated with another Google product, Chronicle Security Operations.

Mandian Hunt's on-demand human expertise can become an extension of internal security operations teams, Google said.

"It makes hundreds of elite-level analysts and researchers available on-call to proactively find elusive threats that evade traditional mechanisms. It can help to close the skills gap, too, reducing the need for hiring expensive talent and investments in specialized tooling."

The multicloud focus of the command center means capabilities added to the original offering to help organizations secure Google Cloud, Amazon Web Services and Microsoft Azure environments. Those capabilities make for a long list:

• Agentless and agent-based vulnerability management for finding security weaknesses in virtual machines, containers, and more
• Security posture management to uncover cloud misconfigurations that could create to gaps in defenses
• Threat detection using specialized technology built into the cloud infrastructure, and threat rules and indicators of compromise (IOCs) curated by Mandiant incident response teams and threat researchers
• Integrated response workflows to efficiently remediate threats, misconfigurations, and vulnerabilities
• Attack path visualization for understanding resource relationships and methods that attackers could use to infiltrate your environment
• Google-recommended preventative and detective security controls designed for AI workloads
• Posture and governance controls giving DevOps and DevSecOps teams the ability to design and monitor security guardrails for their cloud infrastructure
• Cloud Identity and Entitlement Management (CIEM) for managing identities and privileges to help organizations move to a least-privileged access security model
• Data security posture management (DSPM) for finding, categorizing, and managing sensitive data in cloud environments
• Shift-left security capabilities for discovering issues before runtime. These include our Assured Open Source Software, that can provide developers with access to thousands of software packages tested and validated by Google, and infrastructure as code (IaC) scans of files and CI/CD pipelines to help identify resource violations

The idea of joining human expertise with automated security tech in a single solution isn't new, as Microsoft last year did much the same thing in announcing Microsoft Security Experts. "Technology alone is not enough to defend against cybercrime," said Microsoft at the time. "Technology is critical, but it's the combination of leading technologies, comprehensive threat intelligence, and highly skilled people that makes for a truly effective security posture."

Pricing isn't yet available for Google's new offering, as the March 12 announcement said Security Command Center Enterprise was expected to become generally available within the coming weeks as a subscription featuring cloud workload-based pricing.

Much more will be revealed during next month's Google Cloud Next '24 event, which includes several technical breakout sessions about the command center.