Incident & Breach Response , Next-Generation Technologies & Secure Development , Security Operations

Execs Say Google-Mandiant Deal to Merge Threat Intel, SecOps

Google's Intel Is Reactive No More. Mandiant Helps Folks See What Hackers Are Doing
Execs Say Google-Mandiant Deal to Merge Threat Intel, SecOps
Mandiant CEO Kevin Mandia and Google Cloud CISO Phil Venables (Image: Google)

The Google-Mandiant marriage will create a threat intelligence and security operations powerhouse capable of addressing the entire life cycle from prevention to remediation, company executives said.

See Also: Webinar | Accelerate your SOC with AI-driven security analytics with Elastic and Google Cloud

The Silicon Valley-based public cloud giant today has security monitoring tools that are more reactive in nature, combing through data and events to figure out what went wrong and how to best respond, says Google Cloud CISO Phil Venables. In contrast, Mandiant takes a more proactive approach, looking at an organization's attack surface and validating how well existing security tools work when an incident happens.

"Bringing these together gives us an end-to-end security operations stack," Venables says during a news conference leading up to the annual Google Next event this week. "Because of that synthesized intelligence about what attacks are happening, we can forewarn customers about the things they need to be looking for."

Venables and Mandiant CEO Kevin Mandia spoke with members of the media less than a month after Google completed its $5.4 billion acquisition of Washington, D.C.-area threat intelligence and incident response superstar Mandiant. Google will marry Mandiant's capabilities with SOAR provider Siemplify - which the company bought in January for a reported $500 million - and file and URL analyzer VirusTotal.

"We're hopeful that by taking what Mandiant does so well and layering Google's cloud capabilities on top, we're going to deliver an end-to-end threat intelligence and cybersecurity operations suite for our customers," Venables says. "It really is going to be complementary and compelling."

More Than Just the First Responders

Venables says the industry tends to think of Mandiant as the company to call for help with a breach or security incident, but businesses are increasingly calling Mandiant for help with how to configure their IT environment to avoid security incidents. The combined Google-Mandiant capabilities should defeat whole classes of vulnerabilities before they become an issue for customers, according to Venables (see: John Watters on Why Google and Mandiant Are Better Together).

"Mandiant doesn't get calls for the breaches that are simple," Mandia says during the first news conference since completing the sale to Google on Sept. 12. "We get called when the breaches that we all read about are at a scale and scope and complexity where folks need help. And if we can take that Mandiant expertise of finding the needle in the haystack every day and automate it, that's what everybody wants. And that's what we can do with Google Cloud."

From a security operations perspective, Venables says Google brings SIEM and SOAR capabilities to the table while Mandiant delivers broad incident, exposure management and threat intelligence expertise. And from Mandiant's perspective, Mandia says, becoming part of Google will allow the firm to amplify its knowledge and capability to stop the most current attacks that organizations have to deal with.

"You can take what Google Cloud has and marry that with our frontline expertise to give our customers what they want: the most immediate knowledge about threat actors and how to defend against new and novel attacks."

Bringing Security Validation to the Masses

Mandia is particularly excited to make the company's validation capabilities more readily accessible as part of Google, taking advantage of Mandiant's experience red teaming its own networks every 90 days. What really matters in the boardroom isn't compliance but rather whether businesses can stop the attacks that are coming their way, and if not, what's being done to address those shortcomings, he says.

"Every services person we have, they can help two or three customers today," Mandia says. "But if we can automate their expertise, we can help millions of people every day. And that's our goal."

Being part of Google will advance Mandiant's commitment to being controls-agnostic and supporting a plethora of endpoint and network security products regardless the manufacturer, Mandia says. Mandiant had for years been tethered to FireEye's network, endpoint and email security products, but that changed last year when the FireEye business was sold to Symphony Technology Group (see: The Switzerland of Security: Why Being Independent Matters).

"Our product will take telemetry from hundreds of products, and we're going to be able to adjudicate and make decisions around what business logic to put on top of all of it," Mandia says.

The combined security operations platform will be open to defending all clouds - including Amazon Web Services and Microsoft Azure - as well as on-premises and hybrid environments, Mandia says. Mandiant won't make any effort in their consulting or incident response engagements to steer customers toward products that are manufactured by Google, according to Mandia.

"You really do have to tailor as a consultant the answers to the specifics of each individual customer's needs," Mandia says. "So that's what I meant by Mandiant being Mandiant. You're not going to be handed a script. It's you genuinely solving the problem your customers have."

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.