Incident and Breach Response, Next Generation Technologies and Secure Development, Security Operations
Google’s Intel is no longer responsive. Mandiant helps people see what hackers are doing
Michael Novinson (MichaelNovinson) •
October 11, 2022
The Google-Mandiant marriage will create a threat intelligence and security operations powerhouse capable of addressing the entire lifecycle, from prevention to remediation, company executives said.
The Silicon Valley-based public cloud giant now has security monitoring tools that are more reactive in nature, combing through data and events to determine what went wrong and how to respond. at best, says Phil Venables, CISO of Google Cloud. In contrast, Mandiant takes a more proactive approach, examining an organization’s attack surface and validating that existing security tools are working properly when an incident occurs.
“Bringing them together gives us an end-to-end security operations stack,” Venables said at a press conference ahead of the annual Google Next event this week. “With this synthesized information about the attacks that are occurring, we can alert customers to what to look out for.”
Venables and Mandiant CEO Kevin Mandia spoke to members of the media less than a month after Google completed its $5.4 billion acquisition Mandiant, threat intelligence and incident response superstar in the Washington, DC area. Google will marry Mandiant’s capabilities with SOAR provider Siemplify — which the company bought in January for $500 million — and file and URL scanner VirusTotal.
“We hope that by taking what Mandiant does so well and adding Google’s cloud capabilities, we will provide our customers with an end-to-end cybersecurity and threat intelligence operations suite,” Venables said. . “It’s really going to be complementary and compelling.”
More than first responders
According to Venables, the industry tends to think of Mandiant as the company that calls for help in the event of a security breach or incident, but more and more companies are calling on Mandiant to find out how to configure their IT environment to avoid security incidents. Google-Mandiant’s combined capabilities should defeat entire classes of vulnerabilities before they become a problem for customers, according to Venables (see: John Watters explains why Google and Mandiant go better together).
“Mandiant isn’t getting calls for simple violations,” Mandia said at the first press conference since the sale to Google closed on Sept. 12. “We are called upon when the violations we have all heard of are of a scale and scope and complexity where people need help. And if we can use this Mandiant expertise to find the needle in the haystack every day and automating it is what everyone wants. And that’s what we can do with Google Cloud.”
From a security operations perspective, Venables says Google brings SIEM and SOAR capabilities to the table while Mandiant offers extensive incident, exposure and threat intelligence management expertise. And from Mandiant’s perspective, Mandia says, being part of Google will allow the company to amplify its knowledge and ability to stop the latest attacks facing organizations.
“You can take what Google Cloud has and combine it with our frontline expertise to give our customers what they want: the most immediate insights into threat actors and how to defend against new and innovative.”
Bringing Security Validation to the Masses
Mandia is particularly excited about making the company’s validation capabilities more readily available as part of Google, leveraging Mandiant’s experience in linking its own networks every 90 days. What really matters in the boardroom is not compliance, but rather the ability of companies to stop brewing attacks, and if not, what is being done to address these shortcomings, he said.
“Every service person we have can help two or three customers today,” Mandia says. “But if we can automate their expertise, we can help millions of people every day. And that’s our goal.”
Being part of Google will reinforce Mandiant’s commitment to being independent of controls and supporting a plethora of endpoint and network security products, regardless of manufacturer, Mandia says. Mandiant had been tied to FireEye’s network, endpoint and messaging security products for years, but that changed last year when the FireEye business was sold to Symphony Technology Group (see: The Switzerland of security: why being independent is important).
“Our product will take telemetry from hundreds of products, and we’ll be able to arbitrate and make decisions about what business logic to put on top of it all,” Mandia said.
The combined security operations platform will be open to defending all clouds — including Amazon Web Services and Microsoft Azure — as well as on-premises and hybrid environments, Mandia said. Mandiant will make no effort in its consulting or incident response missions to direct customers to products made by Google, according to Mandia.
“As a consultant, you really have to tailor responses to the specifics of each client’s needs,” Mandia says. “So that’s what I meant by Mandiant being Mandiant. You’re not going to get a script. You’re the real problem solver for your customers.”