Cloud Security, Security Architecture, Threat Management, Security Strategy, Plan, Budget

5 benefits Google Cloud Platform customers may get from the Mandiant acquisition  

A sign is posted outside of the Google booth during CES 2019 at the Las Vegas Convention Center on Jan. 8, 2019. Google Cloud Platform customers stand to benefit from the company’s acquisition of cybersecurity firm Mandiant. (Photo by Justin Sullivan/Getty Images)

When Google announced its intentions to acquire Mandiant in March, security analysts said Google’s $5.4 billion deal gives the large cloud provider a sought-after edge in security services and threat intelligence, even as it lays to rest earlier claims of independence by Mandiant.

The Google Cloud Platform still ranks as much younger and smaller in market share compared with AWS and Microsoft Azure, though it has been growing. Statistica reports that the Google Cloud Platform had 9% market share at the end of 2021 versus 7% market share at the end of 2020.

Now that some time has passed, we asked people in the industry how having Mandiant integrated into the Google Cloud Platform will help Google customers. Here’s some insight from the experts:

Alberto Yépez, co-founder and managing director of Forgepoint Capital, said Mandiant brings unique experience and proprietary knowledge of cybersecurity breaches since 2008. The company has first-hand knowledge of the techniques, tools, and craftsmanship from the most sophisticated hackers in the world, including state-sponsored teams. They also have accumulated one of the most valuable repositories of threat intelligence data used in these breaches.

More important, Yépez said Mandiant brings credibility and cyber DNA to Google in the cybersecurity community.

For its part, Yépez said Google can use AI/ML to embed Mandiant’s data and intelligence into their cloud offering, as well as their applications (e.g., Google Suite) to detect and prevent future breaches. This will allow them to do the following:

Automate breach response steps

Yépez said security teams can now collect the appropriate data that can be shared across Google customers to inform others of specific attacks launched by many ransomware as a service outfits.

Bring new ideas and products to market

Under the leadership of Thomas Kurian, Google Cloud has begun taking cybersecurity serious by recruiting people like Phil Venables, a well-respected CISO of many leading financial institutions. Now Kevin Mandia and his team can drive relevant cybersecurity offerings in all their products, including Gmail (most ransomware attacks start with email phishing and BEC attacks). Yépez said interesting products and solutions will happen when people like Kurian, Venables and Mandia work together.

Build a comprehensive security offering

Chronicle is Google’s security information and event management (SIEM). Siemplify, Google’s security orchestration, automation and response (SOAR), automates the SIEM, while VirusTotal is a detection engine fueled by open-source intelligence (OSINT). Mandiant adds threat intelligence and incident response resources.

Davis McCarthy, principal security researcher at Valtix, said there’s a high demand for detection automation and security experts.

Bring a focus on prevention vs. response

Dave Cundiff, CISO at Cyvatar, said if Google simply allows for the Mandiant approach to be added to the current cloud services, he does not believe it will have a significant impact. However, if Google, as one of the leaders in data science, can progress and move forward the ability to prevent the unknown vectors of attack before they happen based upon the mountains of data available from previous breaches investigated by Mandiant, there could truly be a significant advancement in cybersecurity for its cloud customers. 

Offer customers security experts who understand data breaches right from the start

Craig Robinson, program director for security services at IDC, said  companies don’t want the first time they see Mandiant to be to respond to an incident. He said customers want to meet with them before and do detailed table-top exercises.

“And those exercises are no longer just the domain of cybersecurity professionals,” Robinson said. “It’s no longer a pure technology play. The board of directors, legal counsel, and operations people are now involved with the cyber team to walk through how they will respond when the next big event occurs, whether its ransomware or the destructive malware that you are seeing in the Russia-Ukraine conflict.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.