Google Cloud Is Building Its Cybersecurity Muscle

The acquisition of Mandiant will boost Google Cloud’s security capabilities—and help it compete with Amazon and Microsoft.

Google has made a move intended to significantly enhance the company’s cybersecurity offerings by acquiring Mandiant, a cyber defense and response company. Mandiant delivers frontline cybersecurity expertise and threat intelligence through Mandiant Advantage, a multi-vendor Extended Detection Response (XDR) platform.

When the deal closes, Mandiant will join Google Cloud.

A Mandiant Advantage screenshot. (Image courtesy of Mandiant).

A Mandiant Advantage screenshot. (Image courtesy of Mandiant).

What Is XDR?

XDR is a vendor-specific security threat detection and incident response tool, based on the Software-as-a-Service (SaaS) model, that integrates multiple licensed security products into a single operations system.

Cyber threats can invade from a variety of sources—basically anything connected to the internet. These threats can evade detection and hide in weak spots in an organization’s data management structure, such as security silos. XDR is designed to break down those silos by implementing a holistic approach to detection and response across an organization’s entire technology architecture. The technology helps optimize security operations center (SOC) performance by gathering insights and data from across the enterprise into one place for analysis and response to threats.

Demand for XDR is growing in response to the increasing frequency and sophistication of cyberattacks.

What Does Mandiant Add to Google Cloud?

“Cybersecurity is a mission, and we believe it’s one of the most important of our generation,” said Kevin Mandia, CEO of Mandiant. “Google Cloud shares our mission-driven culture to bring security to every organization. Together, we will deliver our expertise and intelligence at scale via the Mandiant Advantage SaaS platform as part of the Google Cloud security portfolio. These efforts will help organizations to effectively, efficiently and continuously manage and configure their complex mix of security products.”

Google Cloud already provides cloud-native security offerings. These include BeyondCorp Enterprise for Zero Trust, VirusTotal for malicious content and software weaknesses, and Chronicle for security analytics and automation. These products are combined with services such as Security Command Center, which helps organizations detect and shield themselves from cyberattacks, and Google’s Cybersecurity Action Team of advisors and analysts.

While Google Cloud offers cybersecurity products and services, it’s been suggested in the space that it has work connecting them all into an end-to-end solution. Enter Mandiant, which will enhance Google’s capabilities with real-time threat intelligence and make Google Cloud nimble in preventing and responding to cybersecurity threats.

As a part of Google Cloud, Mandiant Advantage will help its customers stay protected throughout the security life cycle—and some of Mandiant’s products already align with Google’s.

Mandiant provides advisory services, including comprehensive incident response, strategic readiness and technical assurance to help customers manage threats and reduce business risks before, during and after an incident. Mandiant’s threat detection and intelligence capabilities also provide real-time actionable insights into the threats that enterprises are facing at any moment. The company’s automation and response operations tools, which can already operate within Google Cloud’s Chronicle, as well as Mandiant’s Automated Defense product, leverages Mandiant’s expertise by allowing it to operate as a virtual extension of an enterprise’s security teams to help customers analyze, prioritize and streamline their threat response. In addition, Mandiant’s Security Validation testing and validation function will help customers continuously measure the effectiveness of their cybersecurity controls both in the cloud and on-site. Security Validation already complements Google Cloud’s Security Command Center. Finally, Mandiant’s managed threat detection and response service, which can seamlessly extend customers’ existing security teams, delivers continuous monitoring, event triage and threat hunting services. These services are agnostic to the endpoint and network tooling of the customer.

“This is an opportunity to deliver an end-to-end security operations suite and extend one of the best consulting organizations in the world,” said Thomas Kurian, CEO of Google Cloud. “Together, we can make a profound impact in securing the cloud, accelerating the adoption of cloud computing, and ultimately make the world safer.”

If the acquisition of Mandiant is completed, Google Cloud will have taken a big step toward being a full-service provider across the broad spectrum of the cybersecurity technology sphere. To that point, one of Mandiant’s advantages is its advisory services—the company has 600 consultants and 300 intelligence analysts who respond to security incidents.

Mandiant’s automation capabilities may also have been of particular interest to Google. Automation in cybersecurity has the potential to reduce the lag between when a breach takes place and when it’s been detected—a concept known as dwell time—which could be as little as minutes or as long as weeks or even months.

How Will This Move Influence the Cybersecurity Market?

Industry experts have noted that Mandiant’s proven capability as an 18-year operator in the cybersecurity sector wasn’t the only reason Google bought the company. It also wants to prevent Microsoft from buying the company.

Google currently trails its competitors Amazon Web Services (AWS) and Microsoft Azure in the worldwide cloud market share. According to Statista, AWS occupies 33 percent of the market and Microsoft claims 21 percent, with Google coming in a distant third at 10 percent. The purchase of Mandiant is anticipated to pressure Google’s competitors into enhancing their cloud platforms with mergers and acquisitions of their own—meaning we might be seeing smaller cybersecurity specialist companies being snatched up by the big players.

It’s a timely move in response to the growing cybersecurity challenges that businesses and organizations face. Cyberattacks are becoming more common and are increasing in severity and diversity. In fact, attacks that were in the past directed at governments are now being used to target companies in various industries.

The acquisition needs to be approved by regulators and Mandiant’s shareholders. It is anticipated to close later in 2022 and could have a profound impact on the cybersecurity marketplace.

Read more about the evolving world of cybersecurity at Compounding Risks: Cyber Security Concerns for Modern-Day Manufacturers.