Google added a Security Command Center Enterprise platform to unify the management of security operations (SecOps) to its Mandiant portfolio of services.
Security Command Center Enterprise is based on a data lake running in the Google Cloud that is integrated with a risk analytics engine and the Google Gemini generative artificial intelligence (AI) chatbot.
Rob Sadowski, Google Cloud trust and security product lead, said Google then adds threat intelligence data (which Google gained with its acquisition of Mandiant) to that security fabric. Doing so enables security teams to prioritize tasks using a combination of guidance surfaced by both AI and security professionals. The goal is to combine the capabilities of a security information event management (SIEM) platform with a security orchestration automation and response (SOAR) framework so organizations can modernize SecOps across multiple clouds computing environments.
It’s not clear at what rate organizations are centralizing SecOps via the cloud. However, in the AI era, it’s all but inevitable many will. The data required to train AI models to perform security tasks requires access to a data lake capable of storing petabytes of data. Platforms such as Google Gemini then make it possible to both investigate threats using a natural language interface and invoke reasoning engines to automate tasks.
That approach doesn’t eliminate the need for cybersecurity professionals, but it does provide a level of augmentation that enables existing teams to manage SecOps at higher levels of scale. In fact, Google via its Mandiant service is now providing a mix of capabilities based on AI and the expertise of the security professionals it hires.
Each organization needs to determine to what degree it is willing to depend on the managed security services provided by Google, as compared to hiring its own security teams But regardless of approach, many low-level tasks that can make cybersecurity tedious are about to be automated. In theory, that should create more time for cybersecurity teams to proactively identify and remediate vulnerabilities and respond more adroitly to cybersecurity attacks in progress.
Less clear is to what degree shifting to a cloud-based approach to managing SecOps reduces costs. There’s no doubt that the cloud presents an opportunity to rationalize a range of security platforms and tools that internal cybersecurity teams need to deploy, integrate and manage. At the same time, it’s also easier to consume cloud services so as security improves the total cost of cybersecurity could just as easily increase. The level of risk an organization is willing to assume will in most cases ultimately determine how many cloud-based services might be required.
In the meantime, cybersecurity teams can safely assume the volume and sophistication of the cyberattacks being launched against them will increase as cybercriminals similarly take advantage of automation and AI. Like it or not, when it comes to cybersecurity, just about every organization is now caught up in an AI arms race.
Recent Articles By Author