In this episode of "State of Enterprise IT Security," hosted by Brad Bussie, Chief Information Security Officer at e360, the focus is on Google's approach to cloud security through its Security Operations (SecOps). Brad explores how Google is redefining traditional cybersecurity strategies with a multilayered defense that leverages the cloud. He discusses the evolution from conventional perimeter-based defenses (castle and moat) towards more dynamic, integrated solutions that address the complexities and relentless progression of cyber threats in the cloud era.
Brad discusses the role of AI and automation in streamlining threat detection, investigation, and response, emphasizing how these technologies save time and enhance the efficiency of security operations. He highlights Google’s strategic acquisitions, like Mandiant and VirusTotal, which enrich Google's SecOps with advanced threat intelligence capabilities. Furthermore, Brad discusses the broader applicability of Google's security innovations across various cloud environments, not just confined to Google Cloud, portraying it as a robust, scalable command center equipped for modern cybersecurity challenges.
Listen to the Episode:
Transition to Cloud-Native Security Models:
Google is pioneering the transition from traditional security models to cloud-native solutions, focusing on multilayered defenses that are more adaptive to the digital landscape.
Simplification Amidst Complexity:
Integration of AI and Automation:
Multi-Cloud Capabilities:
Leverage of Strategic Acquisitions:
Educational Insight on Modern Security Operations:
S1 EP. 20 Google's Multilayered Cloud Defense and SecOps Innovations
[00:00:00]
[00:00:00] Brad Bussie: imagine you have an augmented intelligence that's constantly analyzing security data.
[00:00:08] Brad Bussie: It's automatically detecting threats. And it's saving security analysts tons of hours of work. And really that's the power of AI in action. And I like how Google security operations has taken full advantage of it. All right.
[00:00:32] Brad Bussie: Hi, everyone. And welcome back to the State of Enterprise IT security edition. I'm your host, Brad Bussie, chief information security officer at e360. Today is a little bit different than our regular podcast. I wanted to actually talk to you about.
[00:00:51] Brad Bussie: Something specific one topic, and it's going to be Google Security Operations and outline how Google is approaching multilayered defense in the cloud.
[00:01:05] Brad Bussie: Now, the ever present challenge of cyber security in the cloud era demands what I would say is constant vigilence and traditional security tools and solutions, they often resemble something like a fortress with some crumbling walls. And some of that's our fault, from an industry perspective, as we are moving away from the perimeter.
[00:01:35] Brad Bussie: And some of the things that we would think of as the, what, what many call the castle and moat protection strategy. And we're honestly just struggling to keep pace with the relentless evolution of cyber threats. I would like to take a look and you know, I don't normally endorse any [00:02:00] specific technology, but what, what I like to do is talk about how organizations are doing it right in my perspective.
[00:02:09] Brad Bussie: And I think today, just talking about Google security operations and the platform. Giving you a little information about that pretty high level and just talk about how they are building that we'll call it a fortress in the cloud. So imagine the crumbling walls. But now imagine that fortress instead. So What I think would be helpful is looking at the security operations landscape, and I think of this, and it might just be all the time spent supporting the Department of Defense.
[00:02:48] Brad Bussie: But I think of it as a pretty complex battlefield, and when we look at complexity, that is definitely the enemy when it comes to security. Security should be simple. And the challenge is not making it simpler. So before we delve into the Google offerings, let's revisit some of the fundamentals.
[00:03:16] Brad Bussie: Now security operations, or as many of you will hear it SecOps for short, it refers to a critical function of safeguarding your organization from cyber attacks.
[00:03:30] Brad Bussie: Now, imagine a complex battlefield where SecOps teams wage a continuous war against cyber threats. And this war involves a three act play known as TDIR, Threat Detection, Investigation, and Response. And traditionally SecOps teams [00:04:00] rely on a pretty complex mix of tools and manual processes to manage this cycle.
[00:04:07] Brad Bussie: And they're often feeling like they're blindfolded with one hand tied behind their backs.
[00:04:14] Brad Bussie: Now, when I look at how Google has kind of redefined this segment as a cloud native, and you can even think of it as a revolution because it is cloud first. And. Google SecOps, think of it as a cloud native platform, meaning it's built specifically for the modern cloud environment and imagine a complete SecOps toolkit designed from the ground up for that digital battlefield that we're talking about, and Google security operations, they focus on streamlining that entire TDIR process, like I talked about, and they're centralizing the security posture and then they're offering.
[00:05:06] Brad Bussie: And this is what I think a lot of people don't know about the Google solution is that it is for a cloud environment, but it's not just the Google cloud environment. It's it's multi cloud. So think of this as a command center, and it's equipped with tools and technology. And I would say for a lot of organizations, it's giving them an advantage.
[00:05:34] Brad Bussie: And we'll talk a little bit about advantage from some of the acquisitions that Google has made over the past couple of years. So I like to look at this as a, as kind of like a powerhouse trio. You've got Google Cloud, you have AI, and then you have Threat Intelligence.
[00:05:52] Brad Bussie: So if I'm looking at this and thinking, well, what makes the Google security operation solution stand out?
[00:05:58] Brad Bussie: I mean, I think that there's a [00:06:00] couple of things to note first, the cloud infrastructure, and I think if you look at the global scale of Google, I mean, this translates into ingesting and analyzing massive amounts of security. Telemetry and information. And I like it cause it's like no more building and maintaining your own security infrastructure.
[00:06:26] Brad Bussie: Google can do that for you. And for, for me, I look at this as freeing up resources in the organization and I can have them do other things. So imagine this is kind of your foundation of the security posture and the ability to scale your defenses. And honestly, that's the only way any of us are going to survive the next, we'll say, five years with how prolific AI is becoming and how attackers have adopted it.
[00:07:01] Brad Bussie: to leverage for attacks. So that kind of leaves me to the second piece of this, which is AI and automation. And I think of this as still having like a sidekick. I'm not replacing anything. I'm just making things better. So imagine you have an augmented intelligence that's constantly analyzing security data.
[00:07:24] Brad Bussie: It's automatically detecting threats. And it's saving security analysts tons of hours of work. And really that's the power of AI in action. And I like how Google security operations has taken full advantage of it. I talked a little bit before about when I was at Google next and how I really, it was a lot of AI talk at the conference, but the way that that Google is pulling in Gemini.
[00:07:54] Brad Bussie: Which is a big part of their GenAI into [00:08:00] becoming a security sidekick. It really it's freeing teams to focus on more strategic tasks and it's helping in things like threat hunting, incident response. And I, I look at it as having a lot of extra pairs of eyes. That are constantly scanning that battlefield.
[00:08:19] Brad Bussie: We've been talking about. And what are they looking for potential threats? And really, that's the name of the game. So some of the things that that you may not know.
[00:08:29] Brad Bussie: So I'll just I'll just go over them quickly is there's a way of doing unified threat defense with Google and their Mandiant acquisition as well as VirusTotal.
[00:08:41] Brad Bussie: And I know most of you are probably familiar with Chronicle, Siemplify, which is the SOAR solution. All of this now is being combined into the, the whole Google SecOps suite. So I look at this as like a comprehensive Intelligence network and you're getting things like Google threat Intel. This has a lot of, I think in the industry, you could think of this as, as unparalleled global reach.
[00:09:17] Brad Bussie: And that's just really because Google has that unique view of the threat landscape. And this translates into real time insights into emerging attacks and some of the latest tactics used by cyber criminals. And then I think of how they're tying this in with, with the Mandiant expertise. And I think everyone knows Mandiant as the leading name in cyber defense.
[00:09:44] Brad Bussie: And they're bringing their, we'll keep with the battle analogy. They're bringing their battle tested threat intelligence and their expertise to the table. And their, their team of security professionals, they spend a lot of time [00:10:00] tracking threat actors, the threat actors techniques, and then they're giving insights into the minds of the enemy.
[00:10:09] Brad Bussie: And they even have some tooling now, which does attack surface management as well as security validation. So it's not just the Mandiant experts anymore. It's also the threat intelligence and the expertise. And then you've got VirusTotal and think of this is like a massive online community of security researchers.
[00:10:33] Brad Bussie: People are contributing, they're looking at potential threat indicators, like we'll just say, files, URLs, things that are uploaded. Hey, take a look at this. What? What does this look like? Yeah, that's malicious gets pulled into the database. And then that's all real time fed back to defenders. And I think this is most important because the battlefield landscape is changing and it's changing all the time.
[00:11:01] Brad Bussie: So when I'm combining the really those three intelligent sources, and that's that's something that I recommend always, even if it's not the Google solution, don't just go with one intelligent source, go with multiple intelligent sources. Because that only makes it better, especially when they can correlate and you can start to see that there there is a real threat or risk to your organization.
[00:11:27] Brad Bussie: So I think of this as a security team having a clear advantage and allowing for a more proactive and effective defense. And it's, it's like having a global network of informants that are feeding you that critical intel about the enemies movements. And if, if we're sticking with the battlefield analogy, which, which I, I think we are, I look at this as like part of your security [00:12:00] arsenal.
[00:12:01] Brad Bussie: So if I'm looking at this from the tool perspective, not just the solution, look at Google security operations and some of the things that come with it as a suite of tools. And the first component of this is the SIEM. So security information and event management. And why is this important? Well, this is the central hub that ingests data from various sources.
[00:12:33] Brad Bussie: Some of them are security sources. Some of them are just events and providing that unified view of your security posture. And this is how we can do a lot of our real time threat detection. And think of this as the central intelligence center that's gathering information from all fronts. I think the next important piece of this is SOAR, which is security orchestration, automation and response.
[00:13:05] Brad Bussie: Now, imagine all the things that we've talked about, but being able to automate repetitive tasks and streamlining response to security incidents. SOAR typically empowers a security team to focus on critical issues because they're automating routine tasks. And some of those routine tasks are like isolating a compromised system, because it has a vulnerability, or there's a patching issue.
[00:13:38] Brad Bussie: Honestly, it's like having a well trained soldier on the front line that is then freeing up your commanders, think of them as like your security analysts, and you're focusing on strategic decision making. Now, another piece of this is advanced threat [00:14:00] detection, and this is where some of the things that we've looked at from Google's AI, as well as the machine learning capabilities, it's giving that advanced Threat detection and some of the features and the important ones are like anomaly detection, behavior analysis, threat hunting, and this gets us into being able to look at sophisticated attacks and responding to those and think of this.
[00:14:34] Brad Bussie: If you have a small team, how would you do that without I'm a advanced threat detection capability. So like imagine having this network of highly trained scouts constantly searching for enemy activity. And even if that activity is cleverly disguised now, attack surface management, really it's, it's all about knowing your weaknesses and a critical aspect of defense is understanding your attack surface.
[00:15:09] Brad Bussie: Now, Google security operations, they, they offer attack surface management capabilities. And this is really to help identify and manage all of those potential entry points for attackers. So this one is definitely important because if they don't have a way in. What are they going to actually do now? Think of this as as rigorously inspecting those fortress walls that we were talking about, because we're looking to identify any weaknesses before our enemy does.
[00:15:44] Brad Bussie: And then security validation. This is just regularly testing our defenses. So what does our military do? They constantly drill. They are constantly conducting drills. They are doing things like, [00:16:00] validation. Do we have all of our stuff together? So I look at Google SecOps as offering that security validation tool that, that helps test defenses and then identify areas of improvement just because we fail in a test of those defenses. That doesn't necessarily mean that's a bad thing. That's actually a good thing because we found it before the attacker. So imagine regularly testing our, our troops and fortifications to ensure they are prepared for any assault.
[00:16:43] Brad Bussie: And then taking this one step further, you know, I talked about what's the advantage? And I look at this as as the Mandiant Advantage, clever, clever play on the name, because this takes threat intelligence and incident response beyond, and the reason is, is none of this stops at threat intelligence. as well as like, what's the next piece?
[00:17:08] Brad Bussie: Well, a lot of time it's responding to an incident. There's, there's ways to prevent and keep some of this in more of that middle ground. So if you're breaking down some of the other capabilities inside of the Google suite, Mandiant has a managed defense capability, which is continuous monitoring and threat hunting.
[00:17:33] Brad Bussie: A lot of you may look at this as MDR. that managed detection response. So look at this as having a dedicated security team that's monitoring your defenses. They're hunting for threats. They're giving your security team that, that support that they need and some, maybe some expertise that you don't have.
[00:17:56] Brad Bussie: And think of this as having that highly trained [00:18:00] elite squad, continuously patrolling your borders and actively searching for an enemy or somebody that's trying to infiltrate.
[00:18:11] Brad Bussie: And I would say based on the discussion, I mean, I think you're starting to see that there's, there's a solution here for just about any need when it comes to cyber security. And if you're thinking of this from a well, does this fit my organization and the size of my organization? I would say, you know, based on on what we're looking at it, it really does fit all organizations of all sizes. Really, it's it's whether you have a simple environment. With a low volume of data, or you've got a super complex one with constant security alerts.
[00:18:58] Brad Bussie: There is a solution within the Google security operations to scale with with what your needs are. And this ensures you have the right security posture. really regardless of the size or complexity of your environment.
[00:19:14] Brad Bussie: Now, if I'm going to wrap all of this up, I look at this again as building a fortress in the cloud, and this is a dynamic fortress.
[00:19:25] Brad Bussie: It's not those old walls with with the castle and the moat. It's, it's that powerful, AI driven SecOps platform, and it empowers your organization to build. That comprehensive dynamic defense in the cloud, it combines the scale of what Google cloud is already doing and has been doing adds the power of of AI and automation. So a lot of those advances that Google's made in the [00:20:00] past 3 to 5 years. And then the threat Intel expertise of not just Google, but Mandiant and VirusTotal. So you're getting Google, Mandiant, and then the crowd. And the, the suite of integrated security solutions that we talked about, like the, the Mandiant advantage component, Google security operations overall.
[00:20:26] Brad Bussie: I think, you know, you combine all of this and you're pretty well set up to defend against most of the modern threats. And if you're looking to take your security posture to the next level, this, this is something to consider. Do your research. It is a compelling solution. I've spent a lot of time with it.
[00:20:47] Brad Bussie: Like I said, in a, in a previous podcast, I spent a lot of time at Google Next. So I got hands on with a lot of this and I got to speak with a lot of the leaders and see the direction of the solution. And. Now that everything is merging together under that, that one roof, it's gotten me pretty excited about it.
[00:21:10] Brad Bussie: Mainly because we'll, we'll stick with the battlefield, reference the, the cyber war is, is ever evolving. And when you look at
[00:21:24] Brad Bussie: cyber threats, I think vigilance is 100% The key. And that's why security operations is so important. And I think if you consider Google and Google security operations, you will have that that powerful arsenal at your disposal to keep your data as well as your system safe. So thank you for joining me. And I look forward to the next time on the State of Enterprise IT security Edition.