Google elevated Chronicle on Tuesday to be its marquee brand for its growing suite of security operations software and said it has no plans to change the strategy or branding for Mandiant, which it formally acquired in September for $5.4 billion.
Mandiant strengthens Google Cloud’s ability to contextualize and analyze the data it collects on every major threat actor and incident, Google Cloud VP and CISO Phil Venables said via email. He described it as a natural and complementary pairing that requires no changes.
Google is on a mission to become a standalone and all-inclusive security brand, and executives shared multiple updates prior to Google Cloud Next that bolster that vision.
Capabilities housed under Chronicle are more of a reactive defense designed to help customers sift through data and hunt threats to understand what went wrong and how to stop attacks, according to Venables.
“With Mandiant, we become proactive — we can use validation to see how well customers' current security tools are working, look at the attack surface for holes and gaps, take what Mandiant knows via their incident response programs and figure out how we can stop those threats from impacting our customers, proactively,” he said.
“Acquiring Mandiant inherently helps us become a proactive force,” Venables said.
Google’s reorganization includes the formation of Chronicle Security Operations, which combines Chronicle, its security information and event management technology, with the security orchestration, automation and response capabilities it acquired through Siemplify earlier this year.
Siemplify is now Chronicle SOAR and the security analytics capabilities have been rebranded as Chronicle SIEM. Google intends to lean on Mandiant to bring additional threat intelligence and incident response and exposure management to the Chronicle unit.
“Over the coming quarters, you’ll see a greater investment in new proactive offerings to better help us provide an end-to-end security operations stack for our customers,” Venables said. “Mandiant is helping us complete a big piece of the security puzzle, and we’re now better equipped to help our customers detect and respond to threats than ever before.”
Google also introduced Software Delivery Shield, its latest effort to improve software supply chain security with a fully managed offering that includes capabilities for application development, supply, CI/CD, production environments and policies.
The move follows Google’s unveiling of the Assured Open Source Software service in May, which packages the same workflows its developers rely on to strengthen and validate the open source software supply chain.
Venables, in an interview with Cybersecurity Dive in August, said Google expects to turn more of its internal technology into security products. Further acquisitions and organic growth in Google’s security business is likely, he said at the time.
“We think we can be a leading security brand,” Venables said, “because we’ve had so much experience in building security capabilities into our own platform, and doing it at significant scale.”