Skip to content

Chapter 2

Enhanced Protection & Response

With the increasing threat landscape, companies prepare to deal with evolving and complex cyber-attacks. Google is no exception and is targeted by cybercriminals every day. In this context, the main goal of Google Cloud Security is to detect everything and trust nothing. This blog post will discuss Google’s approach to security, the challenges faced by security operations, and how Google is evolving to meet these challenges. 

Enhancing Cybersecurity with Google Cloud’s Multi-Cloud Solutions

The Power of Google Cloud’s Multi-Cloud Solutions

The first step towards securing a company’s data is to choose a trusted public cloud offering. Google Cloud is considered one of the most reliable cloud providers in the market. However, in a multi-cloud environment, where customers operate on different cloud platforms, Google Cloud Security offers solutions that work not only on their cloud but also on Azure, AWS, and even on-prem environments. These solutions are designed to bring Google’s expertise and knowledge from security practices to customers.

Security at Google is not a one-size-fits-all solution. It is a journey, and Google believes in a fundamentally different approach to solutions and the future vision for them. The concept of invisible security involves changing security on different layers and considering different risk levels. Google is evolving from a shared responsibility approach to a shared fate approach, working with customers.

Evolving Security Operations for the Future

As technology changes, so do the profiles of people working in security operations. Therefore, Google needs different skill sets to meet these demands. Google’s security operations centres are moving from manual work to automated to a more autonomic way of working. The goal is to achieve an autonomic security operations environment, where security operations can detect and respond to threats quickly and efficiently.

Google offers service blueprints methodology, a new way of working within security operations teams, to drive change into a conservative environment such as a Security Operations Centre (SOC). The methodology involves a philosophical debate to evolve as security people move towards more business enabler thinking with the DevOps teams.

Continuous Detection and Response

Continuous detection and response are crucial in achieving an autonomic security operations environment. Google is introducing the concept of orchestration as part of the response. The last piece missing was continuous feedback.

With the recent acquisition of Mandiant, Google will have next-level vulnerability management, together with VirusTotal, which closes the ecosystem.

Google’s Approach

SOCs must evolve to operate faster, with less human effort, at scale

Detect

  • Ingest, normalise and operate on petabytes of data very quickly
  • Leverage threat Intelligence to automate detections & hunts across a full year of data

Investigate

  • Collaborative investigation workbench with full case management
  • Automated enrichment, and context (proper data presented to the right person) to simplify decision making

Respond

  • Orchestrated response to reduce MTTR and continuous knowledge capture to drive improvement
  • Leverage playbooks and  automation to close false positives and reduce human effort as much as feasible

Google is constantly evolving to meet the challenges of the evolving security threat landscape. The concept of invisible security involves changing security on different layers and considering different risk levels. Google is moving from a shared responsibility approach to a shared fate approach, working with customers towards achieving an autonomic security operations environment. With the recent acquisition of Mandiant, Google is offering next-level vulnerability management, which closes the ecosystem. Google’s approach towards security operations is transforming, and designed to offer a comprehensive solution that is effective, efficient, and reliable.