Just shy of two years after its $5.6 billion all-cash purchase of Mandiant, Google’s ambitious enterprise security strategy is starting to take shape with the rollout of new threat-intel and security operations products and a boast to use the magic of AI to tap into the booming cybersecurity market.
The search marketing giant used the spotlight of the RSA Conference on Monday to unveil the new products — Google Threat Intelligence and Google Security Operations — and push the value of AI-powered tools in enterprise cybersecurity programs.
Google has long struggled for relevance in enterprise cybersecurity but with the Mandiant assets in hand, the company is now pushing a threat-intel product hyping “unmatched depth” of breach forensics expertise, the “global reach” of its VirusTotal malware scanning service and the “breadth of visibility” it can deliver from billions of signals across devices and emails.
The company said the security products would showcase its Gemini AI-powered agent to add conversational search tooling across its repository of threat intelligence data.
The Google Threat Intelligence will take its place alongside the new Google Security Operations, Mandiant Consulting, Security Command Center Enterprise, and Chrome Enterprise.
The plan is to take data and insights from Mandiant’s incident response and threat research teams, combine them with telemetry from Google’s massive user and device footprint; and make use of VirusTotal’s crowdsourced malware database to sell observability and visibility tooling to corporate defenders.
Google says it protects 4 billion devices and 1.5 billion email accounts, and blocks 100 million phishing attempts per day; while Mandiant’s incident responders and security consultants handle about 1,100 breach investigations every year.
The standalone threat-intel product will use Gemini to analyze potentially malicious code and provide a summary of findings, features the company hopes will supercharge the threat research processes, augment defense capabilities, and reduce the time it takes to identify and protect against malicious threats.
“Customers now have the ability to condense large data sets in seconds, quickly analyze suspicious files, and simplify challenging manual threat intelligence tasks,” the company said.
The second product, called Google Security Operations, also promotes the use of generative-AI technology to simplify threat detection, investigation, and response in large organizations.
Google said the addition of Gemini in Security Operations can reduce the time security analysts spend writing, running, and refining searches and triaging complex cases. “Security teams can search for additional context, better understand threat actor campaigns and tactics, initiate response sequences and receive guided recommendations on next steps — all using natural language,” the company said.
The product contains a new Investigation Assistant feature aimed at helping security professionals make faster decisions and respond to threats by answering questions, summarizing events, hunting for threats, creating rules, and receiving recommended actions based on the context of investigations.
A separate feature, called Playbook Assistant, is also being built to help security teams create response playbooks, customize configurations, and incorporate best practices.
Related: Microsoft Flexes Security Vendor Muscles With Managed Services
Related: Google to Acquire Mandiant for $5.4 Billion in Cash
Related: Why Google Acquired VirusTotal
Related: Microsoft’s Security Chickens Have Come Home to Roost
Related: US Gov Rips Microsoft for Shoddy Security, Poor Response to Chinese Hack
