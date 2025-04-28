Managed Security Services, RSAC, Security Operations
Google unveils new features for its Unified Security platform
Credit: Adobe Stock Images
Google announced on April 28 a series of additions to its Google Unified Security platform, an umbrella platform that itself was unveiled earlier this month."By integrating Google's leading threat intelligence, security operations, cloud security, secure enterprise browsing, and Mandiant expertise, Google Unified Security creates a single, scalable security data fabric across the entire attack surface," write Brad Calder, VP and GM at Google Cloud Platform and Jurgen Kutscher, Vice President at Mandiant Consulting.(For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC)As announced April 9, Google Unified Security brings together Google's Security Operations (or SecOps), the Chrome Enterprise browser, Google's Security Command Center and Google Threat Intelligence. All of this involves what Google refers to as "Mandiant Expertise." (Google bought the well-known cybersecurity firm Mandiant in 2022.) Several new features are being added to Google Security Operations, a cloud-based platform that provides threat detection, security orchestration automation and response (SOAR), and security information and event management (SIEM) services to its clients:
Security Command Center, Google's cloud-asset platform that is applicable to Amazon Web Services and Microsoft Azure, as well as Google Cloud, will incorporate MITRE ATLAS threat intelligence into its AI Protection feature.No new features were announced for Google's Chrome Enterprise browser, but Mandiant's own consulting practice will get Mandiant Essential Intelligence Access, a human-powered threat-intelligence service tailored to each customer.The 2025 Mandiant M-Trends report was issued April 23, but today's announcement highlighted its findings from the past year. Among them were:
New Cloud Threats rule packs based on the findings of Mandiant's latest annual M-Trends report An agentic-AI-powered security operations center (SOC), in which "security operations are fundamentally enhanced by a collaborative multi-agent system" SecOps Labs, which provides customers with early access to AI enhancements, including "a Natural Language Parser Extension, a Detection Engineering Agent for automated rule creation and testing, and a Response Agent for generating automation playbooks" Composite Detections, which is still in preview but "can connect the dots between seemingly isolated events to help defenders uncover a more complete attack story" Content Hub, also in preview, which provides resources to "streamline security operations and maximize the platform's potential" Document search powered by Google's Gemini AI, a feature that is also still in preview.
The report also dives into North Korean spies applying for remote jobs as IT workers, Iranian APT activity and attacks on "cloud-based stores of centralized authority" such as single sign-on (SSO) portals.(For Complete Live RSAC 2025 Coverage by SC Media Visit SCWorld.com/RSAC)
Thirty-three percent of attacks included an exploit as the initial infection vector, followed by stolen credentials at 16% and email-based phishing at 14%. Financial motivations powered 55% of active threat groups in 2024, a "steady increase" from the previous year, and espionage 8%. Among industrial sectors, finance was the most often targeted at 17.4%, followed by business and professional services at 11.1%, technology at 10.6%, government at 9.5% and healthcare at 9.3%.
