Mandiant CEO Kevin Mandia envisions its merger into Google Cloud will enable amplification and further automation of the security powerhouse’s capabilities to stop the most current attacks while remaining controls agnostic. 

Google completed its Mandiant acquisition for $23 per share in an all-cash deal valued at around $5.4 billion last month. Now, Mandiant is integrating into Google Cloud while retaining its brand.

Google Cloud CISO Phil Venables said Mandiant will bring proactive defense to the tech giant’s existing security portfolio and called this deal “complementary and compelling” during a press roundtable on Oct. 6, ahead of Google Cloud's Next '22 event.

The tech giant’s cloud computing and storage, data processing, artificial intelligence, and machine learning capabilities offer the ability to make Mandiant’s security services more widespread and accelerate the automation process, Mandia explained. 

“When you talk to all the Mandiant security experts, all they've ever wanted is the ability to get impact, to get our capabilities into the hands of all the security practitioners out there, and that's what we get through Google Cloud. It's just a broader reach,” he said. “Let's face it, every service person we have, they can help two or three customers today. But if we can automate their expertise, we can help millions of people every day and that's our goal.”

Google’s newly-announced Chronicle Security Operations offers a good example of what the Mandiant integration looks like. The service unifies Chronicle’s security information and event management (SIEM) tech with the security orchestration, automation, and response (SOAR) solutions from Google’s Siemplify acquisition, and threat intelligence from Google Cloud, while aligning with Mandiant’s threat intelligence and incident response capabilities, according to Venables.

The service can put Mandiant’s frontline intel, attack surface management, and Red Team as-a-Service capabilities through an automated pipeline into Chronicle workflows, Google Cloud VP and GM Sunil Potti added.

“With Mandiant, we get to this place of proactive offerings,” Venables said. “We can look at the threats and the synthesized intelligence from the threats, and join that with all of the Google Cloud data analytics and monitoring capability is that final piece of the security puzzle.”

Despite joining Google Cloud, Mandia does not expect it will change the way how Mandiant interacts with customers. The vendor is still on a mission to detect and defend the novel attacks. 

“Mandiant to be Mandiant” means the security recommendations and consultations from the company will be vendor agnostic “to anything but the best solution,” he explained. “If the right answer is another cloud provider because that's what the people were helping use, that's the right answer.”

“We need to have a security operations platform that's open to defending all clouds and open to defending on-premise, hybrid environments as well,” he added.

Mandia emphasized this point as he earlier mentioned Mandiant wanted to become an independent company to make security controls more effective and efficient after divorcing FireEye.

FireEye bought Mandiant for about $1 billion in early 2014. Mandia previously served as CEO of FireEye from June 2016 through September 2021. Last year, FireEye announced plans to reposition its Mandiant threat intelligence and incident response arm as an independent company, however Mandiant changed its name back and became a publicly-traded company. 

As part of FireEye, Mandiant was coupled with the company’s various security services spanning endpoint, network, email, and business, Mandia said.

On the contrary, he touted Google as “a perfect fit,” and said the combination could become the brain and hub for all the telemetry from all dozens of endpoint security companies and hundreds of network security products, including SentinelOne, CrowdStrike, McAfee, VMware Carbon Black, and Microsoft Defender.

“We want to work with all of them and just impose security automation on top of all these control products that just create the telemetry,” Mandia said. Google's Chronicle platform takes telemetry from those products, “and we're going to be able to adjudicate indecision and put business logic on top of all of them," he added.

“As we respond to breaches and get just a mastery of here's what bad looks like on a network, this is what unauthorized or unlawful or simply unacceptable behavior looks like [from] all these different telemetries, Google's best suited to bring that to market,” he added. “So when I said we needed to be controls agnostic, that's what I meant.”

Photo: Mandiant CEO Kevin Mandia (L) and Thomas Kurian, CEO Google Cloud. Source: Google Cloud.