Google Cloud announced Chronicle Security Operations, a cloud software suite that will better enable cybersecurity teams to detect, investigate, and respond to threats. CISO Phil Venables said the suite will lead Google Cloud to create a “complete end-to-end security operations stack.”

Chronicle Security Operations unifies Chronicle’s security information and event management (SIEM) tech with the security orchestration, automation, and response (SOAR) solutions from Google’s Siemplify acquisition and threat intelligence from Google Cloud. 

The suite’s capabilities include access to cloud-scale data, curated detections, and automated response to common security threats such as phishing and malware, all on a common platform.

Google Cloud VP and GM Sunil Potti argued in the face of an “accelerating cyber situation,” only companies like Google, Amazon, and Apple have invested in protecting themselves at scale. 

“But if there's an opportunity for most of these companies of all sizes to inhale the capabilities that Google has built to protect themselves to protect their own customers, then there is a real opportunity to structurally solve this problem,” he said. 

Potti said Google Cloud’s security focus now is “less about compliance, adding “it's more about can you actually help me during a point of a breach and how do I prevent that from happening going forward.”

The new suite aims to provide usable, omnipresent security, according to Potti. “It's not in your face, and that art of getting to a much safer posture across all kinds of today and tomorrow's attacks, while keeping things simple, is a very hard problem,” he said. 

Google claims its recently-completed Mandiant acquisition will add even more broad incident and exposure management and threat intelligence capabilities to its security stack. 

Potti noted Mandiant products like frontline intel, attack surface management, and Red Team as-a-Service can be put through an automated pipeline into Chronicle workflows, which will allow security operations center (SOC) teams to transform into a "modern" type of defense. 

Venables added that Chronicle and some of Google Cloud’s other monitoring tools are a more reactive type of defense, which look through data and events to figure out “what went wrong” and respond accordingly. 

Contrastingly, he said Mandiant introduces “proactive offerings, using validation to see how well your security tools are working, looking at your attack surface, figuring out what incidents and how you're responding to them, joining those together.”

“You get to do what we think is really important to get security right, which is to join the offense and the defense together,” Venables said.