Google is gobbling-up all things cybersecurity

CNBC reported that Google announced it plans to buy cybersecurity firm Mandiant for around $5.4 billion as part of an effort to better protect its cloud customers. The Mountain View, California, search giant said it will pay $23 a share for the publicly traded firm, which was founded in 2004. If the deal gets approved by regulators, it will be Google’s second-largest acquisition ever behind its $12.5 billion Motorola Mobility deal in 2012.

The acquisition helped Google strengthen its security capabilities and expand its offerings in the enterprise security market. The addition represented a significant step forward for Google in cybersecurity, as the company aimed to increase its presence in the enterprise market.

Google’s security demons

“In the world of cyber, the only way to truly secure a system is to disconnect it from the Internet. Mistakes are bound to happen and Google has very much learned from each one of them.”
Security technologist Bruce Schneier

As one of the largest technology companies in the world, Google has faced several major cloud and cybersecurity events in the past 2-3 years. Here are a few examples:

1. Project Zero Discovery: In January 2020, Google's Project Zero security team discovered a critical vulnerability in the Microsoft Windows operating system that state-sponsored hackers were actively exploiting. Google worked with Microsoft to release a patch for the vulnerability, demonstrating the importance of collaboration between technology companies to improve overall cybersecurity.
2. Chrome Zero-Day Vulnerabilities: In December 2020, Google's Chrome security team discovered and fixed several zero-day vulnerabilities in the Chrome browser. Attackers were actively exploiting these vulnerabilities, and the prompt response by Google's security team prevented widespread harm.
3. Google Cloud Outages: In November 2021, Google experienced a widespread cloud outage that impacted several of its cloud services, including Google Workspace and Google Cloud Platform. While the cause of the blackout was eventually determined to be a network issue, it demonstrated the importance of having robust disaster recovery plans in place and the need for organizations to prepare for cloud outages.
4. Google Threat Analysis Group: In recent years, Google has invested heavily in its Google Threat Analysis Group, which is responsible for detecting and responding to advanced cyber threats. This group has been instrumental in detecting and responding to several major attempts to breach existing protection, including the SolarWinds supply chain attack.

These are just a few examples. Many others are out there. These dark, cloudy days may have led Google to the acquisition of Mandiant to strengthen its cybersecurity for its partners and customers. But before we go further into Google's new acquisition, let's focus on how Mandiant came to be.

The rise of Mandiant: from incident response to cybersecurity leader

Mandiant was founded in 2004 by Kevin Mandia, a former military cyber-intelligence analyst. Kevin Mandia saw a need for specialized services in the market to respond to security incidents, as most organizations were ill-equipped to handle complex cybersecurity threats at the time.

The company quickly established itself as a leader in the cybersecurity industry. Mandiant provided incident response and computer forensics services to organizations that had suffered a security breach, helping them to recover from cyberattacks and to secure their systems. Over time, the company expanded its offerings to include threat intelligence services, which enabled customers to stay ahead of emerging cyber threats.

Mandiant's reputation as a trusted provider of cybersecurity services grew, and the company received recognition and awards for its work. For example, in 2012, Mandiant was named one of the fastest-growing companies in the United States by Inc. Magazine. The company's success also led to several high-profile partnerships and collaborations with other leading organizations in the cybersecurity industry.

In 2013, FireEye acquired Mandiant. The acquisition allowed FireEye to expand its offerings in the incident response and threat intelligence space and helped establish the company as a leader in the industry. After Google's acquisition, Mandiant continued to operate as a standalone subsidiary, maintaining its brand image and reputation for providing high-quality cybersecurity services.

As a result of this acquisition, Google can now integrate Mandiant's expertise in incident response and threat intelligence into its operations, thereby enhancing its ability to help customers defend against cyber threats. The acquisition was a significant step forward for Google in cybersecurity, as the company aimed to increase its presence in the enterprise market. By acquiring Mandiant, Google acquired a well-established and highly regarded provider of cybersecurity services, which helped it gain a competitive advantage in the industry.

Before acquiring Mandiant, Google had a limited presence in the cybersecurity market, primarily focused on securing its operations and products, such as Google Search and Gmail. The company offered customers some essential security tools and services, but these offerings were not as extensive as those of established cybersecurity companies.

Mandiant's Impact on Google's Cybersecurity

The acquisition of Mandiant allowed Google to enhance its cybersecurity capabilities significantly and offer a more comprehensive range of services to customers, which helped it to become a more competitive player in the industry. By integrating Mandiant's technology and expertise into its own security offerings, Google was able to strengthen its capabilities in areas such as threat detection and response, malware analysis, and incident management. Mandiant's expertise in investigating and responding to cybersecurity incidents was particularly valuable, as it enabled Google to improve its ability to help customers quickly and effectively respond to security threats.

Mandiant also brought a talented team of cybersecurity professionals to Google. Many of Mandiant's employees joined Google as part of the acquisition, and their knowledge and experience have helped to further enhance Google's cybersecurity capabilities.

As the newest subsidiary of Google, (things may rollup and change over the next 12-18 months), Mandiant [currently] offers the following services:

• Incident response
  Mandiant provides incident response services to help organizations respond to and recover from cyber-attacks. This includes identifying and containing the attack, investigating the scope and impact of the incident, and restoring systems and data to a secure state.
• Threat intelligence
  Mandiant offers a range of threat intelligence services, including intelligence reports, threat assessments, and custom threat intelligence feeds. These services provide organizations with valuable insights into emerging cyber threats, allowing them to better understand the risks they face and take proactive steps to protect themselves. Mandiant uses its extensive cybersecurity knowledge to provide up-to-date information on the latest threats and how to protect against them.
• Penetration Testing
  Mandiant's penetration testing services help organizations identify vulnerabilities in their systems and infrastructure before they can be exploited by attackers. This includes both network and application penetration testing, as well as social engineering testing to assess the effectiveness of employee training and awareness programs.
• Security Assessments: Mandiant offers a range of security assessment services, including vulnerability assessments, risk assessments, and compliance assessments. These services help organizations identify security gaps and compliance issues, and provide recommendations for improving their security posture.
• Managed Detection and Response: Mandiant's Managed Detection and Response (MDR) service provides 24/7 monitoring and detection of cyber threats, as well as rapid response and containment of incidents. This service combines advanced threat detection technologies with human expertise to provide a comprehensive defense against cyber attacks.

Thomas Kurian, CEO of Google Cloud, emphasized the importance of cybersecurity in today's digital landscape and the role Mandiant would play in helping Google to serve its customers better. The acquisition of Mandiant would have allowed Google to integrate its services into its offerings and strengthen its presence in the enterprise security market, a critical area of focus for the company. Kurian also mentions the potential for combining Google's technology and expertise with Mandiant's to drive innovation and deliver even more value to customers.

“We look forward to welcoming Mandiant to Google Cloud further to enhance our security operations suite and advisory services and help customers address their most important security challenges“
Thomas Kurian, CEO, of Google Cloud.

Facing new challenges

Google's Cybersecurity Action Team (CSAT) is a specialized team within Google that is responsible for investigating and responding to cybersecurity incidents. The team is comprised of experienced security professionals who work to protect Google's systems and infrastructure from attacks, as well as to help Google's enterprise customers respond to cybersecurity threats.

The CSAT is responsible for a wide range of activities related to cybersecurity, including incident response, threat hunting, and malware analysis. When an incident occurs, the CSAT works quickly to investigate and contain the issue, using advanced threat intelligence and analytics tools to identify the source of the attack and assess the extent of the damage.

CSAT is also responsible for developing and implementing cybersecurity policies and procedures, as well as for educating Google employees and customers on best practices for staying safe online. The team also works closely with external partners, such as law enforcement agencies and other cybersecurity organizations, to share information and coordinate response efforts.

In addition to the acquisition, Google Cybersecurity Action Team is likely to continue investing in research and development, including developing new technologies to improve its offerings and address the growing challenges facing organizations. This could include developing new machine learning algorithms to detect and respond to cyber threats more quickly and effectively, as well as improving its cloud offerings' security to protect customer data better, as shown in the image below:

Looking ahead

As technology continues to evolve and expand, the threat of cyberattacks is becoming increasingly prevalent and sophisticated. With the increasing use of connected devices, cloud computing, and other advanced technologies, the attack surface for cybercriminals is growing rapidly. They are constantly developing new and innovative ways to exploit vulnerabilities and gain unauthorized access to sensitive information. Cyberattacks are becoming more targeted and sophisticated. Attackers use advanced techniques such as social engineering, ransomware, and supply chain attacks to bypass traditional security measures and gain access to their targets' systems and data. These attacks can cause significant damage to businesses, governments, and individuals, resulting in financial loss, reputational damage, and even personal harm.

As a result, organizations of all sizes and industries must prioritize cybersecurity to protect their digital assets, sensitive information, and reputation. With the acquisition of Mandiant, Google has significantly enhanced its cybersecurity capabilities and is well-positioned to meet the growing demands for secure technology solutions.

Google has a long-standing commitment to security, and the acquisition of Mandiant has allowed the company to offer customers a more comprehensive range of services. The addition of Mandiant's expertise and talented cybersecurity professionals has enabled Google to provide organizations with the tools they need to defend against cyber threats and respond effectively to security incidents.

Looking ahead, in 2023, it is likely that Google will continue to play a crucial role in the cybersecurity landscape. The company is well-positioned to provide organizations with the tools they need to stay ahead of evolving cyber threats and to help improve their overall security posture. With its strong focus on innovation and its commitment to cybersecurity, Google will continue to be a valuable partner for organizations as they navigate the increasingly complex digital security landscape.