Driven by the vision to provide “invisible security,” Google has been enhancing the security layer of its platforms and products. To further that objective, following the acquisition of Israel-based security orchestration, automation, and response (SOAR) platform provider Siemplify in January 2022, it announced in March 2022 the acquisition of Mandiant, an American cybersecurity firm, for USD 4.5B.
Both these companies will eventually be part of the Google Cloud Platform business unit. Through these acquisitions, Google aims to combine the extended detection and response (XDR) capability of Mandiant and the SOAR platform of Siemplify with the security analytics of Google’s security event and information management (SIEM) platform, Chronicle, to improve the security operation centers’ (SOC) analyst time to detect and respond to security incidents.
With these acquisitions, Google continues to march toward its commitment to invest USD 10B in the next five years to strengthen its cybersecurity ecosystem, which it announced in August 2021 at the White House cybersecurity summit. As part of the investment plan, it intends to expand zero-trust programs, secure software supply chains, and enhance open-source security.
By integrating these capabilities with Google’s cloud offering, enterprises can unify disparate security tools using orchestration and analytics. This will help mitigate multiple, end-of-life security issues and reduce false alarms. Google’s unified offering, combining cloud infrastructure, security services, and the SOAR technology platform, becomes an attractive proposition for customers and helps minimize the need to depend on third-party security providers. It will enable CISOs to capitalize on the SIEM-to-SOAR maturity trend to streamline their threat response procedures for organizing people, processes, and technology. It will also offer visualization and guided user journeys, reducing the technical expertise needed to manage security operations.
For Google, the Mandiant and Siemplify deals become even more critical considering the advances made by its competitors, including AWS, IBM, Microsoft, and Oracle, in the cybersecurity space. Leading cybersecurity solution providers are also actively expanding their scope from a few data sources such as firewalls and intrusion detection systems to specialized security tools with enhanced interoperability such as endpoint detection and response (EDR), user and entity behavior analytics (UEBA), and network traffic analysis (NTA) by acquiring specialized SOAR platform and intelligent security solution providers.
Google’s unified offering, combining cloud infrastructure, security services, and the SOAR technology platform, becomes an attractive proposition for customers and helps minimize the need to depend on third-party security providers. Clearly, both Mandiant and Siemplify seem to be timely acquisitions that fill a need within Google’s security stack and are a natural progression from SIEM to SOAR.
By Gaurav Dewan, Associate Research Director, Avasant and Premal Shah, Senior Analyst, Avasant