Askhat - stock.adobe.com
Mandiant, part of Google Cloud, hosted its annual mWISE Conference in Washington, D.C., on Sept. 18-20. I attended sessions spanning topics from ransomware to cyber insurance to the Mitre System of Trust.
I came away from the event with three primary impressions: The threat landscape is far scarier than I thought; Mandiant and Google have come together for comprehensive cybersecurity; and the two companies see generative AI as a force multiplier.
Takeaway 1: As scary as I thought the threat landscape was, it's far scarier
As an analyst, I follow the news and read threat reports, but the threat intelligence briefings I received at mWISE scared the living daylights out of me.
The Mandiant brain trust talked about the "big 5 adversaries" -- China, Russia, Iran, North Korea and cybercriminals. Kevin Mandia, CEO of Mandiant, said China graduated from the JV to varsity squad, in terms of attack sophistication, and described growing concern about attacks on critical infrastructure. Russia is throwing everything it can at Ukraine, while Iran and North Korea are launching frequent and often brazen social engineering attacks. Meanwhile, cybercrime is considered the third-largest global economy behind the U.S. and China. Some threat actors -- such as Scattered Spider and Alphv, the cybercriminal groups behind the recent attacks on MGM Resorts and Caesars Entertainment -- are more aggressive and nastier than past adversaries. According to Mandiant, enterprises need to be better prepared for these kinds of "apex attackers."
Takeaway 2: Mandiant and Google have come together for comprehensive cybersecurity
The mWISE Conference in 2022, which took place right after Google acquired Mandiant, had a fair amount of trepidation in the air over how the merger would shake out. Fast-forward to 2023, and I sensed a noticeable spirit of unity.
Combined, the two entities cover cyber-risk management, including attack surface management and threat intelligence analysis; security operations, including SIEM and security orchestration, automation and response (SOAR); incident response; and continuous security testing. Mandiant also has extensive service offerings to help customers fill skills and staffing gaps.
Takeaway 3: Google/Mandiant see generative AI as a force multiplier
This sounds like other industry hyperbole, but Google and Mandiant might have cracked the code here with a powerful combination: Google supplies the infrastructure, tooling and AI platform, while Mandiant provides deep security practitioner knowledge. Combined, they developed a large language model called Sec-Pathways Language Model 2 (Sec-Palm 2) that serves as the foundation for all Google-Mandiant generative AI use cases.
At a high level, Google and Mandiant talk about applying technology to three of the security industry's biggest challenges, which are threats, toil and talent:
- Threats. Generative AI can help security analysts summarize threat intelligence or string together individual events to uncover attack kill chains.
- Toil. Through content generation, report summarization and automation capabilities, generative AI can make security teams more efficient.
- Talent. Generative AI can help bridge the talent gap by empowering existing security teams. The use cases are universal, but the two companies have the potential to innovate and execute faster and better than the competition.
What needs to happen next
I came away from mWISE smarter and impressed with the Google-Mandiant marriage, but there's still work ahead. Here's how the two can maximize future opportunities.
Push generative AI from hype to reality. I understand the power of the Google-Mandiant generative AI story, but many CISOs and security pros have seen similar movies before: recall security technology trends such as machine learning, cognitive computing, user and entity behavior analytics, and extended detection and response (XDR) that prompted industry gaga but never lived up to the immediate hype.
To counteract this skepticism, Google and Mandiant should start a campaign on how they use generative AI internally for tasks such as analyzing threat intelligence and reverse-engineering malware. They should target CISOs and coach them on implementing a holistic generative AI strategy.
It's also on Google to reinforce messaging around data privacy. Google does a good job, but many security pros still think of Google security, Gmail and Google Chrome in the same light. Google has to convince dubious security pros that their data will remain private and secure.
Include services everywhere. Research from TechTarget's Enterprise Strategy Group, "SOC Modernization and the Role of XDR," found 85% of organizations use managed services for security operations -- and of those, 88% said they will increase their use of managed security services moving forward. This means even large and well-resourced organizations need help.
While Mandiant continues to service this market, Google should layer Mandiant services everywhere. For example, Chronicle SIEM sales should include Mandiant threat hunting or threat intelligence analysis services. Mandiant's attack surface management and continuous testing services are also natural add-ons for security operations deals.
Google and Mandiant have the potential to offer an end-to-end threat-informed defense. CISOs should be open to hearing how the pieces fit together.
Attack the market on cloud-scale SOC modernization. Chronicle SIEM got off to a rough start a few years ago but is now poised to disrupt the security operations market. It has evolved into a cloud-scale SIEM and SOAR platform, supported by generative AI and Sec-Palm 2 for detection engineering, natural language query, process automation and threat intelligence analytics. Google also has some pricing and data retention advantages over the competition.
Chronicle SIEM is coming together at an opportune time as organizations upgrade to scalable cloud-based SIEM with ample resources for data collection, processing and analysis. Google needs to highlight reference customers, support multi-cloud detection and response, and educate the market on its scalability, analytics and staff productivity advantages. Perhaps Duet AI, Google's generative AI assistant, can help organizations migrate rule sets from existing SIEMs to Chronicle SIEM.
Move the entire market forward with collective defense. This will require some time, but with Google Cloud, Chronicle SIEM and generative AI, Google and Mandiant might be able to connect industries, regions and disparate organizations for threat prevention, detection and response in new and innovative ways. They'll need cooperation from others -- government agencies, law enforcement, Information Sharing and Analysis Centers and other vendors -- to pull this off, but Google and Mandiant have these relationships and a cooperative technical foundation in place.
This will also require sound, strong and transparent data anonymization and sharing methods, something Google's history makes difficult. But, if it can lead the industry with some help from others, everyone could benefit.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.