Building on the strong product momentum in the first quarter of 2024, our second quarter brought a host of significant enhancements focused on providing customers with an advanced AI and intel-driven experience. But we didn’t stop there. We also introduced a number of improvements to everyday processes, prioritizing the ease of use and efficiency of Google SecOps. 

Let’s take a look at some of the highlights:

Turn intelligence into action

Automatically apply our industry-leading global threat visibility to your unique environment with Applied Threat Intelligence. Uncover more threats with less effort and use the most up-to-date threat intelligence to address them before they create damage or loss. This release unlocks event-level enrichment, sophisticated indicator matching, active incident alerting, curated behavioral detections for emerging threats, enhanced DIY detection engineering and response automation, and curated views for investigation and triage insights. See Applied Threat Intelligence in action. Automatically enabled for all Enterprise+ customers. 

Automatically bring relevant threats to the forefront

Focus on the threats relevant to your organization based on user-configured interests such as industry and operating location. Create your own threat profile and easily monitor and track changes to those threats over time. Learn more in our documentation. Automatically enabled for all Google SecOps Enterprise+ customers. 

Uncover the latest threats with new curated detections

Leverage new out-of-the-box detections that are developed and maintained regularly by Google and Mandiant experts to detect more threats without custom engineering. See curated detections in action.

Our latest curated detections include:

Emerging threat detections can provide coverage for recently-detected methodologies by Mandiant’s elite team, including during incident response engagements. Automatically enabled for all Google SecOps Enterprise+ customers.

Cloud detections can address serverless threats, crypto mining incidents across Google Cloud, all Google Cloud and Security Command Center Enterprise findings, anomalous user behavior rules, machine learning-generated lists of prioritized endpoint alerts (based on factors such as user and entity context), and baseline coverage for AWS including identity, compute, data services, and secret management. We have also added detections based on learnings from the Mandiant Managed Defense team. Automatically enabled for all Google SecOps Enterprise and Enterprise+ customers. 

Make faster decisions with an AI-powered investigation assistant

Interact with Google Security Operations using a context-aware, AI-powered chat to answer questions, summarize events, hunt for threats, create rules, and receive recommended actions based on the context of investigations. See investigation assistant in action or explore all Gemini in Security Operations capabilities. Automatically enabled for all Google SecOps Enterprise and Enterprise+ customers. 

Respond with speed and precision using AI-generated playbooks

Easily build response playbooks, customize configurations, and incorporate best practices with our playbook assistant. See playbook assistant in action or explore all Gemini in Security Operations capabilities. Available in preview for Google SecOps Enterprise and Enterprise+ customers. Please contact your sales representative if you are interested in testing this feature.

Leverage statistical analysis and aggregations in search queries

Say goodbye to investigations laden with manual analysis, limited visibility, and siloed data. Google Security Operations customers can now write Yara-L 2.0 search queries for statistical analysis and aggregations to track the distribution and frequency of security events, detect anomalous behavior and analyze trends over time. Learn more in our documentation. Available in preview for all Google SecOps customers. Turn the following feature flag in C4 on to automatically access this in preview: search_stats_enabled

Seamlessly query raw log data

Expedite investigations by searching raw logs, using the term “raw = “, from the Search page to view normalized UDM events and entities for both parsed and unparsed log lines. Learn more in our documentation. Available in preview for all Google SecOps customers. Turn the following feature flag in C4 on to automatically access this in preview: rls2_enabled

Natively collect logs from non-cloud data sources

Easily send logs from Windows Events, Linux, databases, flat files, and more data sources to Google Security Operations with our new collection agent. It can be used in conjunction with the existing Google Security Operations forwarder or as a standalone agent, and does not require any additional licensing. If you’re looking to scale or leverage advanced features, both a free and paid version of the BindPlane OP (Observability Platform) management console is available to deploy, remotely configure, and monitor the agents. Learn more about Cloud Monitoring for ingestion notifications in our documentation and learn more about using the BindPlane agent in our documentation. Automatically enabled for all Google SecOps customers.

Execute detections in near real-time with performance improvements

Execute single event rules in near real-time, including both custom and curated, and simple and complex rules using reference lists and match windows. Accelerate detections based on time-sensitive context from the Google Security Operations entity graph with performance improvements to multi-event context-aware detections. Learn more about Google Security Operations detections. Automatically enabled for all Google SecOps customers.

Expanded regional support

Meet long-term compliance and jurisdictional requirements with expanded regional support in Canada, India, Qatar, and Italy. Additional regional support is expected to be added throughout 2024. See all of our Google Security Operations data regions in our documentation. 

Expert Help from Mandiant Threat Hunters within your multi-cloud environment

Uncover threat actors hiding in plain sight within your multi-cloud environment. Mandiant Hunt experts can help you detect adversaries abusing valid credentials across Amazon Web Services (AWS) and Google Cloud platforms for Google Security Operations and Security Command Center customers. Learn more in this blog. Available to purchase as an add-on.

What's next?

Considering upgrading your Google SecOps package? Contact your sales representative to learn more. 

Not a Google SecOps customer yet and would like to learn more? Schedule a demo today.