This third quarter of 2024, Google Security Operations focused on fueling efficiency and collaboration for our customers. We’ve rolled out a host of key enhancements, ranging from simplifying search queries to supercharging integrations. 

Let’s explore some of the highlights:

Share threat profiles with your organization

Easily share Threat Profiles with your organization, enabling seamless collaboration on priority threats and investigations. Break down information silos and empower your CTI team to work together on a single source of truth, ensuring everyone is aligned on the threats that matter most to your organization. Learn more in our documentation. Automatically enabled for all Google SecOps Enterprise+ customers. 

Collaborate with your trusted circles

Threat actors share information and resources to maximize their impact. Now you can too. Securely share your Private Collections with trusted colleagues outside of your current organization.

Enhance your collective defense by:

• Expanding your threat intelligence network: Share critical insights, including IOCs, TTPs, and strategic analyses, with peers beyond your organization.
• Building a stronger community: Pool knowledge and resources with trusted partners to gain a deeper understanding of the threat landscape.
• Streamlining collaboration: Share threat intelligence seamlessly within the platform, eliminating friction and improving efficiency.

Learn more in our documentation. Automatically enabled for all Google SecOps Enterprise+ customers. To use this feature, create or open an existing private collection, click on “share & visibility” in the collection header, enter either a username or an org name in the “add collaborator” field, and click “save”.

Uncover the latest threats with new curated detections

Leverage new out-of-the-box detections that are developed and maintained regularly by Google and Mandiant experts to detect more threats without custom engineering. See curated detections in action.

Our latest curated detections include:

The Mandiant frontline rule pack delivers around 400 rules, curated from top sources like M-Trends and VirusTotal, directly into security arsenals. New rules are being continuously released, to access these proactive threat detection capabilities, ensure the Mandiant Frontline Rule Pack is enabled. Automatically enabled for all Google SecOps Enterprise+ customers. 

Test Drive your Google SecOps integrations

Say goodbye to the fear of pushing an integration update live, only to discover it disrupted your existing playbooks and connectors. With IDE Staging, you can now thoroughly test your integrations in a safe, isolated environment before they hit production.

Key Benefits of IDE Staging:

• Risk-Free Testing: Upgrade integrations, test them in a secure staging environment, and then confidently push them to production, replacing existing integrations without disrupting operations.

• Enhanced Confidence: Validate changes and gain full visibility into how updates will behave in your production environment before deployment.
• Streamlined Python Upgrades: Aligned with the Python version upgrade process for easy maintenance and proactive security vulnerability management.

Learn more in documentation. Automatically enabled for all Google SecOps customers.

Simplify searches with a single YL2 language

No more juggling different query languages – leverage the same YL2 language across Google SecOps Search, Rules, and Dashboards for a seamless and efficient workflow. Learn more in our documentation. Automatically enabled for all Google SecOps customers.

Enhance detection capabilities with 34 new YARA-L2.0 functions

This new batch of YARA-L2.0 functions, developed during our YL2 Hackathon, enables advanced capabilities in math operations, string manipulation, and type casting. Leverage functions like math.geo_distance to identify impossible travel detections, strings.extract_hostname to extract a hostname from a url string, and timestamp.as_unix_seconds to convert a timestamp string into unix seconds. Learn more in our documentation. Automatically enabled for all Google SecOps customers.

Export Google SecOps data to BigQuery

Maintain greater control and security over your exported data with the new Bring Your Own Project (BYOP) feature for BigQuery Export. Seamlessly store and analyze your exported data within your own designated GCP projects, ensuring compliance and simplifying data access using your preferred methods and security protocols. Learn more in our documentation. Available in preview for all standard and enterprise Google SecOps customers. Please contact your sales representative if you are interested in testing this feature.

Strengthen your SecOps with 24/7 managed detection and response from Mandiant

For customers in need of expert support for managing Google Security Operations, we’ve got you covered. Google Security Operations can also work in concert with Mandiant Managed Defense, which can help you to reduce risks to your organization. Mandiant's team of seasoned defenders, analysts, and threat hunters work seamlessly with your security team and the AI-infused capabilities of Google Security Operations to quickly and effectively monitor, detect, triage, investigate, and respond to incidents. Learn more in this datasheet. Available to purchase as a service add-on .

Considering to upgrade your Google SecOps package? Contact your account team to learn more. 

Not a Google SecOps customer yet and would like to learn more? Schedule a demo today.