Over the past few years, Google Cloud Security has been closely partnering with customers to define and deliver services that help security teams to effectively detect, prioritize, and respond to critical threats and intrusions. We are turning what we’ve learned from these interactions into  the next evolution of services, Mandiant Threat Defense for Google Security Operations (SecOps). 

Mandiant Threat Defense is included with Google Unified Security and available as an add-on to  Google SecOps Enterprise and Enterprise Plus customers. The service combines the power of Google SecOps with the frontline intelligence and expertise of Mandiant. Mandiant Threat Defense actively detects threats across all your Google SecOps data sources. Mandiant experts leverage artificial intelligence (AI) alongside insights derived directly from Mandiant's incident response engagements, effectively translating real-world threat intelligence into an advanced detection pipeline.

Figure 1:  Our conceptual detection funnel illustrates how telemetry events in Google SecOps are labeled with security context, enriched with threat intelligence and then correlated with multi-event curated detections to produce a set of prioritized cases for triage and further investigation by Mandiant experts.

New Releases

The enhanced service offering continues to build on the innovation and momentum from Managed Defense and Mandiant Hunt. We’re excited to announce the following releases:

1. Curated detections support is now generally available for US customers. Mandiant Threat Defense will enable curated detection rule packs on behalf of customers, enabling active threat detection for telemetry sources integrated via default parsers. 
2. General availability of cloud support for threat detection and hunting across AWS, Azure, and Google Cloud. 

 Here's a closer look at the Mandiant Threat Defense key features:

• Precise and informative investigation reports: Mandiant Threat Defense Security Operations Center (SOC) combs through the vast amount of data generated by security controls to  surface high fidelity evidence of malicious activity, complete with full analysis of potential compromise.
• Comprehensive active threat detection: Curated threat detections, threat hunting hypotheses, and threat intelligence are automatically applied to every event in Google SecOps enabling detection of malicious activity that might not have been alerted on by other security controls. Mandiant experts author and deploy proprietary rule packs that are used to help detect newly identified threat actor activity or tactics. 
• Efficient prioritization: Dealing with alert fatigue is a constant battle for security teams. Mandiant Threat Defense employs a proprietary case prioritization model to ensure your team can focus on the most critical incidents, allowing your team to more efficiently scale response operations. .
• Expert-led and automated response: Mandiant Threat Defense facilitates response through expert investigations and internally leveraged playbooks, as well as Gemini to enhance remediation efforts.
• AI-assisted, continual threat hunting: Staying ahead of sophisticated adversaries requires proactive measures. Mandiant  utilizes security models trained on Google Threat Intelligence including Mandiant incident response data to continuously hunt for current threats within your environment.
• Expert Mandiant support: Beyond the technology, you gain access to personalized threat briefings, security posture recommendations, and actionable remediation guidance from Mandiant experts. 

Mandiant Threat Defense allows you to have Mandiant experts become an extension of your security team and help drive the security outcomes in Google SecOps that will protect your organization from the latest threats. Through continuous updates to detections and threat hunting to rapid response when you need it most, Mandiant Threat Defense can accelerate your security operations to minimize the impact of security breaches.

To learn more about Mandiant Threat Defense, contact your Google Cloud sales representative or request a follow up.