Recent years have seen Microsoft emerge as the company to beat in cybersecurity, with an extensive suite of security offerings and an unparalleled view into business applications, cloud workloads and devices.
Really, who could take them on? Who would even dare to try?
CrowdStrike has taken its shots — and has seen some strong growth that validates that it is a serious challenger to at least some parts of Microsoft’s security business (particularly in endpoint).
But Google Cloud may be the first vendor that is truly positioned to challenge the whole of the Microsoft security machine.
Google’s $5.4 billion deal to acquire Mandiant, announced today, will allow Google Cloud to deliver an “end-to-end security operations suite to help enterprises stay protected at every stage of the security lifecycle,” said Phil Venables, CISO at Google Cloud, during a news conference.
Now, that sounds a lot like what Microsoft aims to offer enterprise customers, doesn’t it?
Mandiant adds a significant amount in terms of security to Google Cloud, far beyond the company’s well-known incident response (IR) service offering. Mandiant’s platform spans threat intelligence, security validation, automated defense, attack surface management and managed defense.
And in terms of services, in addition to IR, Mandiant provides strategic readiness, technical assurance and “cyber defense transformation” — i.e., helping customers to develop and mature their security posture.
Supporting the SOC
Google Cloud’s approach to getting to the outcome of “end-to-end” security for customers is very different than that of Microsoft, however, according to Peter Firstbrook, a research vice president and analyst at Gartner.
Microsoft is trying to support all of its own products and services to deliver security to customers, while “Google is a little more interested in supporting the SOC – the security operations center,” Firstbrook said.
Google Cloud is thus focused on ensuring that customers “have everything that they need” for their SOC team, he said.
“So, regardless of what security controls they have in place — whether it’s from Palo Alto or Microsoft or Cisco or Trellix or Zscaler — then they can filter all that information in one place, and make sense of it,” Firstbrook said. “And then they need somebody who can clear those alerts, that is smart enough to do that.”
Mandiant helps with that part, too, thanks to its managed services offerings, he noted.
During the news conference today, Mandiant CEO Kevin Mandia emphasized the fact that his company will have the freedom to support environments that “use lots of different security technologies to secure themselves.”
“I feel this merger between Mandiant and Google Cloud allows us to be the brains behind so much of those controls that people are depending on,” Mandia said. The ultimate offering is Mandiant, plus Google Cloud, plus partnerships with “all the different products that people rely on,” he said.
“We can work with your heterogeneous environments — whatever endpoint [security] you’re using, whatever firewall you’re using, whether you’re on-prem or in the cloud, we can take that security telemetry, put it in Chronicle, use Siemplify’s capability to go from alert to fix [and] use Mandiant threat intel to get better telemetry on, ‘here’s what matters most,” Mandia said. He referred to the Google Chronicle security analytics and Siemplify, a provider of security orchestration, automation and response (SOAR) technologies that Google acquired in January.
Chronicle and Siemplify are all about “interoperability between a ton of other technologies — [they] work with every firewall company, work with all the endpoint companies, work with logs generated from different applications,” Mandia said.
Leveraging partners
In a recent interview with VentureBeat, Sunil Potti, vice president and general manager for Google Cloud’s security business, said the contrast between Google Cloud and Microsoft’s approaches to security should be obvious.
“Microsoft has been very clear that they want to compete in security against all the partners, and everybody,” Potti said. In terms of solution sets for many different areas within cybersecurity, “Microsoft chose to build all those themselves,” he said.
Google, on the other hand, has chosen “a few markets we believe a cloud provider alone should drive,” and is offering first-party products just in those spaces, Potti said.
“But around each of those first-party products, we’ll create an ecosystem that leverages partners,” he said. That, again, is “unlike Microsoft, who wants to touch everything,” Potti said.
Microsoft declined to comment for this article when reached by VentureBeat.
‘Shot across the bow’
Industry analysts said today that Google Cloud most definitely has had Microsoft in its sights with the deal to acquire Mandiant. Microsoft, in fact, had reportedly been considering making a bid for Mandiant itself before those talks fell through, and Google Cloud stepped in.
In the wake of Google’s acquisition of Siemplify in January, “acquiring a strong services provider like Mandiant is the next important step to round out its set of offerings in an effort to lead on security on more than one front,” said Forrester analyst Allie Mellen. “Microsoft has been dominating the security industry for the past several years, and this string of acquisitions by Google shows its interest in playing a bigger role in the industry.”
And Mandiant appears to be an excellent choice for enabling such aspirations.
Mandiant “has a very strong brand and reputation for a reason,” said Hank Thomas, CEO at venture capital firm Strategic Cyber Ventures. “They are the best of the best at what they do. There is no way this doesn’t convince some people to move to the Google Cloud.”
In a note to investors today, Daniel Ives, managing director for equity research at Wedbush Securities, said that Mandiant has established itself as the “Navy Seals of cybersecurity” during the past decade.
“This deal was a shot across the bow from Google to Microsoft and Amazon with this flagship cybersecurity acquisition of Mandiant,” Ives wrote. Amazon Web Services (AWS) continues to maintain its lead in market share for cloud infrastructure services (at 33%), according to Synergy Research Group, followed by Microsoft Azure at No. 2 (with 21% market share) and Google Cloud at No. 3 (with 10% of the market).
Managed services
Notably, with Mandiant, Google Cloud will not only be able to compete in the realm of “end-to-end” security — but might actually out-match Microsoft in terms of managed security services. The fact that Microsoft itself had reportedly considered acquiring Mandiant is one indicator of this.
Amid the continued cybersecurity talent shortage, the ability to deliver security as a service will only become more essential going forward, Firstbrook said.
“Nobody has enough people to do security,” he said. “If you want to sell a [security] product, you have to deliver it as a service now. It’s not enough to just sell software — because most of the buyers don’t have the people that can use that software.”
All in all, “we just see a huge interest in managed security services and managed services — because this whole security market is becoming far too complicated for the average organization,” Firstbrook said.
And in that vein, Google Cloud’s ultimate goal is to make security essentially “invisible” to customers, Potti said — to “automatically provide a lot of good hygiene under the cover, and only tell you things that you need to pay attention to.”