As AI cybersecurity becomes more critical, hackers are becoming increasingly sophisticated, uncovering new and unexpected attack surfaces in today’s interconnected systems. But here’s the good news: The average time attackers remain undetected on a target’s network has dropped to its lowest point in decades, largely thanks to Google LLC’s Mandiant and related AI cybersecurity tools and partnerships.

“Even having some of the best security capabilities in the world … we needed someone like Mandiant on the front lines of intelligence,” said Brian Roddy, vice president of engineering, cloud security at Google, told theCUBE in July. He added that the hundreds of thousands of hours spent using Mandiant consultants to perform incident response had bestowed extensive insights into cybersecurity at Google.

Since Google acquired Mandiant Inc. in 2022 for about $5.4 billion and integrated it into the Google Cloud business, it has significantly evolved its security capabilities, expanding and fortifying its defenses through strategic acquisitions and partnerships.

Join theCUBE for real-time, onsite coverage of mWISE 2024 with theCUBE’s Savannah Peterson and John Furrier. Tune in to theCUBE, SiliconANGLE Media’s livestreaming studio, from Sept. 18–19 for exclusive interviews with top cybersecurity leaders as they explore the latest products, strategies and threat detection technologies designed to outmaneuver today’s most cunning threat actors. (* Disclosure below.)

Evolving cybersecurity AI: How Mandiant strengthens Google’s cybersecurity through strategic partnerships

As hackers increasingly use AI and sophisticated evasion techniques, Mandiant has been pivotal in strengthening Google’s AI cybersecurity. For example, Mandiant uncovered the tactics of two sophisticated state-sponsored groups: Russia’s APT29 and North Korea’s highly advanced supply chain attack on 3CX, which was particularly challenging to detect.

The company also linked Russia’s Sandworm hacking group to breaches in water infrastructure, showcasing its role in safeguarding critical infrastructure. Most recently, Mandiant exposed a critical vulnerability in Microsoft’s Azure Kubernetes Service, highlighting its expertise in protecting cloud environments.

“The recent vulnerability discovered in Azure Kubernetes Services is a prime example of how complex modern cloud environments can create unexpected security risks,” Guy Rosenthal, vice president of product at security solutions provider DoControl Inc., told SiliconANGLE. “This isn’t just about a simple configuration error — it’s a sophisticated attack that exploits undocumented Azure components to gain elevated privileges within a Kubernetes cluster.”

In the past year, Google has significantly enhanced and evolved Mandiant’s capabilities through strategic acquisitions, making it a cornerstone of its AI cybersecurity strategy. One key development was the integration of Mandiant with VirusTotal, which created a robust Google Threat Intelligence offering. With this integration, enhanced with AI and Google’s extensive threat insights, security teams can contextualize and operationalize threat intelligence, substantially improving their defense against emerging threats, according to Roddy.

“On the threat intelligence side, Mandiant Threat Intelligence, as a result of all of their work on incident response [and] all of their work analyzing the threat landscape, they had an incredible asset there,” Roddy said. Referring to VirusTotal, he added, “This is a tool used by security professionals worldwide to get a sense of what’s going on with any particular threat, any particular piece of malware, and get a sense of that. And then we have other threat intelligence inside of Google.”

Strategic partnerships: Expanding Mandiant’s role in AI cybersecurity

As part of its broader AI cybersecurity strategy, Google has expanded Mandiant’s reach through key industry partnerships. For example, Mandiant’s partnership with Nozomi Networks Inc. enhances the ability of industrial and enterprise security teams to anticipate and respond to cyberthreats in real time by combining Mandiant’s Threat Intelligence with Nozomi’s expertise in operational technology and internet of things security.

“This latest expansion [of our partnership] is another critical step in our journey to combine threat intelligence sources and defenses for the best possible security outcomes for the world’s critical infrastructure,” said Melissa K. Smith, senior director of strategy and partnerships, Office of the CTO, at Mandiant. “By blending Mandiant’s Threat Intelligence and expertise with Nozomi Networks’ operational technology threat intelligence and tools, we can enable critical infrastructure organizations to enhance their threat intelligence and investigations for a stronger defense.”

Another significant, forward-thinking collaboration is with Menlo Security Inc., aimed at improving browser security by leveraging Google Cloud’s resources. This partnership further cements Mandiant’s role in safeguarding digital environments across various sectors.

“Although secure browsers have been available for some time, I believe we are at an industry inflection point that drives greater demand,” said theCUBE Collective analyst Zeus Kerravala, who is the principal analyst at ZK Research. “This shift to permanent remote work is a significant catalyst for secure browsers. As remote work becomes more prevalent, companies need secure ways to allow employees to access corporate resources from any location safely. In my conversations with customers, the top use case for secure browsers is virtual desktop interface replacement.”

theCUBE event livestream

Don’t miss theCUBE’s coverage of mWISE 2024, from Sept. 18–19. Plus, you can watch theCUBE’s event coverage on-demand after the live event.

How to watch theCUBE interviews

We offer you various ways to watch theCUBE’s coverage of mWISE 2024, including theCUBE’s dedicated website and YouTube channel. You can also get all the coverage from this year’s events on SiliconANGLE.

TheCUBE Insights podcast

SiliconANGLE also has podcasts available of archived interview sessions, available on iTunes, Stitcher and Spotify, which you can enjoy while on the go.

SiliconANGLE also has analyst deep dives in our Breaking Analysis podcast, available on iTunes, Stitcher and Spotify.

Guests

During mWISE 2024, theCUBE Research’s analysts will talk with industry executives and experts about Google’s ongoing security innovations, many of which highlight Mandiant’s ever-expanding starring role.

(* Disclosure: TheCUBE is a paid media partner for the mWISE 2024 Conference. Neither Google, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over the content on theCUBE or SiliconANGLE.)

Image: SiliconANGLE