SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cloud Security
#
Application Security
#
Advanced Persistent Threat Protection

Exclusive: Google Cloud Security VP on solving CISO pain points

Thu, 10th Apr 2025
Author image
By Sean Mitchell, Publisher

Peter Bailey, Vice President and General Manager of Security Operations at Google Cloud sat down with TechDay and detailed the company's sweeping strategy to simplify and secure enterprise environments, while meeting the growing sophistication of cyber threats.

"Our customers are still drowning with tool consolidation issues," Bailey said. "The average CISO is managing 60, 70, 80, even 90 tools. That creates incredible complexity, toil and a lack of visibility."

To tackle this, Google Cloud has combined over ten former Mandiant SaaS products into two core platforms: its Security Operations Platform and Google Threat Intelligence. The idea is to streamline threat detection, investigation and response – all while reducing reliance on overcomplicated tool stacks.

Bailey described the effort as a "convergence play," integrating services like Security Command Center for GCP security, Chrome Enterprise Browser for endpoint visibility, and expert insights from Mandiant's renowned incident response and threat hunting teams.

"We're starting to unify workflows across all of that tooling," he explained. "All telemetry comes back, gets normalised and enriched, and we operate detection and response workflows on top of that."

At the heart of Google's push is its new AI-powered agents built on Gemini. Two key examples were unveiled: an alert triage agent and a malware analysis agent. The former assists security analysts by rapidly prioritising alerts based on threat intelligence and telemetry, while the latter automates the work of malware reverse engineering.

"These agents are doing all the analysis and work, and then presenting a verdict to the analyst," Bailey said. "They suggest what to do, but they don't take action yet – the human is still in the loop."

Google sees this as the first step towards what Bailey calls "automation of the SOC" – a Security Operations Centre where AI agents eventually handle most of the daily tasks, giving every analyst the capability of a tier-three expert.

"As the bad guys get more sophisticated with AI, we need to be able to operate at speed," he said. "We believe the whole SOC is going to get largely automated."

Bailey emphasised that the agents also come with full audit capabilities, enabling transparency and compliance tracking as decisions are made. "We provide total auditing of what the agent is doing, what decisions it's making and why," he said.

Despite the automation trend, Bailey rejected the idea of vendor lock-in. "We're saying the world should be best of breed, not just 'buy a platform and only use those tools.' We want to make that incredibly easy to integrate."

That openness extends to third-party telemetry, with support for any EDR, SaaS, OT or network data source. Even competitors' SIEM tools are being considered. "We want to be the open player," he said. "We think that's a real opportunity."

Google is also exploring the open MCP protocol – a new standard designed to make it easier for security tools and agents to exchange data. While not yet part of the product suite, Bailey confirmed it's under close evaluation. "We're not announcing anything, but we're taking a hard look at it."

The browser, often overlooked in enterprise security, is also being repositioned. Bailey noted that Chrome Enterprise Browser is now bundled in with their security offerings, providing telemetry on unmanaged devices and acting as a critical endpoint for anti-phishing and DLP protections.

"With the world moving more and more toward unmanaged devices, we think it's the endpoint of the future," he said.

On the strategic side, Bailey said CISOs are asking for a middle ground between highly integrated platforms and the flexibility of best-of-breed tools. "They want best of breed with the limited toil of what a platform gives," he said. "They're tired of integrations constantly breaking."

Bailey also discussed how the role of development-level security – often called DevSecOps – is increasingly being absorbed into security operations. "The CISO is going to have responsibility for all these problems," he said. "Visibility into what's being deployed, compliance reporting, and detection on application code – that's all coming into SecOps."

Another emerging front is model protection. Google's Model Armour and AI Protection aim to defend not just infrastructure but also the AI models themselves. "If a bad prompt starts coming through, we can help block that," Bailey said. "We're putting security controls around development environments, models, data and prompts."

The Mandiant brand, once synonymous with incident response, has found new life as both a consulting arm and a foundation for content in Google Threat Intelligence. "Mandiant is our consulting practice," Bailey said. "It's also where our elite threat hunters live – a lot of them are ex-Mandiant, and they're integrated with our consulting team to operationalise what they see on the front lines."

Asked about the biggest opportunities and risks AI agents bring to cybersecurity, Bailey didn't hold back.

"I'm a huge believer that AI agents are going to do most of the functions that exist in a security operation," he said. "We're already training models on tasks analysts perform every day."

But he also acknowledged the potential downside. "In a world of AI, the cost of different parts of the kill chain collapses," he said. "Attackers can move faster, find targets quicker, and launch more severe attacks."

To combat that, Google is investing heavily in zero-trust environments and anomaly detection at scale. "We're leaning very far forward on building sophisticated models that can look at broader telemetry," he said.

Bailey envisions a radically different organisational structure in just a few years. "The org chart for the CISO in two years is going to be dramatically different," he said. "And we've got customers that get that and are investing alongside us to ride that innovation curve."

As the conversation wrapped, Bailey made it clear where he believes the future is heading.

"We're not yet comfortable as an industry with true autonomy, but we are on a path where the SOC becomes mostly automated," he said. "Humans will still make decisions, but the workload – alert triage, Intel analysis, even playbook creation – that's going to be automated."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Zscaler report urges shift from VPNs to Zero Trust
CyberArk launches new machine identity security solution
N-able launches new feature to boost vulnerability management
Gigamon appoints Lisa Harrup Mieuli as Chief Marketing Officer
EclecticIQ unveils Intelligence Center 3.5 to fight cybercrime
Top stories
Cloudflare enhances AI development with new MCP server
Microsoft April Patch Tuesday highlights zero-day risks
Market volatility & cyber threat increase amid US tariffs
AI amplifies cyber threat; non-human identities at risk
Delinea partners with Microsoft for Entra Permissions change