As a longtime top security executive, why is Mandiant such a big deal for Google Cloud and the cloud security market?

One thing that people don’t realize about Mandiant is, yes they’re a world leader in IR [incident response] but they actually have a really robust set of technologies and product capabilities as well. Those are incredibly complementary to what we’ve been doing.

Think of the security operations space and what we’ve done with Chronicle. We’ve been focused on the analytics, the SIEM [Security Information and Event Management] market, we acquired Siemplify and integrated orchestration, automation and response to that.

What Mandiant adds is capabilities like validation and attack service mitigation. Chronicle in that world is more of a reactive defense—so looking for data, trying to find what might be going on in your environment, threat hunting and all that.

What Mandiant brings in is two things: One is a set of proactive tools.

So let’s use validation to see how well your current security controls are working against the threats you think are most likely for a company of your size. Let’s look at your attack surface and see are there any clear holes, gaps, etc.? So that’s highly complementary.

They also bring amazing threat intelligence. They are there in the world’s worst breaches. So they have some of the absolute freshest threat intelligence that we’ll also complement.

One of the big things we’re talking about is how we’re bringing those capabilities together with what we’re doing with Chronicle and the SecOps [security operations] space.

So you’re going to see a set of new offerings come out over the coming quarters that are tying together what we’re doing in Chronicle with what Mandiant has done in validation, attack surface mitigation and threat intelligence.