Security teams often face challenges in managing fragmented telemetry, alerts, and response playbooks, which can hinder visibility and slow down investigations. To address these issues, Google Cloud has announced a series of new partner integrations for its Security Operations platform during the Google Cloud Next event.
These integrations are designed to provide high-fidelity security workflows and enhance collaboration among over 300 vendors. Notable partners include Beacon Security, Contrast Security, Darktrace, Gigamon, GreyNoise, Intezer, Prophet Security, SAP, Synqly, Thinkst, Tidal Cyber, Torq, and Vali Cyber.
Integration Types and Capabilities
The Google Security Operations platform supports various integration patterns that enhance technical capabilities:
- Data Feed Integrations: These integrations enhance visibility by piping crucial telemetry into the Google Security Operations data lake.
- Beacon Security: Collects data from multiple sources and normalizes it for quick integration.
- Contrast Security ADR: Detects application-layer attacks and integrates verified telemetry for better case management.
- Gigamon GigaVUE Cloud Suite: Provides actionable telemetry from hybrid cloud environments for early threat detection.
- SAP Logserv: Normalizes SAP-specific logs for unified visibility.
- Synqly Mesh: Offers bi-directional data normalization between Google Security Operations and the Open Cybersecurity Schema Framework.
- Vali Cyber Zero Lock: Streams hypervisor-level security events to enhance visibility into ESXi threats.
- Darktrace: In development, this integration will allow ingestion of Darktrace incidents to enhance alert management.
- GreyNoise: Enhances detection and response capabilities with standardized ingestion and pre-built dashboards.
- Thinkst Canary: Integrates high-confidence incidents as actionable cases within Google Security Operations.
- Torq: Automates the threat lifecycle by executing autonomous response actions.
- Intezer: Allows querying and investigation of detections without switching environments.
- Prophet Security: Provides AI-powered alert investigation and natural language threat hunting.
- Tidal Cyber: Synchronizes detection rules and identifies configuration gaps.
For detailed information on all partner integrations, users can refer to the technical documentation or the Google Security Operations Content Hub console.
Getting Started with Integrations
Technology vendors and developers interested in joining the Google Cloud Security integration ecosystem can download the Google Security Operations Build Partner Guide to understand the UDM schema and API requirements. They can also contact the Google Cloud Security Tech Partners team for development environment requests.
