Google Cloud Using AI to Supercharge Frontline Intelligence, Security Operations and Secure Cloud Platforms – Six Five Insider

By Patrick Moorhead - November 21, 2023

On this episode of The Six Five – Insider, hosts Daniel Newman and Patrick Moorhead welcome Jeff Reed, VP Product, Cloud Security at Google Cloud for a conversation on how they are using AI to supercharge Google Cloud Security’s unique combination of capabilities, including front line intelligence, security operations, and a secure cloud platform.

Their discussion covers:

  • How Generative AI tackles critical issues and how Google and Google Cloud Security adopt a strategic approach to this technology
  • Google’s unique stance on Cloud security and Generative AI, encompassing a broader perspective on their comprehensive portfolio
  • Google’s emphasis on security in the Generative AI domain, ensuring responsible and trustworthy advancement
  • The latest innovations within Google Cloud and gain insights into the platform’s exciting trajectory

Watch the video here:

Or Listen to the full audio here:

Disclaimer: The Six Five webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded, and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.


Patrick Moorhead: Hi. We’re back at Six Five and we are talking cloud security with Google. Gosh, Dan, it’s great to see you. I feel like we’re just popping all over the world and it’s great to get back in the seat here and talk with some great content. And it’s crazy, security is just… Security we always say is important as long as I’ve been in this industry, but it just keeps getting more important as the threats rise. But it’s great to see you, buddy.

Daniel Newman: Yeah, I think what’s happening is we are in an era of generative synthetic data, data exponential growth. Companies are trying to traverse borders, they’re trying to do business all over the world, they’re running more applications than ever before. And of course, in the era of the 2020s and beyond, we’ve now implemented a whole lot of bring your own device and multiple device, and I think with all these things happening at once, it’s created a whole new set of challenges for businesses. And by the way, Pat, don’t underestimate the pressure that boards and CEOs are putting on IT departments now-

Patrick Moorhead: Exactly.

Daniel Newman: … that they know they’re only one breach away from some serious damage, and this can be short-term and monetary, and this can also be long-term and reputation.

Patrick Moorhead: That’s right. Boards of directors are now being held to account, and I think we just saw CISO as well that there’s scrutiny on. But with that, let’s introduce our guest from Google Cloud. Jeff, it’s great to see you. Welcome to the Six Five. First time here and hopefully, not the last.

Jeff Reed: Exactly. Yeah, long time listener, first time caller, so it’s good to meet you, Dan and Pat.

Patrick Moorhead: Oh, that’s nice.

Daniel Newman: Really appreciate you joining us, and you’ve joined an esteemed group of very thoughtful people that we bring on to these episodes-

Jeff Reed: I thought you were talking about each other.

Daniel Newman: … insiders on the road. And now it’s just gotten a little bit better, Jeff. Listen, give us a little bit of a backgrounder. Talk about Google Cloud security’s overall approach to security, intelligence, SecOps, cloud. Give us the whole picture in a nutshell.

Jeff Reed: All right, yeah, the whole shooting match. When I think about it, we’re focused really in three big areas. One is on the intelligence side, and one of the beauties about being Google is we see lots of the internet traffic and that intelligence got a lot better with the acquisition of Mandiant. And so I think we have this really unique visibility into the latest breaches, what the most sophisticated attackers are doing. And so that’s a core of how do we take that threat intelligence and weave it across. And we really focus on two places to then bring that into. One’s in the security operations space. This has been an area that we’re really active in in terms of acquisitions. Chronicle’s the core platform there and we’ve been spending the last few years bringing in SIEM functionality, integrating some of the Mandiant capabilities on that side. And the last one is really just core cloud security. One of the big focus is around so how do we make sure that Google Cloud is the most trusted cloud platform? And so a lot of the time that we spend is on foundational platform capabilities around how do we make sure that as customers bring their workloads and data into the cloud, that they’re really, really well protected. And then I think that the big thing over the past year or so has been then taking AI and infusing that across each of those areas.

Patrick Moorhead: Yeah, it was interesting. For years people were saying, “Oh my gosh, the cloud, we can’t go there. It’s not secure.” And then as the nation state budgets, as ransomware as a service, hacking as a service, I don’t hear CISOs or quite frankly, many people in IT saying the cloud isn’t secure. It takes huge budgets to make that work. One of the things that Dan I and our companies have been covering obviously is generative AI, right? And yes, we know it wasn’t invented nine months ago. Google actually had some of the seminal papers on it years ago. But we’ve seen generative AI as looked through a, what is the business benefit, the efficiencies that it can provide, closer proximity with our customers to be able to drive revenue. But can you talk a little bit about what’s not being talked about enough, I think, is what does it mean from a security point of view? It’s almost like as if the hackers utilize AI machine learning, deep learning, and even generative AI. There have to be different types of defenses to come in and combat that.

Jeff Reed: Yeah. Look, we’re in a really interesting time of anyone building enterprise infrastructure, even just technology products, the application of generative AI both on the attacker side and the defender side is actually something that’s really, we’re in a very interesting point in time. Having done this for more than two decades, I’m very excited about the application of it in both frames. The way I think about it is I think it’s early to understand the attacker view. Look, I would say they’re businesses essentially, at least outside of the nation state, and so they’ll look at how can this make them more efficient in the types of attacks they can perpetrate? Can they be better at things like spearfishing, et cetera? But we’ve also spent a lot of time on how we can utilize it from a defender perspective, and I’m really excited about that. And three big categories that we see the utilization of it, so one is around threats. It’s not going to stop zero days, but can we use generative AI? We talk about can we stop patient one? Patient zero happens, but how can we quickly understand what’s going on and then inoculate the rest of our customers’ environments with that knowledge, with that intelligence, and using generative AI to really make that happen quickly. Second is just around the toil. Unfortunately, cybersecurity folks spend a lot of time day-to-day doing reasonably repetitive tasks-

Patrick Moorhead: And they can’t respond to literally a fraction of the percent of the alerts.

Jeff Reed: Hundred percent, exactly, exactly. How do you find the needle in the haystack, reduce just the stuff that needs to be done but it’s things that can be automated? And we’re finding in certain cases, generative AI is really, really good at that. And then last one’s around talent. I’ve never met a CISO that says, “Hey, I’ve got all the talent I need in the security space, and it’s easy to retain folks,” et cetera. How can we use generative AI to allow less senior cybersecurity analysts do more and more higher level jobs and then one of the more senior ones really focused on the things that are most important. Those are at least the themes that we’re really focused on and we’re getting really good resonance in terms of the use cases we’re building out with our customers.

Daniel Newman: Yeah, Jeff-

Patrick Moorhead: T-Cubed. Is that right?

Jeff Reed: Exactly.

Patrick Moorhead: Threats, toils and talent.

Jeff Reed: We do like our alliteration occasionally.

Patrick Moorhead: No, I like it. I might lift it and use it. No, I’m just kidding. I’ll give you attribution.

Jeff Reed: Thank you. Thank you.

Daniel Newman: Jeff, generative AI and the scale of this certainly is being implemented and delivered a lot faster than it can be possibly secured. You’ll argue that-

Jeff Reed: I’ll argue that. We can discuss, yeah, yeah.

Daniel Newman: Let’s talk about that. Let’s talk about that. But this is where I want to go because what I guess I’m saying is the problem with a lot of the times is every time we come up with great technology to secure, there’s someone on the other side. And that’s why this has always been a cat and mouse-

Patrick Moorhead: Spy versus spy.

Jeff Reed: Hundred percent, yeah.

Daniel Newman: I’m happy to be proven wrong that we can completely bottle in the generative AI threat, but I think we know why the number of breaches that are going to take place, in your case, hopefully, not on Google Cloud, that there’s always going to be risk. There’s always going to be risk of penetration and-

Jeff Reed: New surface area, new control that folks are going to try to bypass. Yeah.

Daniel Newman: It’s substantial. And while the generative stuff is cool, and it’s fun, and it’s interesting, and it’s definitely going to change the calculus for how this is done, SecOps is probably quietly one of the big winners of not just of what security is concerned about, but also of utilization of AI, right? Because it’s not always about this really futuristic, generative capabilities, which is becoming more and more not future and now, but it’s also about the ability to quickly decipher from hundreds, thousands or more of real threats, getting down to the very few, figuring out what work streams can be automated. So you’ve made a lot of progress in this area. Chronicle, with the integration of Mandiant, is a good for instance. Give us a little bit of an update as it relates to the security ops strategy because I think this coupled with observability are a couple of the trends that have really gotten momentum this year, and Google’s got a role to play here, it seems.

Jeff Reed: Yeah. No, a hundred percent. Look, you talked about all the data. The nice thing about security operations is in a lot of ways, it’s a big data problem. And so you think about how do you index, search vast amount of data? We’re pretty good at Google in that foundational element. And that’s one of the things I think it’s really allowed us to make a lot of progress in this space is that at the core level, we’ve got a set of technologies that are just really, really well suited for doing, looking at large amounts of data, very, very high scale, very, very quickly with a really amazing economic value on top of that in terms of the price point that we can deliver this capability relative to other older technologies in the market. And so for me, if I think through this, we’ve started with this kind of core capability set and around how do we ingest, index, search, et cetera. The next steps have really been around how do we then start bringing, and I talked about threat intelligence at the beginning, how do we start to infuse the threat intelligence, the visibility that we have? And this is where Mandiant is so exciting, the fact that they get really the newest freshest TTPs, attacker behaviors, et cetera, and then really beginning to infuse that capability set into our core security operations platform, Chronicle. And so there’s a really set of amazing things just in terms of taking it away from customers.

I think one of the things I always struggle with is historically, it’s been very much kind a do-it-yourself type model. You get a SIEM, you write your queries and rules, and you’re orchestrating a lot of that. What we want to do is how do we infuse the intelligence that Google and Mandiant have in that platform? And yeah, of course, customers can take that and continue to extend, but at least as a baseline, how can we bring a lot of those capabilities on top of that? And then in addition to that, then we have all the abilities around, you’re talking about how do we automate response, and so we bought a SOAR tool that really, we’ve done an amazing job I think of integrating that in and really almost changing the way that you operate in a modern security operations. It’s really about the platform’s found all these things thanks to our threat intelligence, thanks to our scale, et cetera, then it’s really about how can we help you remediate that as quickly as possible. And so I’m really excited with the traction we’ve been able to get. And one of the things that we’re seeing an example of, I think, all the different pieces pulling together is this capability that we call CyberShield. We talked about it earlier this fall and it brings together all the pieces of what we’ve been doing. So we’re doing is we’re going into large governments, and you think about a typical government, lots of different departments, varying levels of security expertise across all of those. And so we bring in, as we bring in Chronicle, it’s really proven to be the only tool that scales to, if you think about a government that has all these different, here’s the defense department and the treasury and the healthcare systems, et cetera, so it scales to that, infuses the Mandiant technologies. So we bring in Mandiant services as part of that to help them upscale and really brings a overall solution that combines the best aspects of what we have across all of Google in there.

Patrick Moorhead: Now I love that. And I got to tell you, my firm wrote about Mandiant and Chronicle, and Google doesn’t make a lot of acquisitions, but when it does, you make them count. It’s been good to see.

Jeff Reed: Yeah, that’s a good example though, too, just the speed at which we’ve been able to do things. Breach analytics, which was, Hey, Mandiant sees a new thing during one of their breach investigations. We’ve integrated that into Chronicle, so now less than half an hour, if they identify a new IoC as part of a breach response, we are now able to then every customer, every Chronicle customer running Mandiant breach analytics is now protected from that so yeah. Sorry.

Patrick Moorhead: I know that I don’t need to relay your own company history back to you, but Google has been doing this cloud thing for a long time, and Hey, you happen to work for Google Cloud. And before it was cloud, it was Web in 1998. We didn’t call it the cloud then, but we really haven’t talked a whole lot about the cloud. I know the services you’ve talked about are in the context of cloud services that you’re offering it, but let’s talk about cloud. How does security specifically relate to the cloud? And I think that might be in deference to on-prem or the edge or devices or things like that.

Jeff Reed: Yeah. No, happy to. It was interesting earlier you were in the intro talking about folks moving to cloud and you’re thinking about the security. One of the great things, we are able to invest in security to protect Google Cloud and frankly, Google, the same investments-

Patrick Moorhead: Exactly, and I was going to say, nobody, you don’t talk enough about that you literally have PlanetScale capabilities here. And I understand why that’s not the first thing out of your mouth ’cause you want to, it’s important they know you’re all about enterprise, but you have to get just a ton of experience and knowhow from what’s going on with all the other parts of Google.

Jeff Reed: Yeah, and the fact that we’re attacked constantly and that’s where I think we’ve crossed this bridge where cloud is now fundamentally safer than on-prem because we build our own security chips, we build all our own hardware. We were able to invest in a level of security that no sane regular organization would be able to do so. And we can do that ’cause it’s all the things we needed to protect Google and all of our Google Cloud customers. So the way that we can amortize the economies of scale of cloud, I think, are really interesting. And so that’s step one. Step two is a lot of it’s been how do we change the dynamic of the responsibility that customers bear when they move to the cloud around securing their environment versus what we bear. And so a lot of our effort has been how do we move the Google responsibility higher and higher? And look, you get that from using managed services, the fact that we deliver all our products as software as a service. We’re spending a lot of time around how do we ensure by default these services come out of the gate configured with what we think are best practices from a security perspective. On top of that, we’ve leveraged our security command center functionality, which helps… It does the standard things in terms of posture management and making sure you don’t have bad misconfigurations.

But because we operate on Google Cloud, we are cloning the memory running in our VMs to then be able to go and search for crypto mining, root kits, boot kits, et cetera, because we didn’t want to put an agent and slow down the VM. And we’re uniquely positioned to be able to have that visibility and create that type of environment to protect our Google Cloud customers. And no attacker can disable it. There’s nothing, there’s no agent to disable. So we’re able to do things that are unique in terms of how we can help protect customers that are running on Google Cloud that no third party can. And so with that type of stuff, we just rolled out this attack pass simulation capability midyear, and we’re multiple times a day computing. Let’s say you come up with a finding, here’s a vulnerability or misconfiguration, we talk about how many alerts and all the number of things that we tell our customers to do better, the list is too long. So we use that to understand which of those is the most, provides the easiest path for an attacker to go to get to core data or resources within your environment. And we use that to declare what we call is an attack exposure score that helps customers prioritize what they’re doing.

And then on top of that, we’re doing all the generative AI stuff. And I think the interesting thing there is we started, and I talked about the TTT, threats, toil and talent, because we’re on Google, we have our own, Google builds TPUs, we’ve done all this work on large language models. We have Vertex AI and the Model Garden. So all of that, we can build on top of that just as a starting point. And then what we realized is the large language models don’t do as well from a security specific types of things. And so we actually did training to create our own version of a large language model that’s been trained on security data, Mandiant threat intelligence, virus total intelligence, Chronicle data, et cetera, not using any customer data, but all the other things that we have within Google. So those are all the types of things that we can bring to bear to customers that are running on Google Cloud. And you’re going to see in the not too distant future some of this coming to other clouds as well.

Daniel Newman: And I think you just very nicely did a bit of a rundown of the differentiation and one of the keys being Google Cloud’s provenance plus Google Cloud security provides a very robust set of solutions based on the number one customer being Google. And so I always think that’s a tremendous story is when you say, We trust this technology so much, we would run our own business on it so-

Jeff Reed: Yeah. This is how we protect ourselves. Yeah. Yeah.

Daniel Newman: Jeff, I want to thank you so much for taking some time here with Patrick and I on the Six Five. It’s been great sitting down. Thanks for running us through all that.

Jeff Reed: No, my pleasure. Thanks so much, Dan and Pat.

Daniel Newman: All right, everybody, hit that subscribe button and check out all the episodes that we’ve done across the Google Cloud team and across The Six Five landscape. But for this episode and for Patrick and myself, got to say goodbye. See you all later.

+ posts
Patrick founded the firm based on his real-world world technology experiences with the understanding of what he wasn’t getting from analysts and consultants. Ten years later, Patrick is ranked #1 among technology industry analysts in terms of “power” (ARInsights)  in “press citations” (Apollo Research). Moorhead is a contributor at Forbes and frequently appears on CNBC. He is a broad-based analyst covering a wide variety of topics including the cloud, enterprise SaaS, collaboration, client computing, and semiconductors. He has 30 years of experience including 15 years of executive experience at high tech companies (NCR, AT&T, Compaq, now HP, and AMD) leading strategy, product management, product marketing, and corporate marketing, including three industry board appointments.