Google Security Operations
The intelligence-driven and AI-powered security operations platform
Google SecOps empowers security teams to better detect, investigate, and respond to threats.
Features
Detect more threats with less effort
Google SecOps provides a rich and growing set of curated detections out of the box. These detections are developed and continuously maintained by our team of threat researchers.
Leverage Gemini to search your data, iterate, and drill down using natural language and to create detections.
Google SecOps also allows for custom detection authoring using the intuitive Yara-L language. In a fraction of the time (and the code).
Investigate with the right context
Google SecOps offers a streamlined and intuitive analyst experience that includes threat-centric case management, interactive, context-rich alert graphing, and automatic stitching together of entities.
Investigate more efficiently with AI-generated summaries of what’s happening in cases, along with recommendations on how to respond.
Google SecOps enables lightning fast, flexible, and context-rich search capabilities to surface any additional data that is needed as part of an investigation
Respond with speed and precision
Google SecOps includes full fledged security orchestration, automation and response (SOAR) capabilities. Build playbooks that automate common response actions, orchestrate over 300 tools (EDRs, identity management, network security and more), and collaborate with other members of the team using an auto-documenting case wall.
Interact with a context-aware AI-powered chat to easily create playbooks.
Google SecOps makes it easy to track and measure the effectiveness of response efforts such as analyst productivity and MTTR and communicate that with stakeholders.
How It Works
Google Security Operations offers a unified experience across SIEM, SOAR, and threat intelligence to drive better detection, investigation, and response. Collect security telemetry data, apply threat intel to identify high priority threats, drive response with playbook automation, case management, and collaboration.
Google Security Operations offers a unified experience across SIEM, SOAR, and threat intelligence to drive better detection, investigation, and response. Collect security telemetry data, apply threat intel to identify high priority threats, drive response with playbook automation, case management, and collaboration.
Common Uses
SIEM migration
Rethink your existing SecOps platform
Rethink your existing SecOps platform
Identify shortcomings in your current SIEM and move to selecting Google SecOps and executing a successful migration.
Tutorials, quickstarts, & labs
Rethink your existing SecOps platform
Rethink your existing SecOps platform
Identify shortcomings in your current SIEM and move to selecting Google SecOps and executing a successful migration.
SOC modernization
Drive SOC modernization
Drive SOC modernization
Protect your organization against modern-day threats by transforming your security operations.
Tutorials, quickstarts, & labs
Drive SOC modernization
Drive SOC modernization
Protect your organization against modern-day threats by transforming your security operations.
Google Cloud Cybershield™
Defend against threats at national scale
Defend against threats at national scale
Transform government security operations to provide cyber defense at national scale with tailored and applied threat intelligence, streamlined security operations, and capability excellence.
Tutorials, quickstarts, & labs
Defend against threats at national scale
Defend against threats at national scale
Transform government security operations to provide cyber defense at national scale with tailored and applied threat intelligence, streamlined security operations, and capability excellence.
Pricing
| About Google Security Operations pricing | Google Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost. | |
|---|---|---|
| Package type | Features included | Pricing |
Standard | Base SIEM and SOAR capabilities Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent. The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules. Threat intelligence Bring your own threat intelligence feeds. | Contact sales for pricing |
Enterprise | Includes everything in the Standard package plus: Base SIEM and SOAR capabilities Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules. UEBA Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections. Threat intelligence Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations. Google curated detections Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats. Gemini in security operations Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection and playbook creation. | Contact sales for pricing |
Enterprise Plus | Includes everything in the Enterprise package plus: Base SIEM and SOAR capabilities Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules. Applied threat intelligence Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel) including intelligence gathered from active Mandiant incident response engagements. On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates. Google curated detections Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements. BigQuery UDM storage Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default). | Contact sales for pricing |
About Google Security Operations pricing
Google Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost.
Standard
Base SIEM and SOAR capabilities
Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent.
The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules.
Threat intelligence
Bring your own threat intelligence feeds.
Contact sales for pricing
Enterprise
Includes everything in the Standard package plus:
Base SIEM and SOAR capabilities
Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules.
UEBA
Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections.
Threat intelligence
Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations.
Google curated detections
Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats.
Gemini in security operations
Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection and playbook creation.
Contact sales for pricing
Enterprise Plus
Includes everything in the Enterprise package plus:
Base SIEM and SOAR capabilities
Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules.
Applied threat intelligence
Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel) including intelligence gathered from active Mandiant incident response engagements.
On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates.
Google curated detections
Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements.
BigQuery UDM storage
Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default).
Contact sales for pricing
Get a demo
The Business Value of Google SecOps
Learn what Google Security Operations can do for you
"Our SOC and analysts are able to prioritize work and respond with the attention that is needed"
"When you run a search, all the data just pops up from a contextual enrichment perspective"
Join the Google Cloud Security community
Learn the technical aspects of Google Security Operations
New to Google Security Operations?
Business Case
Explore how organizations like yours cut costs, increase ROI, and drive innovation with Google Security Operations
IDC Study: Customers cite 407% ROI with Google Security Operations
CISO, multi-billion dollar automotive company
"Our cybersecurity teams deal with issues faster with Google Security Operations, but they also identify more issues. The real question is, 'how much safer do I feel as a CISO with Google Security Operations versus my old platform?' and I would say 100 times safer."
Read the studyTrusted and loved by security teams around the world
"The Gemini AI functionality within Google Security Operations really impressed me. It gives you essentially 70 or 80 percent of the detection right out of the box and then you only have to add those kinds of small things in the middle." - Manan Doshi, Senior Security Engineer, Etsy
"Historically, our legacy SIEM, we had to feed it a lot of the contextual enrichment and all of that threat intelligence stuff. It was data engineering to make it sing, where on the Google side, the product is more baked in, purpose-built for us to use it. It’s so intuitive and the speed was certainly really beneficial for us as well."- Mark Ruiz, Head of Cybersecurity Analytics, Pfizer
"When we moved to Google Security Operations, we were able to reduce the time to detect and time to investigate from 2 hours to about 15 to 30 minutes. No longer spending time in disparate tools but performing the job functions of a security operations analyst, it empowers them to work on more advanced workflows." - Hector Peña, Senior Director of Information Security, Apex FinTech Solutions
FAQ
Is Google Security Operations only relevant for Google Cloud?
No. Google SecOps ingests and analyzes security telemetry from across your environment, including on-premises and all major cloud providers, to help you detect, investigate and respond to cyberthreats across your organization. Check out the complete list of supported log types and parsers.
Can I bring my own threat intelligence feeds to Google Security Operations?
Yes. You can integrate any threat intelligence feeds with Google SecOps. Note that the automatic application of threat intelligence for threat detection is only supported for Google’s threat intelligence feeds.
Does Google Security Operations support data residency for specific regions?
Yes. The full list of available regions can be found here.
Does Google SecOps include AI?
Yes. We leverage AI to supercharge productivity including: the ability to use natural language to search your data, iterate, and drill down. Gemini generates underlying queries and presents full mapped syntax; the ability to investigate more efficiently with AI-generated summaries of what’s happening in cases, along with recommendations on how to respond; and the ability to interact with Google SecOps using a context-aware AI-powered chat, including the ability to create detections and playbooks.
Does Google SecOps include SIEM capabilities?
Yes. Google SecOps includes SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), and applied threat intelligence capabilities.
