 Welcome back everyone to day two of theCUBE's live coverage of MYs here at the Merriamarkey in Washington DC. I'm your host, Rebecca Knight, along with my co-host and analyst, Rob Stratche. We have Jeff Reed. He is the VP Product of Cloud Security at Google Cloud. Thank you so much for coming on the show. Yeah. So we're going to talk about attack surface management, which is really the foundation of risk management. I know there have been a few updates to Mandy in attack surface update service management. Can you tell us a little bit about the new features and what's been announced? Yeah, so let me start first. The thing I love about ASM is kind of one of those hidden gems that came along with the broader like Mandy and acquisition that we did. So obviously we have Kevin and all the IR and those capabilities. The threat intelligence is world class, that's the world class. But we also came with this attack surface management capability and really the helping customers understand what are their vulnerabilities from an external perspective looking in. And so we've done a couple things. So one is we introduce in kind of an outcome based view of our attack surface management functionality. So I want to look for specific things. They could be, what about my development lifecycle? Code repos, what's available or not? Searching for shadow IT capabilities across the organization. So really trying to make the tool as quick time to value as possible for users and customers of it. So it builds off all the capabilities that the tool has already. The second one is integration with what we're doing on the Chronicle, SIM and SOAR side. And maybe we'll talk a little bit more about what's happening there as well. But I think the key thing is the attack surface management brings a set of contextual awareness around the types of alerts I'm getting on the SIM side. And what do I know about them from a surface management perspective? And so it helps enrich those alerts with what we can see from an external view. Helps prioritize which things. The alerts that we also see have potential external visibility are more important. And you'd want to prioritize then as you're going through your process of triage and on the response side from a SIM and SOAR perspective. So those are a couple of the key areas that we've worked on on the ASM side that we're talking about this week. No, it seems like, and again, we just had Kevin on and we were talking about red teaming and attack surface is just getting bigger and bigger. Especially when you have, now that you're part of Google, Mandiant's part of Google Cloud, I think that attack surface just spreads beyond just the four walls of the data center now. It's how are you doing your VPCs and things of that nature, right? Cloud, identity, shift left on the code side. Like all of these are surfaces that we're seeing more and more attackers go after. It makes total sense that especially getting into the code because I think a lot of it is where people may have had an accident with putting code in that's vulnerable. Are you seeing a lot more of that? Is that what some of these additions have been going? Yeah, yeah, no, absolutely. And I think there's, you know, with the number of the supply chain attacks over the past few years, I think the overall awareness of that as a vector and the radius of those, the blast radius of the attacks can be so significant that they're really important. And they're also just really impactful in terms of an organization's brand reputation, et cetera. Like, you know, software is so critical over in Sebastian's software, but it's also a representation of your company and how customers are using those. And so, you know, making sure you're protecting that, that part of your environment's really, really critical. And does it help the customer prioritize what they should need to address, and how does that work? Exactly, exactly. So the way to think about it is, you get lots of alerts, you know, from your SIM environment, your other detection tools out there. One of the key things that I think the industry is a whole and we've been really working on in a couple of areas is, how do you prioritize those things? What are the ones that are most critical for you to work on? And one of the inputs to that should be, hey, is this, a finding alert, is this something that's also showing up when I'm scanning from a attack surface management perspective? And so if it's both a potential problem and we think it's exploitable externally, that increases the prioritization that you should put on that. And that's where bringing that visibility on the attack surface management, combined with the richness and all the alerts and findings that we have in the SIM and SOAR environment really makes sense. So how are these mandient solutions being integrated into Chronicle? Can you share a little more about that? A whole bunch of different ways. So when I start, so just talk about attack surface management. So that's your story. We've done a couple of things though. One of the things we're announcing today, this week, yesterday, was all the work we've done to integrate the threat intelligence that we have, both from mandient threat intelligence and virus total into Chronicle. And really what that is is, helping you enrich the findings. So this can be IOCs, they can be doing attribution like we see an alert, we know that this is attached to a certain IOC and we have attribution to the attackers that use that IOC. And bringing all that information right to the fingertips of the SOC analysts. So instead of having to swivel chair across multiple tools, I've got it all within my security operations platform, Chronicle. And it just makes you faster, allows me to prioritize better. And really just in general increases the overall security posture of an organization. So as we were again talking with Kevin and I brought up the fact that Duet was one of the announcements integrated into Chronicle back at Google next a couple of weeks ago. How does that play with this whole, because it would seem that it's necessary just to help people understand how much information is the use of AI and how that's going to help. Yeah, so we're really excited about this. We talk of kind of the three key pillars of where we're using AI in the Chronicle environment. So security in general actually just beyond Chronicle. So ones around like threats, how do we make smarter decisions, quicker decisions around threat detection. And another kind of I think good example of Mandy integration into Chronicle is what we've done with Mandy at Breach Analytics. So we have taken the findings from all the Mandy and IR activities, et cetera. And we've been able to once they extract the TTPs, the IOCs from those engagements, we can essentially within an hour, take for example an IOC, retroactively search all the customers using Chronicle with Mandy and Breach Analytics for the past year of have we seen any, have we seen that IOC in their environment ever before? And so the idea being, look, we may not be able to stop patient zero. There's always going to be like the first folks, can we get to a point where can we stop patient one? So stop the spread because we've taken that, we're going to go below an hour in the near future. So really reduce that time between, we've identified the specific vector of a threat and how can we help make sure that that's not happening within any of our customers? So that's a great example. And then when you go into the other things, the applications that do at AI, a lot of it's really around the talent and the toil that analysts, security professionals deal with every day. So a lot of that's been, first, how do you just make the repetitive tasks easier? And that could be many, it's incredible as the best finished Intel in the world, but there is a lot of it. And so if you're a mid-sized regional bank and you want to understand who might be the adversaries targeting you and your cohorts, what are the TTPs they're using? You're using the duet in NATI, allows us many threat intelligence, allows us to quickly summarize that information. And instead of taking hours, going through a lot of intelligence reports, can we get that to something that takes you minutes? And then you link to the sources, you can go deep dive further, but making that toil quicker and easier and faster. I think Rob, you're going to ask something. No, no, I think it just totally makes sense that, and we were looking at it from, how do we get the next generation of folks interested in this? And everybody's like, hey, well, we want to be AI engineers or prompt engineers now. And I think getting them to be, I have a son at Arizona State studying computer science right now and it's, you know, there's a cybersecurity curriculum there. And I think it's how do you get people to engage more? Is that part of making it simpler to see the path and how these things come together? I think absolutely. You look at the same thing where if you make it more accessible and you make your entry level job a more less busy work and more outcome related. And secondly, you make it so that the tools are easier to onboard, easier to work without the gate. And another example of what we do and do at in Chronicles the ability for you to use a natural language search for your unified data model query. And UDM is relatively, you know, it's not as well known throughout the security industry. So instead of requiring someone who's just starting to understand that query language right away, can you say just say, you know, who are all the users that downloaded files that have PII over the last, you know, seven days and regenerate that query on the behalf of the SOC analysts that can be used. But we also show all the query so you can both use it but also learn about the syntax, how those queries are formulated. So allows you to make immediate productivity gains but also understand the technology in more depth as you go. So those are the types of things I'm really excited about. I think that the application of generated AI is going to be foundational across a lot of IT and frankly, I think security will be one of the most important areas. Well, that's what is really striking to me about what Kevin Mandia said yesterday about how it is the solution to the overwhelmed security. As you can help the defenders more. Exactly, exactly. We know about the enormous potential of AI but the idea that it will help inspire younger people to get involved because they know they'll be able to make an impact, add value right away and not be so consumed with busy work but then also help the veteran cybersecurity defenders who are swimming in data and needs some help sifting through it. I've never met a CESA that has told me I have all the people I need. It's easy to retain them, et cetera. So I think this is just, you were, it was a foundational issue in the security industry around the scarcity of talents and the difficulty of retaining said talent and I do think that these steps forward will meaningfully change that. Yeah, I mean, going back to that retention, the talent retention issue, how do you solve it on your team? Because as you said, these are teams that are overworked. They're often demoralized because this is, these are such intractable problems. How do you make these jobs more interesting and more attractive? Yeah, I think, look, I'm luckier than the average bear, you know, working at Google. I think one thing that we see is the scale, one of the things I think helps people want to stay at Google is the scale at which you can help customers, users, the world, I mean we're operating on, we think, you know, are safe browsing, you know, hundreds of millions of users being protected by that. Our data loss prevention in workspace, billions of users. So there's a really, what I found in the security industry is that it tends to attract certain types of folks, but like where that the kind of service component, the helping, you know, the world is like a big part of what attracts them to the space and gets them to stay and the nice thing, you know, at least in our world is the platform upon which you can impact, you know, the world is actually quite large, just based, because we have technology that is in the hands of so many customers and users. Yeah, it seems like that all these integrations and all of this coming together really could help the broader security community as well. How do you see that playing out? Yeah, no, I agree wholeheartedly and you see some of the announcements you had this week with, you know, like the Sentinel ones, the Coralites, Google in itself, we're taking a more and more significant role in the security landscape. And so the integration of, for example, what we do in threat intelligence, and we've always been doing that in like the virus total space and really community sourced and you're bringing in Mandy and on top of that, I think as Mandy's had such great relationships with so many other vendors, because in so many times when Mandy is being called in, you know, they're working to help a customer in concert with the other security vendors that customers, you know, utilizing. And so they're, I think they've just brought in a lot of that, say, industry-wide relationships, engagements that has really helped kind of take Google security more broadly out to the, I think the next level. So you said that Google is raising its profile within this community. What do you make of the sort of urgent message that we heard yesterday from Chris Ray of wanting more public-private partnerships where the private sector is working with the government more readily to solve these problems? Do you think that that is something you're seeing more and more? 100%. Yeah, so in fact, if you were next a couple weeks ago, in the security keynote, we had the director of the Israeli National Cyber Directorate come and speak in terms of the work that we're doing together with Israel and the work that he's been doing to take that and work with other nations to bring this all together and think about, I think one of the nice things that we've been working on is using Chronicle. Because of its unique, it's so scalable, it searches so quickly, it's uniquely capable of bringing in these massive, you know, public environments, public data sets, and be able to operate across multiple nations to help secure the public environment, utilizing a lot of the private investment that we've done. So I actually, we're really excited about this. And I think it's been something, I think we've always had a lot of engagement, but I think that some of the dynamics are changing, and I actually think AI is another one that will kind of, I think hopefully kind of change some of that dynamic as well for the better. Exciting times. Very exciting times. Jeffrey, thank you so much for coming on theCUBE. Thank you so much, I appreciate it. I'm Rebecca Knight for Robstretch AI. Stay tuned for more of theCUBE's live coverage of MYs. We'll be right back after the short break.