Google Security Operations—Investigate
Investigate threats faster with insights at your fingertips
Search at Google speed, get the complete picture and harness generative AI to get to “a-ha” quicker.
Learn more about Google Security Operations.
Overview
Interpret threats faster with an intuitive analyst workbench
Unite the investigative data that matters, enabling your analysts to focus on what’s truly important instead of drowning in data.
- Google search your data. Sub-second, context-rich searches across petabytes of data to help find answers quickly.
- Visualize the who/what/when of an attack. See the contextual relationship—who did what and when—between all involved entities attached to an event, product, or source.
- Capture the full picture. Access the entire history related to any artifact- what entities previously interacted with an artifact, any previous cases containing this artifact, or notes created by other analysts.
Work threats, not alerts
Group, prioritize, and assign security alerts with case management that is purpose-built for security operations.
- Automatically group related alerts into threat-centric cases. Patented technology automatically groups contextually related alerts into a single threat-centric case, enabling a single analyst to efficiently investigate and respond to a threat.
- Prioritize alerts using machine learning. Automatically prioritize the flood of security alerts, reducing false positives and enabling your team to focus on the cases that matter.
- Get the right information at the right time. Leverage customizable investigative views that ensure the right roles access the right information for a given case.
Supercharge productivity with generative AI
Uplevel the skills and productivity of every team member with Gemini for Security Operations generative AI.
- Search in natural language. Use AI to conduct complex searches in plain language and let Gemini do the heavy lifting of query generation.
- Understand complex threats with AI generated summaries. Quickly and easily synthesize large amounts of data from disparate sources with case summaries generated by Gemini.
- Investigate threats conversationally with an embedded chat assistant. Refine investigative data, convert searches to rules, get interactive explanations of investigation results, and take action with recommended next steps.
How It Works
Google Security Operations offers a unified experience across SIEM, SOAR, and threat intelligence to drive better detection, investigation, and response. Collect security telemetry data, apply threat intel to identify high priority threats, drive response with playbook automation, case management, and collaboration.
Google Security Operations offers a unified experience across SIEM, SOAR, and threat intelligence to drive better detection, investigation, and response. Collect security telemetry data, apply threat intel to identify high priority threats, drive response with playbook automation, case management, and collaboration.
Common Uses
Investigate in real time
Get to the root cause fast with an intuitive workbench
Analyze real-time activity with investigation views, including VirusTotal and Mandiant threat intel enrichment, third-party threat intelligence insights, and user aliasing.
How-tos
Get to the root cause fast with an intuitive workbench
Analyze real-time activity with investigation views, including VirusTotal and Mandiant threat intel enrichment, third-party threat intelligence insights, and user aliasing.
Go on the hunt
Proactively identify threats in your environment
Search at Google speed to hunt for threats faster than traditional SOC tools. Apply automated alert enrichment and instant insight into malicious files and URLs to quickly make good decisions.
How-tos
Proactively identify threats in your environment
Search at Google speed to hunt for threats faster than traditional SOC tools. Apply automated alert enrichment and instant insight into malicious files and URLs to quickly make good decisions.
Pricing
| About Google Security Operations pricing | Google Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost. | |
|---|---|---|
| Product | Description | Pricing |
Standard | Base SIEM and SOAR capabilities Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent. The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules. Threat intelligence Bring your own threat intelligence feeds. | Contact sales for pricing |
Enterprise | Includes everything in the Standard package plus: Base SIEM and SOAR capabilities Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules. UEBA Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections. Threat intelligence Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations. Google curated detections Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats. Gemini in security operations Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection and playbook creation. | Contact sales for pricing |
Enterprise Plus | Includes everything in the Enterprise package plus: Base SIEM and SOAR capabilities Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules. Applied threat intelligence Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel) including intelligence gathered from active Mandiant incident response engagements. On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates. Google curated detections Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements. BigQuery UDM storage Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default). | Contact sales for pricing |
About Google Security Operations pricing
Google Security Operations is available in packages and based on ingestion. Includes one year of security telemetry retention at no additional cost.
Standard
Base SIEM and SOAR capabilities
Includes the core capabilities for data ingestion, threat detection, investigation and response with 12 months hot data retention, full access to our 700+ parsers and 300+ SOAR integrations and 1 environment with remote agent.
The detection engine for this package supports up to 1,000 single-event and 75 multi-event rules.
Threat intelligence
Bring your own threat intelligence feeds.
Contact sales for pricing
Enterprise
Includes everything in the Standard package plus:
Base SIEM and SOAR capabilities
Expanded support to unlimited environments with remote agent and a detection engine that supports up to 2,000 single-event and 125 multi-event rules.
UEBA
Use YARA-L to create rules for your own user and entity behavior analytics, plus get a risk dashboard and out of the box user and entity behavior-style detections.
Threat intelligence
Adds curation of enriched open source intelligence that can be used for filtering, detections, investigation context and retro-hunts. Enriched open source intelligence includes Google Safe Browsing, remote access, Benign, and OSINT Threat Associations.
Google curated detections
Access out-of-the-box detections maintained by Google experts, covering on-prem and cloud threats.
Gemini in security operations
Take productivity to the next level with AI. Gemini in security operations provides natural language, an interactive investigation assistant, contextualized summaries, recommended response actions and detection and playbook creation.
Contact sales for pricing
Enterprise Plus
Includes everything in the Enterprise package plus:
Base SIEM and SOAR capabilities
Expanded detection engine supporting up to 3,500 single-event rules and 200 multi-event rules.
Applied threat intelligence
Full access to Google Threat Intelligence (which includes Mandiant, VirusTotal, and Google threat intel) including intelligence gathered from active Mandiant incident response engagements.
On top of the unique sources, Applied Threat Intelligence provides turnkey prioritization of IoC matches with ML-base prioritization that factors in each customer's unique environment. We will also go beyond IoCs to include TTPs in understanding how an adversary behaves and operates.
Google curated detections
Additional access to emerging threat detections based on Mandiant's primary research and frontline threats seen in active incident response engagements.
BigQuery UDM storage
Free storage for BigQuery exports for Google SecOps data up to your retention period (12 months by default).
Contact sales for pricing
GET A DEMO
TALK TO SALES
Learn what Google Security Operations can do for you
Surfaced alerts a manufacturing company had never seen before.
Our SOC and analysts are able to prioritize work and respond with the attention that is needed.
Join the Google Cloud Security Community
Learn the technical aspects of Google Security Operations
New to Google Security Operations?
Business Case
Explore how organizations like yours cut costs, increase ROI, and drive innovation with Google Security Operations
IDC Study: Customers cite 407% ROI with Google Security Operations
CISO, Multi-billion dollar automotive company
"Our cybersecurity teams deal with issues faster with Google Security Operations, but they also identify more issues. The real question is, 'how much safer do I feel as a CISO with Google Security Operations versus my old platform?' and I would say 100 times safer."
Read the studyTrusted and loved by security teams around the world
"We can now use natural language search to query large amounts of data which we estimate will improve our ability to transform, synthesize and make data meaningful by 10X." - Dennis McDonald, CISO, Jack Henry
"We have advanced capabilities around threat intelligence that are highly integrated into the Google Security Operations platform. We like the orchestration capabilities that enable us to enrich the data and provide additional context to it, so our SOC and analysts are able to prioritize that work and respond with the attention that is needed."- Bashar Abouseido, CISO, Charles Schwab
"We think Google made a strategic decision in the way that they built the platform [Google Security Operations] many years ago. Not only is it highly robust and has millisecond search capability across vast amounts of data, but it gives you an unlimited amount of storage compared to the other platforms."- Robert Herjavec, CEO, Cyderes
