Article
3 min read
Andy Rossiter
  • Global SVP of Google Cloud at Endava

In our journey to secure Google Vertex AI, we've explored the proactive risk reduction offered by Wiz. Now, it's time to dive into the second critical pillar: Google SecOps, encompassing Chronicle Security Operations and Mandiant Threat Intelligence. 

 

Think of Wiz as your cloud security ‘architect’, meticulously identifying and shoring up weaknesses in your infrastructure. Google SecOps, in turn, is your ‘sentinel’, standing guard, detecting threats in real-time and enabling a rapid, intelligent response. 

 

Here are five key takeaways for implementing Google SecOps on GCP, highlighting its essential synergy with Wiz. 

 

  1. 1. Unify security telemetry at petabyte scale (no volume tax) 

  2.  

Traditional SIEMs often struggle with the sheer volume of data generated by cloud-native services, leading to ‘volume tax' or forcing tough choices about what logs to ingest. 
 

  • Google SecOps Advantage: Chronicle Security Operations is purpose-built to ingest all your security telemetry from Google Cloud (IAM, network flow, BigQuery, GKE, Vertex AI API logs, etc.) at petabyte scale, with no data volume charges. This means zero blind spots and comprehensive historical data for investigations. 
  • Wiz Synergy: Wiz identifies what you need to protect (e.g., a specific, high-risk Vertex AI endpoint). SecOps then ensures all relevant logs from and around that endpoint are ingested, providing the raw data stream necessary to monitor its security posture effectively, ensuring no malicious interaction goes unrecorded. 

 

2. Leverage world-class Google/Mandiant threat intelligence

 

Modern threats are sophisticated and dynamic. Having access to constantly updated, actionable threat intelligence is crucial for staying ahead.

 

  • Google SecOps advantage: Chronicle Security Operations is continuously fed by Mandiant's frontline threat intelligence. This means your detections are enriched with real-world attacker tactics, techniques and procedures (TTPs). 
  • Wiz synergy: Wiz might identify a specific vulnerability in a container image used for your Vertex AI model (e.g., an outdated library with a known CVE). Google SecOps, armed with Mandiant intelligence, can then tell you if that specific CVE is currently being actively exploited in the wild by known threat actors targeting your industry. This allows for immediate, hyper-prioritized remediation, moving beyond generic risk to confirmed, imminent threats. 

 

  1. 3. Focus on behavioural anomaly detection for deeper insights

  2.  

Attackers rarely trigger a single, obvious alert. They often execute a series of subtle, anomalous actions. 

 

  • Google SecOps advantage: SecOps excels at establishing baselines of normal behaviour and then spotting subtle deviations. This could be a service account that has never accessed a particular GCS bucket now exfiltrating large volumes of training data, or an unusual API call pattern from a Vertex AI Notebook instance. 
  • Wiz synergy: When SecOps detects such an anomaly, Wiz provides critical context. The anomalous behaviour is immediately tied back to Wiz's understanding of the asset's identity, its permissions, and its calculated risk level. This transforms a generic ‘unusual activity’ alert into a high-fidelity incident like "Compromised Vertex AI service account attempting data exfiltration from sensitive BigQuery dataset." 

 

  1. 4. Enable high-speed, end-to-end Investigation (SIEM/SOAR)

  2.  

Time is of the essence during an incident. The ability to quickly investigate and respond directly impacts potential damage. 
 

  • Google SecOps advantage: Chronicle Security Operations provides lightning-fast threat hunting and investigation capabilities. Its unique data model and search speed drastically reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). 
  • Wiz synergy: Wiz's detailed Security Graph data (relationships between assets, identities, and risks) can be integrated directly into SecOps. This means an investigator can pivot from a specific Chronicle alert (e.g., a suspicious login) directly to the Wiz attack path analysis to understand the broader context, identify connected risks and pinpoint the fastest containment strategy. 
     

  1. 5. Secure the human element (beyond cloud infrastructure)

  2.  

Cloud security isn't just about infrastructure; it's also about the users who access it. Attackers frequently target identities. 

 

  • Google SecOps advantage: Google SecOps integrates deeply with Google Workspace logs, providing visibility into phishing attempts, user account compromises, and lateral movement from Workspace into your GCP environment. 
  • Wiz synergy: While Wiz secures the cloud infrastructure and its access policies, SecOps monitors the user identity itself. Together, they can track an attacker who first compromises a user's Google Workspace account (detected by SecOps) and then attempts to pivot into sensitive Vertex AI assets (with Wiz confirming the access paths and SecOps continuing to monitor activity). 

 

Security that accelerates innovation 

 

By combining the proactive posture management of Wiz with the real-time threat detection and intelligent response of Google SecOps, organisations gain an unparalleled security framework for their Google Cloud environment. This unified approach not only protects your valuable AI investments but also empowers your teams to innovate faster and with greater confidence.