Cloud Blog: Activating your defender’s advantage at mWISE ‘24

Source URL: https://cloud.google.com/blog/products/identity-security/activating-your-defenders-advantage-at-mwise-24/
Source: Cloud Blog
Title: Activating your defender’s advantage at mWISE ‘24

Feedly Summary: To stay ahead of evolving threats, security leaders and practitioners must tap into a vital but underutilized tool to strengthen their defenses: collaboration. The power of communication and knowledge-sharing among peers can help defenders seize the advantage when fighting threat actors who repeat the same tactics, techniques, and procedures (TTPs) to target multiple industries across multiple regions. 
Security experts from around the world are convening starting today at mWISE Conference 2024, in Denver, Colo., to collaborate on the latest solutions, compare experiences, and bolster their defenses. As part of this shared mission to combat threats, today we are announcing new ways to help keep our customers safe, including updated best practices aligned to our defender’s advantage framework, expanded managed services, and additional avenues for threat intelligence sharing.  
Activating your defender’s advantage
The defender’s advantage is the idea that organizations know their environments best, and are therefore best suited to knowing how to defend it against cyber threats. Similar to knowing your own home better than a first-time (and unwanted) house guest, organizations should know their business, systems, topology, and infrastructure better than anyone else. This can be an incredible source of advantage — and we’re here to help organizations make the most of it.
Today, we’re releasing the second edition of The Defender’s Advantage ebook, our detailed framework that can help organizations make the most of their home-field advantage. The framework details how Intelligence drives critical functions of cyber defense: Detect, Respond, Validate, Hunt, and Mission Control. This updated guide provides an operating model for organizations to align with to identify redundancies, gaps, and opportunities to improve their cyber defenses.
Enabling a united defense
As intelligence is fundamental to the defender’s advantage, today we’re offering new ways that we can help customers augment their intelligence and defense. Mandiant Managed Defense has been helping organizations augment their security operations program and respond to breaches since 2011, with our threat hunting, alert triage, incident investigation, and rapid-response capabilities. 
Today, we are announcing the general availability of Managed Defense for Google Security Operations for U.S.-based customers. Managed Defense uses built-in curated detections and risk scores from Google Security Operations for comprehensive, up-to-the-minute threat coverage, automated threat identification, and faster risk analysis. 
These capabilities can allow our experts to prioritize rapid investigation and incident remediation. Our proactive approach is continuously enriched with insights from Managed Defense’s own threat hunts, protecting our customers against the latest attack techniques. “Having been a long-time Google Security Operations customer, it only made sense to layer in the power of Mandiant Managed Defense for Google SecOps. This add-on advantage has proven to be a force multiplier, truly allowing the Vertiv Security team the opportunity to pivot towards advanced strategic cybersecurity work,” said Mike Orosz, CISO, Vertiv.
Managed Defense remains vendor-agnostic and supports a wide range of EDR and XDR security technologies adopted by our customers. As part of our approach, we’re announcing that support for Corelight Open NDR is now generally available, and support for Palo Alto Next-Generation Firewall is now in preview. 
Strengthen collaboration with shared threat intelligence 
Knowledge-sharing and collaboration have become ever-more vital parts of the defender’s advantage, helping to enable resilience against modern threats. Sharing threat intelligence across trusted colleagues and industry partners is a crucial component to better safeguarding our organizations. 
“Collaboration is critical to foster true resilience when it comes to the systems and networks we rely on every day,” said Phil Venables, CISO, Google Cloud.
Google Threat Intelligence now provides Private Collection Sharing, which can help you break down barriers to sharing insights and vital intelligence with trusted colleagues and industry partners. These collections help provide secure, confidential spaces for collaboration in your organization and with a trusted peer network encompassing not just indicators of compromise (IOCs), but also TTPs, strategic insights, and analyses. 
As defenders, it’s crucial that we have a deep understanding of the threat landscape and share information with our trusted colleagues and partners to be more proactive, better positioned to mitigate risks, and respond to threats more effectively.
Make Google part of your security team
With Google Cloud Security, organizations can address their tough security challenges with many of the same capabilities Google uses to keep more people and organizations safe online than anyone else in the world: frontline intelligence and expertise, a modern, intelligence-driven security operations platform, and a secure-by-design cloud foundation. You can learn more about our Google Cloud Security offerings here. 
You can join us at mWISE in-person or virtually by registering here.

AI Summary and Description: Yes

Summary: The text emphasizes the importance of collaboration and knowledge-sharing among security leaders to enhance defenses against cyber threats, especially during the mWISE Conference 2024. It introduces new and updated frameworks, tools, and services aimed at bolstering cyber defenses, highlighting the significance of intelligence and proactive measures in various organizations’ security strategies.

Detailed Description:
The piece discusses collaboration as a crucial tool for security professionals in combating evolving cyber threats. It highlights that security leaders from various sectors are convening at the mWISE Conference 2024 to share experiences and solutions.

Key Insights Include:
– **Collaboration Importance**: The text stresses that sharing knowledge among peers enhances defenses against threat actors employing similar techniques across industries.
– **Defender’s Advantage Framework**:
– Organizations are encouraged to leverage their understanding of their environments to enhance defense strategies.
– The second edition of “The Defender’s Advantage” eBook details a framework focusing on critical functions of cyber defense: Detect, Respond, Validate, Hunt, and Mission Control.
– This guide aims to identify redundancies and gaps, providing an operational model for improvement.

– **Managed Defense Services**:
– The announcement of the availability of Mandiant Managed Defense for Google Security Operations, tailored for U.S. customers.
– This service enhances security operations through curated detections and risk assessments, promoting rapid incident investigation and risk analysis.
– Continuous enrichment from threat hunts enables ongoing protection against emerging attack techniques.

– **Vendor-Agnostic Approach**:
– Managed Defense is compatible with various Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technologies.
– Recent developments include supporting Corelight Open NDR and a preview of support for Palo Alto Next-Generation Firewall.

– **Threat Intelligence Sharing**:
– Google Threat Intelligence introduces Private Collection Sharing to facilitate secure sharing of insights and intelligence among trusted peers.
– This feature helps organizations collaborate on indicators of compromise (IOCs), techniques, tactics, and procedures (TTPs), fostering a proactive approach to threat mitigation.

– **Google Cloud Security**:
– The text encourages organizations to integrate Google Cloud Security solutions, emphasizing the platform’s frontline intelligence and secure infrastructure.

The overall message advocates for a more collaborative approach to cybersecurity, underscoring the critical role of shared intelligence and community resilience in safeguarding organizations against threats.