Google’s got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft’s $20B+ security biz – Source: go.theregister.com

Cloud Next Google will today reveal a new unified security platform that analysts think can help it battle Microsoft for a bigger chunk of the enterprise infosec market.

It’s called Google Unified Security (GUS) and is said to combine the search giant’s existing threat intelligence, security operations, and cloud security services, plus Chrome Enterprise. Because this is 2025 it also adds agentic AI.

Google’s approach appears similar to the one Microsoft introduced last month at with the announcement of task-specific AI agents that interact with various security products to do things like delivering reports that help security analysts to understand which alerts deserve urgent attention.

The ads giant’s infosec agents include one called Google Security Operations that we’re told can triage security alerts by analyzing the context of each incident and then gives the humans in charge advice about which ones merit a response. Another agent uses AI to analyzes malware and determine the extent of the threat it poses.

Select customers will get the chance to use the agents during Q2. The platform launch is due to coincide with Google’s Cloud Next event, taking place today.

“Google as a company, looks at that and goes: Why can’t we also be a large enterprise security vendor?”

The new agents are modest additions compared to the capabilities Google acquired in March when it bought cloudy security upstart Wiz for $32 billion – the search giant’s largest ever purchase.

Google’s third-largest acquisition was the $5.4 billion acquisition of Mandiant in 2022 (buying Motorola Mobility for $12.5 billion in 2011 was number two).

Buying Wiz and Mandiant means Google is an infosec player, but trails rivals.

“Microsoft is already the world’s largest security vendor,” Gartner Research VP Neil MacDonald told The Register. “Google as a company, looks at that and goes: Why can’t we also be a large enterprise security vendor?”

Redmond has previously said its annual security business revenue exceeded $20 billion. Google doesn’t publicly disclose its security sales, and Gartner’s MacDonald told us it’s “a fraction” of Microsoft’s market-leading revenue haul.

How Wiz helps

Wiz brings Google a hot category of security products in the form of its Cloud-Native Application Protection Platform (CNAPP) that secures cloud-native applications, starting with the code and continuing all the way through runtime, continually monitoring for and removing threats, while ensuring compliance with companies’ security policies.

Wiz works across multiple clouds, so Google can sell it to its Cloud customers and users of other public clouds.

“Multi-cloud CNAPP is indispensable for cloud infrastructure security,” Forrester VP and principal analyst Andras Cser wrote in a recent memo about the Wiz acquisition.

“Multi-cloud security capabilities will accelerate Google Cloud’s entry into many enterprises,” he added.

When asked about the acquisition price, the largest ever in cybersecurity, surpassing Cisco’s $28 billion Splunk purchase last year, Cser told The Register it “reflects Google’s rush to market and customer acquisition.”

“You can develop a CNAPP solution in 3,600 years of engineering time otherwise,” he said.

Google didn’t have years to waste, never mind millennia, because Microsoft already has a CNAPP called Defender for Cloud.

Buying Wiz also helps Google move into adjacent security markets that are equally appealing to enterprise security customers, according to MacDonald.

“Wiz has a core technology around graph and graph analytics, and layering intelligence on top of the graph to understand relationships of objects — that’s what they do in the cloud,” he said.

“But that model can be extended to data and data objects, or into application development, where Wiz had already gone, with the acquisition of Dazz,” MacDonald continued. “This could also be used for exposure management, which is an emerging category. So this technology gives them the Wiz core platform, and gives them the ability to start going out and addressing these adjacent use cases.”

Meet GUS

While Wiz gives Google a multi-cloud security play, it also wants to make its own cloud platform more secure than those offered by rivals.

This is where that Google Unified Security, or GUS, comes into play.

In an announcement of the security platform’s general availability, due out today, Google touted the integrated nature of the new product and used these examples:

• Browser telemetry and asset context from Chrome Enterprise integrated into Google Security Operations to power threat detections and remediation actions.
• Google Threat Intelligence integrated with security validation to proactively understand exposures and test security controls against the latest observed threat actor activity.
• Cloud risks and exposures from Security Command Center, including those impacting AI workloads, enriched with integrated Google Threat Intelligence to more effectively threat hunt and triage incidents.

That’s a package that means Google has moved towards delivering a security platform that covers many functions and controls.

“Microsoft uses this [approach] to great advantage,” MacDonald said. “They’ve got identity, and they’ve got data, and they’ve got a SIEM [Security Information and Event Management platform], and they’ve got endpoint,” he added, referring to Redmond’s security products, many of which it bundles with its other enterprise and cloud products to dissuade customers from choosing a third-party vendor for security.

• Alphabet’s reported $23B bet on Wiz fizzles out
• Google Cloud closes $5.4b Mandiant acquisition
• Google makes end-to-end encrypted Gmail easy for all – even Outlook users
• Microsoft to mark five decades of Ctrl-Alt-Deleting the competition

“And of course, Microsoft likes to sell enterprise license agreements,” MacDonald said. “So when I look at GUS, it really is Google saying: Why don’t you buy more of our things, including Chronicle SecOps, Chrome Enterprise, Wiz’s core technology, Security Command Center.”

MacDonald says he doesn’t think Google wants to be Microsoft — it just wants to be more like Microsoft. He doesn’t see Google taking up endpoint security anytime soon, for example.

“I believe that they do have a strategic goal to grow their enterprise security revenue outside of Google Cloud, and then wherever possible, use that same technology to make Google Cloud better,” McDonald opined. “Some of these investments, like Mandiant, like Wiz, helps both.”

So can Google grow into a multi-billion-dollar security software business that’s independent of its cloud? “I believe they want that to happen,” he said. “I believe they can.” ®