Co-Author: McCall McIntyre
If you’ve been following the evolution of Google Security Operations, you know that we’re dedicated to innovating based on what matters most to you, our customers. Driven by your feedback and the goal of solving the toughest challenges in security operations, our teams have been rapidly shipping new capabilities and expanding our partner ecosystem. Come see us at Black Hat to experience firsthand the powerful features we’ve made generally available to amplify your security operations!
Let's explore some of the Google Security Operations GA highlights for 2025:
Data Pipeline Management
Data pipeline management helps you reduce costs and simplify SIEM migration. Our expanded partnership with Bindplane provides the ability to easily filter, transform, and redact your data, preparing it for deeper analysis. Learn More
Composite Detections
Composite detections enable you to build sophisticated, multi-stage detection logic. This helps you identify complex attack patterns that traditional methods might miss, and structure your detection logic for higher recall and precision. Learn More
Dashboard and Reporting Platform
The dashboard and reporting platform's new capabilities enable you to improve your visualization experience. New enhancements include SOAR data integration, dashboard export capabilities, custom drilldowns, and markdown widgets, along with over 50 new out-of-the-box dashboards. Learn More
Search Enhancements
New search enhancements, including statistics and aggregation and data tables in search provide better data visibility and improved incident response. These capabilities allow you to extract actionable insights from your UDM logs for faster analysis and aggregation using YARA-L 2.0 and leverage multicolumn data tables for user-inputted data.
Playbook Assistant
Playbook assistant enables you to create complex security playbooks using natural language, which saves significant time. Recent enhancements include support for more complex playbook generation and editing, a wider variety of prompt types, and usability enhancements. Learn More
Model Context Protocol (MCP)
Google SecOps launched open-source MCP server implementations for Google Security Operations, SOAR, Threat Intelligence (GTI), Security Command Center (SCC) in alliance with other market partners, like Wiz and Crowdstrike, adopting the standard. MCP standardizes LLM interaction with security tools and data, simplifying AI integration and enhancing security workflows. Learn More
Supercharging SecOps with a Flourishing Partner Ecosystem
Our momentum extends far beyond the features we ship ourselves. Our philosophy has always been built on an open, interoperable platform that brings the best of the security community together. That's why we're thrilled to showcase the incredible growth within our partner ecosystem, delivered directly to you through the Google Security Operations Content Hub.
The Content Hub is your go-to for the resources you need to streamline security operations and maximize the platform's potential. Security operations teams can access curated detections, saved searches, native dashboards, and response capabilities for top product integrations and use cases, making data ingestion, configuration, and response more efficient. We’re excited to introduce partner-built content designed to supercharge your end-to-end SecOps experience here as well. Here's a look at our most recent partner-developed integration releases in the Google SecOps Content Hub:
- Claroty xDome and CTD: Feed your high-fidelity, context-rich alerts and vulnerability data from SaaS-powered Claroty xDome or on-premise Claroty Continuous Threat Detection (CTD) into Google Security Operations to support remediation workflows.
- Dropzone: Enable autonomous investigation of security alerts, combining Google Security Operations’ powerful detection capabilities with AI-driven automation.
- Infoblox: Enhance your Google Security Operations capabilities by combining predictive DNS intelligence and rich asset context with Google’s scalable remediation capabilities to enable proactive threat detection, automated investigation, and faster response.
- Recorded Future: Bring Recorded Future intelligence to power indicator enrichment, file sandbox analysis, and consolidated alert management into Google Security Operations.
- Team Cymru: Streamline incident triage and accelerate threat response by providing domain, IP, network communications and netflow threat intelligence data through the Scout API.
- Vectra (with RUX, QUX): Enable security teams to take automated, semi-automated, or manual actions using Vectra’s Quadrant User Experience signal, supporting various use cases on the Vectra QUX or Vectra RUX Platforms.
- Vorlon: Empower security teams to detect, investigate, and respond to third-party SaaS application risks from Vorlon.
- XM Cyber: Natively enrich your detections with XM Cyber to assess and prioritize alerts based on their position on potential attack paths by providing context to attribute actual business risks to each alert.
- Wiz: Automate and orchestrate your Google Security Operations based on Wiz issues.
We invite you to explore the Content Hub within Google Security Operations today to discover how these new integrations can empower your team. For access, please contact your sales team.
For our partners interested in contributing to our expanding ecosystem and having your content promoted on the Content Hub, reach out via this form to us to learn more about collaboration opportunities!
We also invite you to join the Google Security Summit and opening keynote next week for in-depth discussions and practical insights on securing your AI journey. Be sure to attend the closing keynote to hear more about the latest Mandiant observations and our strategic vision for the future of AI security!
Connect with Us at Black Hat USA 2025
We'll be at Black Hat this year, and we'd love for you to visit us at booth #2240. Come meet the Google Cloud Security team and get a firsthand look at our latest product innovations. Discover how new capabilities such as Composite Detection and Statistical Search can revolutionize your threat hunting. You'll also have the opportunity to learn directly from Mandiant experts about techniques and tactics from their most recent investigations. We'll be showcasing live demos of our new features and our expanded partner ecosystem. See how Google Security Operations can help you detect and remove threats more effectively and boost your security team's productivity.