Skip to main content

As we forged into the first quarter of 2024, Google Security Operations unveiled a series of updates centered around streamlining operations for our customers. We understand the challenges faced by security operations teams dealing with time-consuming and intricate processes. That’s why we’re excited to introduce enhancements that simplify workflows and enhance efficiency.


Let’s take a look at some of the major updates:


Expanded Flexible Join Functionality


Streamline detection engineering with new join functionality to support complex equality and/or joins for both UDM and entity fields. This enhancement enables the consolidation of multiple rules into one, reducing the complexity of workflows and improving efficiency. 



 


 


 


 


 


 


 


 


Optimized Entity Investigation


Google SecOps’ new investigation experience combines entity data with UDM search to streamline investigation and response workflows. Now, you can quickly pivot between entities, gain context with in-screen widgets, and make informed decisions with fewer clicks, more precision, and less friction. 



 


 


 


 


 


 


Improved Consistency, Freshness, and Availability of UDM Event Data


With Google SecOps’ new event-processing pipelines and indexing enhancements, you can say goodbye to event-time constraints and hello to fully enriched UDM event data. All available to search within 10 minutes or less.



 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


New Integration with Google Cloud Identity and Access Management (IAM)


Administrators can now configure feature access using Google SecOps-specific permissions and predefined roles, and can create custom roles and IAM policies optimized for your organization.


New Integration with Cloud Audit


Understand who did what, where, and when within your Google Cloud environment. Leverage audit logs written by Google Cloud for administrative activities and data access events.


Expanded Regional Support


Meet long-term compliance and jurisdictional requirements with expanded regional support in Japan. Additional regional support is expected to be added throughout 2024.


Public Sector Achievements


Google Security Operations has achieved FedRAMP - Moderate authorization, ensuring the security of our cloud-native platform for federal agencies. 


Curated Detections Spotlight


Check out our latest out-of-the-box detections that are created and maintained by Google security experts. Available for Enterprise and Enterprise+ customers.



  • UEBA – Protect against anomalous user and entity behavior with coverage for Authentication, Network Traffic Analysis, Peer Group Detections, Suspicious Actions, and Data Loss Prevention.


Compromised Credential Monitoring


Monitor for compromised credentials on the open, deep and dark web, and receive automatic alerts if accounts linked to your organization appear in compromised credential data. Users can now unmask cleartext passwords for verified domains, unmask usernames, simplify monitor creation, backfill alerts, filter alerts by password policy and enhance monitor tuning. Available for Enterprise+ customers.


Expert Help from Mandiant Threat Hunters


Close the skills gap and gain elite-level support without the burden of hiring, tooling, and training. With Mandiant Hunt, now available as an add-on, you can now have Mandiant experts continuously hunt for threats undetected by security controls in your environment. 


Interested in seeing more? Schedule a demo today to see how you can leverage these new features.

Can I ask if u have previous numbers linked to Google cloud through other projects. And through the act of the provider.canceled are changed the mobile number .. And would not let the previous numbers be turned back on .. however now the two previous numbers are back on . Getting codes and asses to Google clouds projects . Able to change permissions. And roles claim to be able to make executive decisions without getting permission. And changes to and completely ending are moving projects...I tried to remove the numbers from my account.however it says I'll just be removing it from my account and Google with still let it be used .. Can u maybe assist me a liitle bit please.its had got a lot to do with a resent data breech and verison wireless 

 

@ahnna can you share more information on the below feature as we are looking to understand data sources for dark web? Is it from Mandiant ATI? how do we accomplish this use case without having to upgrade to Enterprise plus for anything from dark web?

Compromised Credential Monitoring

Monitor for compromised credentials on the open, deep and dark web, and receive automatic alerts if accounts linked to your organization appear in compromised credential data. Users can now unmask cleartext passwords for verified domains, unmask usernames, simplify monitor creation, backfill alerts, filter alerts by password policy and enhance monitor tuning.

 

 

Hi GCPSecops - 


Here is a quick blurb to understand a bit more.  This comes from our Digital Threat Monitoring product as found here: https://cloud.google.com/security/resources/datasheets/digital-threat-monitoring-datasheet?hl=en#:~:text=Digital%20Threat%20Monitoring%20removes%20the,organization%2C%20VIPs%2C%20and%20vendors.


Are you a current DTM or Mandiant Fusion customer?  There's a few ways to skin this cat - You can get DTM via any of the Google Threat Intelligence packages (GTI) or via Google SecOps Enterprise+.  


Feel free to ask further questions here.

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.