Skip to main content

This past quarter, Google Security Operations introduced significant innovations focused on AI-powered automation, next-generation detection, and enhanced operational efficiency for your Security Operations Center. Below are the key features that achieved General Availability (GA) in Q3, along with exciting public previews.

 

Analyst Experience

  • Legacy Stack (Non-BYOP, Federated Auth, Legacy RBAC) EoS: All new customers & partner tenants will no longer be onboarded into Non-BYOP project, Federated Auth and Legacy RBAC. So, every new customer instance needs to be set up in customer / partner’s GCP Project, configure Auth using Cloud Identity / BYOID, Feature RBAC to manage user roles and Data RBAC (optional) to manage Data access.
  • Data Tables in Search: Introduces key new capabilities like Data Table Join & Filter support in Search, the ability to write search results into Data Tables, and RBAC for differentiated access control. Learn more
  • SecOps Data RBAC Self-Service Enablement: You can now pre-define Data RBAC and self-enable the feature, eliminating the previous need to contact the support team and ensuring scoped users retain access to data. Learn more

 

Security Outcomes

  • Composite Detections: Go beyond simple rules by constructing sophisticated, multi-stage detection logic to identify complex attack patterns, improving both recall and precision while simplifying rule engineering. Learn more
  • Google SecOps Labs enabled for Enterprise + Customers: Creates a dedicated sandbox in the product to share ideas, test features early, and get feedback to drive innovation and improve SOC efficiency, starting with five AI-powered pilots. Learn more
  • Near Real-time Risk Analytics – VeloRCs: Introduce Risk Based Alerting (RBA) to your SOC. By calculating risk scores every few minutes, it helps teams focus on high-risk entities (users, endpoints), providing a high-fidelity complement to detection rules. Learn more
  • EDR SecTechs (3P Vendor Rules) in Curated Content: A new rule pack is launched to pass EDR vendor alerts into native SecOps detections, allowing customers to use their endpoint alerting for case generation and composite rules. Learn more
  • 14-Day Match Windows: To combat sophisticated, "low and slow" threats, detection now supports a 14-day lookback period. This is crucial for easier compromised account detection and defending against extended attack chains. Learn more
  • SDK Command Line Interface (CLI): For power users and administrators, the new SDK CLI enables programmatic interaction with Google SecOps via the terminal, streamlining workflows, automating repetitive tasks (like log ingestion, rule management, and data export), and integrating SecOps capabilities into broader scripting environments, boosting operational efficiency. Learn more


 

Data & Platform:

  • Advanced Analytics Enhancements: Several powerful new features have been introduced including the condition section, new keywords to allow to deduplicate events, limit the number of results, get the earliest and latest timestamps, increased array limits, and support for metrics functions within UDM Search.  Learn more
  • Azure Event Hub Native Integration: Enables real-time log ingestion with Azure Event Hub, reducing ingestion latency from 15 minutes to 15 seconds and potentially reducing a customer’s Azure costs by 22%. Learn more
  • Self-Service Custom Log Types: Streamlining custom data ingestion, this self-service capability allows for instant creation of custom log types directly within the SecOps UI via a new "Log Types" page. Learn more
  • Silent Host Monitoring (SHM) in SecOps: leveraging detection rules for proactive alerting on inactive hosts, this comprehensive solution can utilize rule chaining, SOAR integration, and GCP integration capabilities. Learn more
  • Data Ingestion and Health Dashboard Updates: New widgets for the Data Ingestion and Health Dashboard include basic silent host monitoring and bindplane agent health. Learn more
  • Bindplane On-prem Server: SecOps customers can now use the on-prem version of Bindplane's Server under the Google Cloud Terms of Service. Learn more.

 

Compliance and Global Expansion:

  • SecOps in Brazil, France & Indonesia: We are pleased to announce the launch of SecOps services in both Brazil, France, and Indonesia expanding our global footprint to 16 regions worldwide and helping meet customer residency commitments. Learn more
  • CMEK for UK and South Africa: Customer-Managed Encryption Keys (CMEK) give customers direct ownership and more control over data protection, helping them meet compliance and regulatory requirements (like HIPAA, GDPR, PCI DSS). Learn more

User Experience Improvements:

  • In-Product “What’s New” and Feature Callout: Stay current with our platform's latest advancements effortlessly with a centralized "What's New" section—your go-to for monthly feature updates—and a framework for intuitive in-app "Callouts" that will guide you through new functionality. 
  • SecOps Light Theme: We are standardizing the look and feel across SecOps by introducing a new, light theming for the entire platform, including the SIEM Settings.

 

 

Exciting Public Previews: A Look Ahead

  • MITRE ATT&CK Enterprise Visualization Dashboard: Get an instant, visual understanding of your security coverage. This dashboard maps all your detection rules against the MITRE ATT&CK framework, allowing you to instantly identify coverage gaps and prioritize rule development.
  • Google SecOps Content Hub: Stop searching and start securing. The new Content Hub centralizes all your essential SecOps content, allowing you to quickly discover, preview, and deploy curated detections, native dashboards, SOAR content, and new onboarding Content Packs.
  • Event and Detection Alert Correlation (Private Preview): This feature significantly improves operational efficiency by bridging the gap between security validation actions and their real-world impact. It automatically fetches UDM events and Detection Alerts correlated with a Security Validation Action for a complete, end-to-end view of control effectiveness.

 

We’re committed to continually delivering the tools you need to stay ahead of the adversary. Explore these new features today and elevate your SOC's performance.

Be the first to reply!
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.