BlogEmpowering SecOps in the cloud: enhancing threat detection with Wiz and Google Security Operations

Empowering SecOps in the cloud: enhancing threat detection with Wiz and Google Security Operations

Wiz announces integration with Google Security Operations to help SecOps teams identify critical cloud security issues.

3 minutes read

Security Operations Center (SecOps) teams detect, investigate, and respond to security threats across an organization's IT systems using security operations platforms. As companies migrate more infrastructure to the cloud, addressing cloud-specific threats requires SecOps teams to have a deep understanding of cloud security issues and the context to investigate and respond to those issues effectively. Wiz focuses on providing our customers with prioritized, context-rich cloud security issues in their existing security workflows. We’re excited to announce our integration with Google Security Operations to help SecOps teams identify, prioritize, and remediate critical cloud security issues quickly. 

Detecting threats with Google Security Operations 

Google Security Operations helps SecOps teams detect and respond to modern threats with Google scale and intelligence. SecOps teams choose Google Security Operations for its scalability — which allows it to ingest and search through massive amounts of data and apply Google’s leading threat intelligence to detect more threats. Google Security Operations also appeals to SecOps teams due to its AI-powered productivity. 

Gaining security visibility into the cloud’s unique risks 

SOC analysts are challenged with effectively responding to cloud security alerts in an environment that presents new and unique risks they have not seen before. To start, SecOps teams need visibility into what their cloud inventory (VMs, DBs, etc.) looks like and how each resource is interconnected. When they have visibility into their entire cloud footprint, they must identify and fix the risks that create open attack paths before malicious actors can find them. They must also detect any active threats already occurring in their systems. 

Wiz identifies misconfigurations, vulnerabilities, sensitive data exposures, and other risks across an organization’s cloud. Once risks are identified, Wiz looks for toxic risk combinations that open attack paths to critical infrastructure or sensitive data. For real-time threat detection, correlating Wiz’s sensor and cloud service provider (CSP) events enables security teams to detect threat actors that may be in their cloud infrastructure, exfiltrating data, installing malware, or undertaking other malicious activity. 

Wiz combines these cloud risks and threats into single Wiz Issues, emphasizing that the issue at hand is a security concern. This informs the SOC analyst receiving the alert that the issue needs to be fixed immediately. Through this integration, mutual customers can send Wiz Issues to Google Security Operations. This new custom source in Google Security Operations adds signals for risks and threats across mutual customers' cloud environments. It provides clear, contextual security issues that enable SOC analysts to respond to and remediate issues quickly. 

Benefits of integrating Wiz’s CNAPP with Google Security Operations

Google Security Operations collects and analyzes security telemetry from across the organization to give SecOps teams a single place for alerts. Combining Wiz’s CNAPP security signals with your Google Security Operations solution has many benefits: 

  • Prevent cloud risks from becoming costly threats. The cloud opens new exposure risks, which threat actors continuously seek. SecOps teams must identify and fix these exposure points before threat actors find them. Through this integration, SOC analysts receive security signals from Wiz in Google Security Operations that prioritize the risks that, combined, present the most significant threat to your cloud. 

  • Correlate cloud security signals with other IT security signals. SIEMs are where SecOps teams want all their security data to come together so they can detect patterns and be alerted when there is a pressing security issue. Adding rich, high-fidelity cloud signals with risk and threat activity alongside data from other systems ensures that your SecOps teams have the complete security picture. 

  • Enable the SecOps team with clear cloud Issues and context. SecOps teams are still adapting to and learning about the cloud. When they receive a critical alert, they must have the context to understand and fix the issue. When SOC teams are alerted by Google Security Operations about a cloud security risk Wiz Issues, it’s clear that the security problem is critical; and the teams have the context they need to remediate the issue. 

As organizations grapple with increasingly sophisticated cyber threats, the need for comprehensive security tools has never been greater. Wiz’s integration with Google Security Operations can help more customers effectively protect their cloud environments.

Vineet Bhan, Global Head of Security and Identity Partnerships, Google Cloud

Integrate Wiz with Google Security Operations today

Wiz’s collaboration with Google Cloud aims to ensure mutual customers protect their cloud infrastructure and services. This integration allows Wiz Issues from your environment to flow through to Google Security Operations, aiding security teams in identifying, investigating, and remediating critical cloud issues before exploitation. As part of this integration, we leverage the Open Cybersecurity Schema Framework (OCSF), an open-source standard designed to facilitate and normalize data exchange. All the necessary steps for integration can be found in the Wiz documentation (login required).

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management