TECHNICAL VALIDATION

How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance

Google Cloud Security Ecosystem—Exabeam

How to Deliver Successful AI Projects by Reducing Risk and Boosting Performance

Leveraging the Google Platform to Accelerate the
Delivery of Differentiated Security Offerings

By Tony Palmer, Practice Director and Principal Analyst, Validation Services
Enterprise Strategy Group
December 2023

Introduction

This Technical Validation from TechTarget’s Enterprise Strategy Group documents our evaluation of the Google Cloud Security Ecosystem. Our analysis focused on how the Google Cloud enables cybersecurity independent software vendors (ISVs) to provide differentiated security offerings and capabilities, accelerate time to market, and help their customers secure their cloud applications.

Background

Momentum for digital transformation is accelerating, and organizations are under increasing pressure to improve productivity and drive innovation to serve their customers and are leveraging cloud services to meet that demand. In fact, 86% run production workloads on public cloud infrastructure/platforms, and organizations are increasingly adopting a cloud-first policy for new applications.
Cloud services enable teams to modernize their application development processes for greater operational efficiency, which helps them meet their digital transformation objectives, including becoming more operationally efficient, providing a better customer experience, using technology that enables collaboration, and improving product development.
Figure 1. Cloud-first Policy for New Applications on the Rise
Organizations recognize the growing complexity across their IT environments and the ongoing cybersecurity skills gap is not making things any easier. In fact, 42% of respondents told Enterprise Strategy Group that cloud computing security was one of the most difficult roles for them to fill. They are looking for ways to efficiently manage risk to support the demands of their businesses with the move to the cloud.
This has serious implications for cybersecurity solution vendors. Organizations with mission- and business-critical workloads in the cloud need to be confident that they can control and secure their environment, and trust in their technology partners is key. ISVs need access to sophisticated tools to enhance their development efforts across the development lifecycle. ISVs should be looking for a partner that can provide capabilities and expertise that add value. A partner that offers not just infrastructure, but go-to-market support, network analytics, visibility, integration opportunities, and complementary security capabilities will let them focus on their core mission rather than tooling and support infrastructure.

The Google Cloud Security Ecosystem

Google Cloud is designed, built, and operated with security as a primary design principle to help protect its customers against threats in their environments. Google layers on security controls to enable organizations to meet their own policy, regulatory, and business objectives. Customers can leverage elements of Google’s compliance framework in their own compliance programs.

Google Cloud secures more than three billion users globally. To accomplish that, Google’s cloud infrastructure can’t rely on any single technology to make it secure. Google’s stack builds security through progressive layers designed to deliver true defense in depth, and at scale.

• Google Cloud’s hardware infrastructure is designed, built, controlled, secured, and hardened by Google.
• Google Cloud’s infrastructure—designed from the ground up to be multi-tenant—uses a zero trust model for applications and services, with multiple mechanisms to establish and maintain trust. This means that only specifically authorized services can run and only specifically authorized users and processes can access them.
• Data is automatically encrypted at rest and in transit and distributed for availability and reliability to help protect against unauthorized access and service interruptions.
• Strong authentication protects access to sensitive data with advanced tools like phishing-resistant security keys to verify identities, users, and services.
• Google’s network and infrastructure have multiple layers of protection that guard customers against denial-of-service attacks and communications over the internet to its public cloud services are encrypted in transit.
• At the top of the stack, Google develops and deploys infrastructure software using rigorous security practices, employing round-the-clock operations teams to detect and respond to threats to the infrastructure from both internal and external threat actors.
Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help ISVs accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Google operates from the precept that clients are always in control of their data. Google is committed to transparency in data handling. Google’s privacy commitments and data processing addendum clearly state that Google does not use cloud customer data for advertising, any AI model, or product improvement. Google adheres to their clients’ data storage, processing, and management preferences, so organizations control what happens to their data. In addition, all Google customers benefit from the privacy protections and fine-grained security controls built into Google Cloud by default.
Google’s products regularly undergo independent third-party audits with over two million control instances audited annually. Google maintains certifications, attestations of compliance, or audit reports against standards and regulations enforced across the globe. Google Cloud supports customer risk management and regulatory compliance needs with dedicated teams, offering compliance validation, support for due diligence, and security assessments, with an ongoing commitment to continuous assurance.
Google Cloud hardware infrastructure is custom designed by Google to precisely meet stringent requirements, including security. Google’s servers are designed for the sole purpose of providing Google services. Its servers are custom-built and don’t include unnecessary components that can introduce vulnerabilities. The same philosophy is imbued in Google’s approach to software, including low-level software and its operating system, which is a stripped-down, hardened version of Linux. Google designs and includes hardware specifically for security—Titan, its custom security chip, is purpose-built to establish a hardware root of trust in its servers and peripherals. Google also builds its own network hardware and software to optimize performance and security. Finally, Google’s custom data center designs include multiple layers of physical and logical protection. Owning the full stack enables Google to control the underpinnings of its security posture with far greater precision than is possible with third-party products and designs. Google can take steps immediately to develop and roll out fixes for vulnerabilities without waiting for another vendor to issue a patch or other remediation, greatly reducing exposure for Google and its customers.
Google was an early proponent, designer, and practitioner of zero trust computing. Google developed foundational concepts that underpin zero trust architectures with its Beyond Corp and Beyond Prod models. Operating this way has helped to protect its internal operations over the last decade. Google’s zero trust architecture ensures that only the individual with the correct identity, accessing only the machines specifically authorized by the correct code, is accessing just the data they are authorized to, in the correct context. Beyond Prod uses these same core principles to enable partners and Google Cloud customers to protect their operations in the same way, focusing on their own assets and resources and the entities and groups accessing them.
Layered over this foundation of trust are the tools and technologies that Google Cloud provides its partners— that they traditionally had to build in-house—to augment their capabilities. The Security Ecosystem uses Google Cloud capabilities to provide trusted security in the cloud, on-premises, at the edge, and everywhere in between.
Figure 2. Google Cloud Security Ecosystem Overview

Source: Enterprise Strategy Group, a division of TechTarget, Inc.

Google’s Data Cloud enables organizations to digitally transform with a unified, open, and intelligent data cloud platform.
• Data Cloud enables organizations to manage every stage of the data lifecycle, including databases, business intelligence (BI), data warehouses, data lakes, and streaming on a unified data platform.
• Data Cloud is open and standards-based for portability and flexibility with an extensive partner ecosystem, designed for multi-cloud environments.
• Data Cloud incorporates built-in intelligence and AI/ML, with comprehensive tools and processes. Organizations can leverage pre-trained models accessed via APIs and low-code custom training and solve real-world problems quickly with integrated analytics and an AI platform, BigQuery ML. ML model development and experimentation is fast-tracked with Vertex AI, an end-to-end ML platform.
• Security AI Workbench provides generative AI for security solutions. Security AI Workbench is a platform that enables security partners to extend generative AI to their products, bringing threat intelligence, workflows, and other critical functionality to customers, while retaining enterprise-grade data protection and sovereignty.
Google’s Open Cloud gives partners and customers the freedom to securely innovate and scale across data centers, edge locations, and the cloud on a transformative, open platform designed to be easy.
• Google has a long history of leadership in open source including projects like Kubernetes, TensorFlow, and others. Open source gives organizations the flexibility to deploy— and, if necessary, migrate— critical workloads across or off public cloud platforms.
• Google Open Cloud gives organizations the flexibility to build and run apps anywhere. Anthos, the modern application platform that extends Google Cloud services and engineering practices to hybrid and multi-cloud environments delivers portability that helps teams modernize apps faster and establish operational consistency across them.
• Open Cloud provides autonomy and control over infrastructure and data, enabling organizations to manage all their apps—both legacy and cloud-native—while meeting sovereignty, regulatory, and policy requirements.
Data protection is core to everything Google does. Trusted Cloud helps partners and customers protect what's important with advanced security tools.
• The Google Cybersecurity Action Team (GCAT) is Google’s security advisory team, with the singular mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses.
• Google BeyondProd helps create trust between microservices—beyond what is possible with traditional network perimeter protections such as firewalls—using characteristics such as code provenance, service identities, and trusted hardware. This trust extends to software that runs in Google Cloud and software that is deployed and accessed by Google Cloud customers.
• Google has produced numerous foundational innovations. Google invented now-standard technologies such as Kubernetes and was an early proponent, designer, and practitioner of zero trust computing.
Support for DevSecOps includes secure software supply chain (S3C).
Google Workspace
Google Workspace has its own ecosystem of cybersecurity partners to extend its native security capabilities. This provides an opportunity for security ISVs to reach Google Workspace enterprise customers. Google Cloud is committed to helping customers achieve their security and risk mitigation goals, while enabling partners to deliver applications and capabilities that give customers greater security, agility, and resilience, all with significant cost savings. Google Cloud’s best practice guidance and tools help ISVs deliver their products securely and at scale.

Enterprise Strategy Group Technical Validation

Enterprise Strategy Group validated how Exabeam leveraged the power of Google Cloud to accelerate the digital transformation of their cybersecurity offering from nondigital native to cloud native. Google Cloud enables them to provide differentiated security offerings and capabilities, accelerate time to market, and help their customers secure their cloud applications.
Exabeam: Digital Transformation
Exabeam created cloud-scale security information and event management (SIEM) for advancing security operations. The products offered on Exabeam Security Operations Platform are designed to reduce business risk and elevate the performance of security operation teams. Enterprise Strategy Group has previously validated how the combination of cloud-scale security log management, behavioral analytics, and automated investigation experience can give security operations an advantage over adversaries, including insider threats, nation-states, and other cybercriminals. By understanding the normal behavior of users and devices—even as normal keeps changing—security operations teams have a holistic view of incidents for faster investigations and response.
Exabeam’s cloud-native platform ingests unlimited amounts of data from anywhere. Behavioral analytics can run on any data lake and leverage existing investments with more than 600 integrations—and is particularly well-suited to address compromised credentials via user and entity behavior analysis with patented machine learning (ML) technology, one of today’s most utilized and elusive threat vectors. We found that Exabeam helps security teams focus on meaningful work by automating the entire threat detection, investigation, and response workflow, eliminating repetitive manual tasks. Automatic reconstruction of incident timelines accelerates and streamlines security operations resulting in faster response times and more thorough investigations.
Exabeam Advanced Analytics uses ML with more than 1,800 rules and over 735 behavioral models to automatically baseline the normal behavior of users and devices with histograms to detect, prioritize, and respond to anomalies based on risk. Customers have options of over 165 prebuilt Correlation Rules, all pretagged according to common use cases as well as mapped to the MITRE ATT&CK framework. Automated incident response and case management enable teams to respond to security incidents rapidly and with less effort.
The Exabeam journey to digital transformation is rooted in its partnership with Google. Now fully cloud-native, Exabeam leverages Google Cloud tools and technologies to deliver the Exabeam Security Operations Platform at scale. The Exabeam Security Operations Platform uses a cloud-native data lake architecture to securely ingest, parse, and store security data from any location. Exabeam customers benefit from comprehensive log collection combined with powerful search capabilities that allow analysts to accelerate threat investigation across petabytes of data.
Figure 3. The Exabeam Security Operations Platform

Source: Exabeam and Enterprise Strategy Group, a division of TechTarget, Inc.

Over the past two years, Exabeam has deepened its partnership with Google Cloud. In 2021, they announced their availability on the Google Cloud Marketplace to ease the adoption of their SIEM technology. Last year they announced how they are using the Google Cloud Stack—which includes BigQuery, Data Flow, Looker, and other services—to architect their new portfolio of cloud-scale products; they are also starting to integrate Vertex AI into search functions with references to Sec PaLM2 as a large language model. As a result of the integration with Exabeam, Google Cloud enhanced the security they provide to Google Workspace, Security, and Gmail customers.
Figure 4. Google Stack Impact

Source: Google and Enterprise Strategy Group, a division of TechTarget, Inc.

Google Cloud has helped Exabeam drive positive business outcomes to security operations customers in numerous ways:
• Exabeam certifies that it can process more than 2 million events per second (EPS) per tenant, but it has seen customers with volumes of well over 2.5 million EPS with no performance issues.
• On Google Cloud, Exabeam was able to accelerate the entire software delivery life cycle significantly, with an average of 17 to 20 updates and releases per month, triple what it was able to accomplish with prior on- premises updates, improving the timeliness and accuracy of detection and response.
• Exabeam has improved customer support and responsiveness. The average age of support tickets has decreased by 65% on Google Cloud.
• Compliance certifications have been accelerated from their previous standard of once a year for all components. With Google Cloud, Exabeam is able to complete certifications faster. In addition to ISO 27001, Exabeam recently achieved ISO 27017 and ISO 27018 much faster than was possible before by leveraging Google’s summary of controls. Where ISO 27001 focuses on an organization’s management of information security risk, ISO 27017 and ISO 27018 are tailored specifically to cloud operations and privacy.5 Exabeam expects to complete IRAP for Australia in the November/December time frame.

Why This Matters

Companies continue to embrace the cloud to create and deploy business applications. According to Enterprise Strategy Group research, 46% of organizations surveyed indicated that they have a cloud-first policy for deploying new applications. This has led to a change in how organizations build applications that Exabeam has experienced first-hand.

Google Cloud provided Exabeam with a secure, highly scalable platform on which to develop and deploy its cloud-native SecOps offering, reaping numerous business benefits from the partnership. An Exabeam executive told Enterprise Strategy Group: “Google ... makes it so much easier for us to deal with our own challenges without having to worry about the back end.”

Running in Google Cloud means that Exabeam uses Google Cloud’s infrastructure and first-party tools to create and deliver differentiated products and offerings to their customers at scale and with performance that was impossible with their on-premises infrastructure.

Conclusion

Cloud services are an integral part of organizations’ efforts to increase productivity and drive innovation to serve their customers and organizations are increasingly adopting a cloud-first policy for new applications. Cloud services enable ISVs to modernize their application development processes to meet their digital transformation objectives.6 Finding and retaining skilled cloud security professionals is a significant challenge, which presents a market opportunity for cybersecurity ISVs who develop and deliver solutions to help customers efficiently manage risk and protect their businesses with the move to the cloud.
Cybersecurity vendors need a better way to scale with modern development cycles to address security issues and stay ahead of threats. They also need to be able to monitor cloud workloads to detect security issues and respond quickly to threats to protect their customers and their data.
Google’s cloud infrastructure stack builds security through progressive layers designed to deliver true defense in depth, which is how Google Cloud secures more than three billion users globally. Enterprise Strategy Group validated that Google Cloud aligns with the needs of security ISVs and helps them deliver better, more capable offerings, faster. The ISVs we interviewed confirmed that Google Cloud’s economies of scale, software-defined infrastructure, simplicity, shared responsibility, automation, and global reach help them accelerate time to market and optimize the delivery of new products, enhancements, and updates.
Enterprise Strategy Group validated that Google Cloud’s core infrastructure and first-party tools enabled Exabeam to accelerate its digital transformation to a fully cloud-native solution while providing agile, scalable, and differentiated security offerings to its customers without disruption at levels of scale and performance that were previously impossible. An Exabeam executive said it this way: “We’re changing the very nature of what our product is and how it works because of Google Cloud, and that’s what’s extremely cool.”
Google Cloud offers broad and deep infrastructure and security support for ISVs developing solutions to secure their customers’ applications across the globe. Organizations that fully leverage everything that Google Cloud has to offer will find themselves able to bring massive scale to their solutions while providing broader visibility, faster analysis, and more effective response to their clients, without adding complexity.

This Enterprise Strategy Group Technical Validation was commissioned by Google and is distributed under license from TechTarget, Inc.

©TechTarget, Inc. or its subsidiaries. All rights reserved. TechTarget, and the TechTarget logo, are trademarks or registered trademarks of TechTarget, Inc. and are registered in jurisdictions worldwide. Other product and service names and logos, including for BrightTALK, Xtelligent, and the Enterprise Strategy Group might be trademarks of TechTarget or its subsidiaries. All other trademarks, logos and brand names are the property of their respective owners.

Information contained in this publication has been obtained by sources TechTarget considers to be reliable but is not warranted by TechTarget. This publication may contain opinions of TechTarget, which are subject to change. This publication may include forecasts, projections, and other predictive statements that represent TechTarget’s assumptions and expectations in light of currently available information. These forecasts are based on industry trends and involve variables and uncertainties. Consequently, TechTarget makes no warranty as to the accuracy of specific forecasts, projections or predictive statements contained herein.

Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of TechTarget, is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact Client Relations at cr@esg-global.com.

About Enterprise Strategy Group

TechTarget’s Enterprise Strategy Group provides focused and actionable market intelligence, demand-side research, analyst advisory services, GTM strategy guidance, solution validations, and custom content supporting enterprise technology buying and selling.