Transcript
Strategy Group, and I'm joined today by Preston Ho from Google and Brooke Chelmo from Fortinet. Fortinet is one of Google's trusted security partners, and today we're going to be talking about the Google Cloud Security ecosystem and how Fortinet's 40XDR endpoint security platform works with Google Cloud to provide differentiated security offerings and capabilities, accelerate time to market, and they help their customers secure their cloud applications. First, I want to give you a little bit of background. So our research revealed that momentum for digital transformation is accelerating. We all know that. Organizations of all types and sizes are under increasing pressure, pressure to improve productivity, drive innovation, and serve their customers. Increasingly, organizations are leveraging public, private, and hybrid cloud services to meet that demand. The strategies for setting up cloud security differ from setting up protections for physical data centers, and misconfigurations can lead to gaps that attackers can exploit. Cloud services enable teams to modernize their application development and their business processes, and that helps them meet their digital transformation objectives, including becoming more operationally efficient, providing better customer experiences, using technology that enables collaboration, and improving product development. Our validation analysis focused on how Google Cloud enables security ISVs like Fortinet to provide differentiated security offerings and capabilities that helps them accelerate time to market and helps their customers secure their data and applications. As attacks become more sophisticated and difficult to detect, organizations need to defend their endpoints effectively without manual intervention. Further, organizations need the ability to investigate advanced threats and support threat detection and response for cloud resources. Extended detection and response, or XDR, is among the top three strategies organizations cited when they were asked how they plan to fortify their security operations. Modern XDR platforms must collaborate well with third-party sources and enable organizations to correlate and act on data quickly before a successful compromise can do any heavy damage. So I'd like to turn to Preston. Preston, can you introduce yourself and give us a quick overview of the Google Cloud security ecosystem? Absolutely, Tony. Thank you. And hello and welcome, everyone. My name is Preston Hogue. I'm responsible for security partner marketing across Google Cloud. And really excited to talk to you about Google Cloud, our differentiation, and how we partner and work with Fortinet to provide unique value for addressing today's security landscape. In fact, at Google, we're really proud of the innovations, innovations that have helped drive the overall application infrastructure of today's internet. That application infrastructure is built on top of what we now know as Google Cloud. And in Google Cloud, we have really key differentiation that we believe sets our overall security platform apart from other cloud service providers and other security vendors in general. First and foremost, it really drives the fact that we have a shared fate. And when we talk about that shared fate, that is a shared fate with our customers. And what's critically important is that Fortinet is not only a partner of ours. First and foremost, they are a customer that's also on our overall Google Cloud platform. The second element of this is purpose-built hardware. And you think about it, whether you're talking about GPUs or TPUs or CPUs or even ASICs. Today, we know that it is critically important to have custom hardware to address the overall evolving threat landscape. And then we look at a technology such as Kubernetes. Many of you may not know, but that was actually developed by Google. And now it's leveraged by all the cloud service providers. And then there's that infamous white paper that Google wrote about 15 years ago that was all about beyond core. And what was that about? It was about zero trust and looking at the overall user and what they were actually accessing. We've taken that same core principle and what we call beyond prod and built it into the fabric of our overall infrastructure to where we make sure applications, when they're talking to services, take that zero, that same zero trust principles into the network infrastructure. And so I'm going to talk about three key foundational elements that we believe are critically important for Google Cloud to be successful. The first layer is all about trust. Just like any relationship that we all have, the foundation of that relationship has to be trust. And we believe the foundation with any of our customers or partners has to be built on trust. The second layer is all about innovations. It's about those innovations of key technologies such as secure cloud or data cloud or open cloud or developer cloud. On top of that, innovation is all about partnerships. The evolving threat landscape that we're dealing with today is so massive. Google Cloud can never address it on our own. This is why we have to partner with companies such as Fortinet to be able to integrate core technology such as XDR on our platform to be able to help you as customers. I'm going to drill into each of these layers. That first layer, we already talked about TPUs and CPUs and GPUs and ASICs, but it's critically important that we're able to take some of these overall key threats and vulnerabilities and build them into hardware such as something like a DDoS type of attack. The other area that we've already talked about is that zero trust, but it's also not only the zero trust infrastructure that we have built into our platform, it's also the ability for partners such as Fortinet to be able to build their zero trust solutions on top of our platform. And then the other element is that when you look at our overall network infrastructure, we believe we have a differentiated network infrastructure than other cloud service providers. In fact, we're leveraging the same network infrastructure that we built to deliver and support applications to over three billion users. And so we're able to leverage that to be able to deploy new regions, to be able to address attacks to each of you as customers in a much more expedited and quick fashion than we believe our competitors can. On top of trust, of course, is innovations. Talk about data cloud, right? We're looking at the entire ecosystem of data lakes and databases and being able to look at data analytics for each of you as customers to ensure that you can build on top of that data and start to build key elements like we talked about a vertex AI. And if you think of vertex AI, think about it really being more of a machine learning platform and a machine learning workflow. On top of that, Gemini is really about what we believe to be the most differentiated large language model. But there's also other AI technologies that we're taking in such a SEC LM where we're taking key threat intelligence from acquisitions such as Mandiant and building it into our overall platforms to ensure that key partners can leverage it, but also to ensure you as customers can leverage these key differentiated AI types of technologies. And then there's that open infrastructure. We talked about Kubernetes, but there's also other core technologies such as Anthos. Why is Anthos so important? It's because we believe that we differentiate as a cloud service provider as we actually recognize that there are other cloud service providers. As a result of that, we built multi-cloud into the way that we address, you know, any application. But it also lends itself very well to actually applying policy because we know you as customers actually are using multi-cloud environment. And we want to make sure that you can leverage core technologies such as Fortinet that not only address threats in Google Cloud, but you can address threats in all of the multi-clouds that exist out there. And then there's security cloud. We talked about the threat intelligence, but we have other core technologies that can be leveraged when you're in Google Cloud that can complement, you know, other technologies such as Fortinet. And then, of course, we want to make sure that we're also securing workspace and have all of those core technologies that are necessary to support those critical applications. On top of this, and why we're really here today, is it's all about the partnerships. As I said, the evolving threat landscape is so massive. We all know this. We know the challenges we're trying to deal with. It's critically important that we as Google Cloud are looking at every single category as we do look at every category. It's the reason why we're here today and why we're partnering with Fortinet is because we know when it comes to next generation firewalls or when it comes down to web application firewalls or why we're here to talk about the technical validation, XDR, we cannot do it without a key partner such as Fortinet. And so to summarize, it's all about at Google Cloud, it's all about that foundation of trust, building innovations on top of that and partnerships. And I'm really excited to hand this back over to Tony to further the conversation and then drill in further into Fortinet. Tony, back to you. Thanks, Preston. As always, fantastic summary of really the breadth of Google's security ecosystem and just how ingrained into the DNA it is. So, Brooke, can we pivot to you and could you introduce yourself and tell us just a little bit about Fortinet? Yeah, thank you, Tony. My name is Brooke Chelmo. I'm a director of product marketing. I'm a senior strategist here. There's a lot of different roles that I play here. I'm overall endpoint security here at Fortinet. And we leverage a lot of different technologies out there to really deliver cutting edge technology for our customers. And one of those is the Google Cloud platform, which we use specifically for our threat hunting background, especially when it get into XDR. What really makes us different here is, first of all, we build this upon the Fortinet security fabric and third party tools. It's a kernel based design on Linux and Windows. There's no kernel in Mac OS. It's a different build there. But on Windows and Linux, it runs very lightweight because we live at the kernel level. Most EPP solutions are user space based, which means they have to hook into the kernel space, which makes them heavy. They don't have the same level of visibility. You can evade them. There's a lot of interesting articles about that one if you want to read those. So our kernel based design makes us very lightweight. We have wonderful visibility into what code wants to do on the endpoint, because what we're trying to do here is behavioral based detection of malicious code. So at any given time, if there's code changing on your device all the time, especially when you have a browser open, especially when you're pulling something down from the Internet, you're actively using your device. And so we have to look for continual changes to behavior and changes to files, etc., all the time. And so with that said, living at the kernel level also allows for us to install without rebooting the machine, etc. So not to get too deep into how systems are designed, but this is one thing that really makes us really help a lot of customers, especially when they're dealing with legacy operating systems that don't have a lot of firepower, when they're dealing with OT systems. And again, living, breathing AI on the endpoint also makes it really fun to use when you're in a network constrained situation, because it's always working all the time. So what XDR is trying to do here is pull in as many inputs as possible to ultimately try to make correlations. In many situations, and you'll see this Preston, where you'll log into, let's say, a random security tool like a CASB, you'll log into a console, you'll see a few alerts hopefully there. Sometimes they're low fidelity, and it makes you think, well, that's this white noise, that's false positive, it's maybe coded as inconclusive or coded as likely safe. So I'm going to ignore that. You can do the same thing. You can go swivel chair over and now log into your email security console and see the same thing. Because these two components really don't talk to each other, you can't really say that these are the same thing, unless they have almost identical timestamps. But again, you have to have some savant level IQ to probably tie these all together. And given the fact that 71% of our security operations staff are already reporting being burned out and overwhelmed and alert volume is a huge problem, take a look at the Global Ransomware Survey from last year from Fortinet, take a look at our ESG information that we have on the Fortinet website, well, that digs into this problem here. So since we interface with things like the Google Cloud Security Command Center, we're able to bring a lot of correlations across the ecosystem that goes from the firewall to the cloud, the mail, et cetera, correlate that and then say, hey, this is an issue that's all tied together. Now we're going to be driving a detection with XDR. And then followed by that, the A.I. will be doing the investigation for you. So that's one of the major problems that we're seeing today is that people will have to do the investigation manually and it can be taxing, it can be time consuming. And one of the number one issues that you do have burnout in your organization is kind of. Rapid exception building, but then again, some people are like, you know, you know, shoot first, ask questions later, automate everything. And some people say, do not automate a thing. We will be the ones who will take that. We'll make that decision ourselves. But again, having the A.I. bundle things up to you and saying, hey, I believe that this is an issue. This looks like an intrusion. This looks like someone left cobalt strike beacons in the, you know, throughout the environment. So that's where the A.I. guided remediation can come into play there, Tony, where you can say, you know, do it for me instantly. Because we want to take the meantime to detect and repair and bring that down to as low as possible. You know, the one ESG paper that we do have on the Fortinet website, you know, again, wonderful research there, Tony, is that they said 22 days was the average time for someone to. Find an issue, investigate it, remediate it, you know, so basically do the whole thing in 22 days, you know, the Fortinet security platform is doing this less than an hour, so that's the whole goal. And so as a result, we talk about the response options, right, Tony? And in this case, we're getting into, you know, we can imagine all the things we want to do and the more integrations we play, we can bring it all together. And so, again, a lot of this is powered by Google Cloud, you know, giving us the capability to then trace this all together and say, bam, this is an issue and we're going to drive that remediation right now. So, right, and, you know, it's it's it's great because, you know, some of the things that we found in our in our examination of the platform for this project was that what, you know, to boil down what you said into a sentence, you're providing you're providing context that teams just don't have, right? You're providing that context and giving them the ability to confidently automate those responses or to be comfortable and confident that that an automated response is going to be appropriate. It's going to fix the problem. It's going to do it fast and it's going to do it right. Right. That's that's really that's really what it all boils down to at the end of the day. So at this point, thank you very much, Brooke. That was that was a really tremendous overview of an incredibly complex topic. And so, as I mentioned earlier, I want to talk a little bit now about our validation study and how we, Enterprise Strategy Group, examined how Fortinet leverages Google Cloud's global platform top to bottom security stack to provide differentiated offerings like 40 XDR, right, accelerating your time to market and helping your customers be more secure. So just a couple of a couple of slides, a couple of minutes here, as you pointed out, right, 40 XDR is a cloud native endpoint security platform that's built on top of 40 EDR. Right. And essentially it protects endpoints from compromise, works in conjunction with Fortinet security fabric and Google Cloud Security Command Center. And it's the one thing that I did you did talk about briefly that I really want to emphasize here that it's incredibly lightweight for what it's doing. Right. I think that one of the data points that I remember talking to your engineers about is that there are the average EDR solution has like 33 hooks into the client system. You guys are doing it with six. You're using less than 2% of CPU to provide all of this analysis, all of this functionality. Right. And so what you're doing with this kernel based agent is you're providing visibility into potential attack paths, right, operating at a very low level within the system that provides resistance against evasion tactics, right, to malware, which you also talked about a little bit before. So the platform, it integrates these automated response capabilities that we looked at. Right. That's driven by your analytics. It's provided by an organization's data lake architecture, as well as by Google Cloud. There's lots of sources that you're taking in to, again, to provide that context to this deluge of information that's there that's just impossible to do manually. 40XDR performs extended response remediation actions. It can automatically generate firewall rules to block traffic. It can block phishing emails. It can initiate quarantines. Right. It can take all these actions to protect and to remediate compromised endpoints and just halt the spread of attacks to just kill lateral movement. So 40XDR also includes a free to use REST based API. Right. And that empowers organizations to develop their own custom integrations and implement additional automations as needed. And that's very important. So 40XDR consumes alerts from Google Cloud Security Command Center, right, that it's providing due to its vast pool of threat intelligence data, right, and its observations of the network environment to pinpoint potential attacks. In the use case that we examined, 40XDR automatically stopped malicious communication, right, by adding a firewall rule to block the IP address of a bad actor. 40XDR features a broad range of automated actions. Those include removing suspicious files, isolating compromised devices and running custom scripts for remediation. And all of that's available to your customers. Through this partnership, 40XDR provides strong endpoint protection without the added cost of additional data lakes and homegrown threat intelligence. So in summary, right, what we found is that Fortinet's partnership with Google Cloud helps organizations to better find and detect malicious activity and stop it with minimal effort and quickly. So to summarize all this, right, Fortinet is partnering with Google Cloud to better find, detect malicious activity and stop it. Google Cloud Security Command Center shares alerts from its own threat intelligence data with 40XDR, which then works within the Fortinet security fabric to detect attacks and automate response. Right. This integration reduces the mean time to detect and respond to potential attacks, but it also helps the security teams increase efficiency and effectiveness even as the IT environment grows more complex. And that kind of brings me to the end of my portion. And I'd like to chat with you both now a little bit more about the Google Fortinet partnership. So, Brooke, I'd like to start with you. Can you help our viewers understand a little bit more, you know, why Google Cloud for Fortinet? Right. What are the benefits versus using your own infrastructure? So, yeah, it's it's a mixture of things. We are obviously, you know, we're a hybrid deployment, so to speak. And we have a lot of internal things that I think hold 40 stack. And then we also have the Google Cloud platform as well. And the Google Cloud platform benefits obviously are one, you know, multiple pops in for people to, you know, against the threat hunting component of this. And so what a customer will often need to do is, you know, it depends on their region. They may want to, you know, they can be in Germany, they can be in Canada, they could be here in the U.S., they could be in Argentina, Paraguay, Philippines, et cetera. So multiple regions. So having that closer connection to the pop is really beneficial. First of all, I'll take it from the attacker's perspective. They'll take the kind of defender's position on this. And it's going to be it's always been a cyber arms race. It's been like this since 1987, when the first kind of commercial, you know, forms of malware were being identified out there in the market. The first antivirus is to really kind of come out on the four and a half floppy disk of the giant hole in the middle that the kids have no idea what it looks like. From the attacker's perspective, for example, I met with a large Finnish company in Finland probably about three months ago. And I asked them, how are things now with generative AI in the threat landscape? They said it's terrible. In terms of the phishing emails, we were only getting phishing emails largely from Estonian hackers because they could write in Finn. But people were trying to use Google Translate, but it came out so poorly that we knew obviously that this is a phishing scam. It was very, very obvious. But now anybody can write in Finnish and it's amazing. You can write in. I showed my wife, who's Japanese, an example. I said, write this like an Omori can fisherman. And it came out with this wonderful text as it was written by someone, you know, from that region with that kind of lifestyle. And she was shocked how you can do these things. The generative AI is being used one phishing campaigns. It's also being used a lot in new code development. Yes, there's some guardrails there, but they're easy to get around. So I have a next door neighbor here. He's using it all the time for pen testing, you know, so you can generate scripts and all sorts of code just on the fly if you get past the guardrails, which is why when you take a look at vulnerability weaponization over the last year, according to the Fortinet Global Threat Report, new vulnerabilities are being weaponized 43 percent faster. That's fundamentally a shift. I mean, we're talking about 13000 critical vulnerabilities in a year. And then maybe only a third of them are being weaponized. If you're going to start to see people weaponizing more, those are weaponizing it faster. It's going to be really hard for us to keep on top of that. Now, the industry from the defender side has already been using machine learning algorithms and using AI based on, you know, you know, MITRE tagging based on rule violations, based on patterns in machine learning for quite some time, because in reality, we're talking about even before Gen AI. And maybe the overhype or the benefits and the glory of it, we're seeing out of Gemini and others, is the, you know, is this the volume before all this, about a million attacks a day, a million different new strains, new strains, polymorphic versions, updates to last week's strain, et cetera, about a million to five hundred thousand a day depends on the volume. So we've already been using machine learning algorithms and AI to really take all that data and parse it down and create definitions for static definitions. But I've been also been using that to create AI algorithms like what happens in FortiEDR, what happens in FortiXDR, what's happening in FortiClient and other technologies here at Fortinet to really, you know, stop things before they can really become a problem. Right. But now what we need to probably get on top of things now is faster protection against new weaponized strains, new vulnerabilities, et cetera, and can translate back to you in your native language. Yeah, that's fantastic. Right. I mean, that kind of is one of the key ways that FortiXDR and Google are providing this integrated, you know, evasion resistant solution that's protecting organizations, you know, endpoints from compromise, absolutely, but also protecting against lateral movement. So you're looking at behaviors rather than static definitions, and that's super important. So I think we have time for just one more. And so I'm going to ask you both, Preston, first. So looking ahead, looking down the road, are there any any cautions, any advice that you can give to our viewers for cloud based services? How do you feel the Google partnership with ISVs like Fortinet is going to help navigate them? Yeah, well, I think, you know, it's all about information and building on top of that information, like Brooke has just described those three different areas, right, where we know that the evolving threat landscape is getting bigger. You know, clearly we know the threats and vulnerabilities is getting much bigger. The alerts are getting bigger. As a result of that, being able to leverage a platform that is built on data, you know, Google Cloud Platform, it's all about data. And when we get to AI, if we think about it and we think about, you know, machine learning and we think about large language models, large language models and security are going to evolve over time. They're going to start to build the structure to where it always knowns about a threat actor. It always knowns about what they're actually targeting from a vulnerability perspective. And as we get more and more momentum around building more structure around that data and being able to process that data quicker, Google Cloud believes that we're in the best position to be able to provide, you know, our partners such as Fortinet and ultimately all of you out there as customers, the optimized solution, leveraging what we believe to be the most secure platform that exists out there, Google Cloud Platform, and then working with the top partners out there such as Fortinet and building XDR. We believe it is the combination of that right security cloud platform, along with the key security technologies that get integrated within that platform, along with key customers that ultimately have a strong vision of how to leverage their own data that's going to put us in the best position to deal with the things that Brooke just talked about. Looking ahead, right? Are there any cautions you see? Or is there anything that's on the horizon for cloud-based services? And how do you feel, Brooke, that the Google partnership will help navigate them? We've seen a lot of growth within this cloud space. And people are putting a lot of resources in the cloud now, developing individual microservices. You know, that's something that we do as well, you know, in different components in different ways. So we're seeing, you know, the kind of the world of this hybrid network out there between on-prem versus cloud-based environments, for a lot of different reasons. And so as a result, security providers like ourselves, we made a big step this last week, you know, we acquired Laceworks. So there's a lot of things that we're doing to really try to, you know, to take the world of on-prem and the world of hosted cloud in together. Because again, we're trying to drive out the complexity and make it much more simple, instead of having, again, having to swivel chair from console to console, console to console, and then network to network and area to area, employee group by employee group, or device group. So again, try and drive the complexity out of it, make it a lot more simple. Because when ESG comes back and does another survey on, you know, do you feel that, you know, security operations is more complex than it was two years ago, hopefully the customer says it's a lot easier than it was two years ago. Exactly, precisely. And so that brings us to the end of our session today. And I just want to first off, thank both of our speakers, Brooke and Preston, your insights were fantastic. Your expertise is just immense on these subjects. And I want to thank all our viewers for joining us. And if you want to learn more about the Google security ecosystem, and Fortinet's place in it and 40XDR and how they work together to make your endpoints more secure, check out the report. Thank you.