Google has chosen Siemplify to safeguard its cybersecurity. But is Siemplify competent enough?
On January 11, 2022, Google announced that its cloud division had bought Israeli cybersecurity startup Siemplify. While financial details of the agreement were not disclosed to the public, a source said Google paid a total of US$500 million for Siemplify.
Founded in 2015 in Tel Aviv, Siemplify’s mission is to re-envision security operations. It has developed a Security, Orchestration, Automation Response (SOAR) platform with multiple software capabilities—threat and vulnerability management, security incident response and security operations automation. SOAR allows companies to collect threat-related data from various sources, with which they can then automate and prioritize responses to the threats.
Why did Google choose Siemplify?
Some companies still manually detect threats. However, this archaic method is prone to errors, wastes time and resources and slows down response times due to the lack of standardized response capabilities. By using SOAR technology offered by security vendors, such as Siemplify, companies can minimize the impact of all types of security threats, centralize asset monitoring and consolidate the technology and experience of cybersecurity experts.
Before Google Cloud’s acquisition, Siemplify’s SOAR platform was behind security teams of companies, such as FedEx and Societe Generale. Siemplify is responsible for improving the efficiency of the companies’ Security Operations Centers (SOC) and delivering improved case management, investigation, integrated threat intelligence and crisis management.
Google’s partnership with Siemplify signals its commitment to advancing invisible security and countering cyberattacks that are “rapidly growing in both frequency and sophistication”.
Some believe this collaboration will “further realize Google Cloud’s vision of a modern threat management stack” and enable “better detection and response at the speed and scale of modern environments”.
The chaotic outbreak
Indeed, Google and Google Cloud have been susceptible to many substantial security threats, including data breaches, credential and access management issues and identity protection.
In September 2021, Google Chrome was found to have a bug exploited by hackers before Google could find and fix it. It was marked as a “zero-day vulnerability”, meaning that hackers had a head start over the security analysis and had already exploited it on a large scale. Google mentioned that the loophole was a “Use-After-Free” vulnerability, typically arising from the incorrect use of dynamic memory during program operation. Google Chrome users can only protect themselves by downloading their browser updates and reinstalling Chrome to apply the security fix.
In November 2021, hackers exploited loopholes in the Google Cloud Platform to download cryptocurrency mining software, install ransomware, send spam, stage phishing campaigns and generate traffic to YouTube videos to manipulate the view count.
In one instance, Russian government-backed hackers sent an email blast to over 14,000 Gmail account users from the United States, the United Kingdom, India, Canada and the European Union nations, explicitly targeting journalists, think tanks and non-governmental organizations (NGO) employees. In another instance, a North Korean hacker group breached loopholes in computers running Google’s Chrome internet browser. They posed as computer security bloggers, using fake accounts on social media to interact and steal information from security researchers worldwide. Several of the targeted researchers were affected by the virus after following a link to a blog set up by the hackers. And all these incidents occurred in just a single year.
Learning the lesson
The digital world grows every day as additional users gain access to it. Big companies, like Google, must take responsibility as the industry’s leaders and protect their users. Hopefully, the joint collaboration between Siemplify and Google Cloud can reduce security risks and better safeguard their customers’ and operations systems’ safety and privacy.
As we move towards the age of Web 3.0, people must become more informed and educated about cybersecurity. While Web 3.0 provides greater control of your digital identity, it comes with greater responsibilities. People must be more cognizant of their safety in the digital world or pay an even heavier toll when the age of Web 3.0 begins.
- What Are Dark Patterns and Why Google, YouTube & Facebook Are in Trouble for Them
- Google’s Global Antitrust Battle
- Orange and Google Cloud to form strategic partnership in data, AI and edge computing services
Header image courtesy of Unsplash