CISOs are looking for simplification of their security tooling, a need which must be at the center of cybersecurity solutions going forward.
This was the clear message from security executives speaking at the Google Cloud Summit 2025 in Las Vegas.
The growing tech complexity experienced by security teams is resulting in a greater toll for security leaders, making their jobs more difficult.
“I don’t think you’ll speak to a single CISO who doesn’t have a complaint about the number of tools, because every one comes with a certain cost,” noted Brian Roddy, VP Engineering of Cloud Security at Google, speaking to Infosecurity at the event.
This message came as Google announced a raft of new security solutions for customers on April 9.
One of these is Google Unified Security, a converged AI-powered solution encompassing all of Google’s capabilities. This includes cloud security, Google SecOps, secure browsing, and threat intelligence provided by various sources, such as Mandiant and Google Threat Intelligence.
Google Unified Security is now generally available to customers.
Speaking to Infosecurity, Nick Godfrey, Senior Director and Global Head at the Office of the CISO at Google Cloud, explained that the creation of this solution is born out of the significant “pain points” experienced by security leaders he works with.
This is largely a result of sprawling and complex security tools and technologies across enterprises. This has made it difficult for CISOs to know how to use security operations centers (SOCs) effectively.
“It’s hard for the SOC and the CISO to get an end-to-end understanding of what is going on,” Godfrey noted.
Google Unified Security aims to overcome this issue by managing the vast amounts of data in an accessible and actionable way. For example, CISOs can quickly check on threat data without having to continuously consult with the SOC.
Godfrey described it as a “platformization” of an approach that “aims to reduce all of that complexity and remove the unnecessary moving parts of the CISO and the SOC.”
New AI Agents to Alleviate Pressure on Security Teams
Another major product announcement by Google at the event related to two new AI security agents. One of these is an alert triage agent in Google Security Operations, which will perform investigations on each security alert for customers.
Read now: Microsoft Security VP Reveals Security Copilot’s Agentic AI Transition
The other is a malware analysis agent in Google Threat Intelligence, which will investigate whether code is safe or harmful.
Each of these agents are designed to support the work of human security analysts, removing major burdens like alert fatigue and freeing them up to focus on complex issues.
Roddy noted: “It’s amazing that all this work which traditionally takes a lot of time, such as going through logs and different searches and intelligence and doing that correlation, can be done by us.”
Roddy also highlighted his excitement about the potential of the AI malware analysis agent. He noted that the WannaCry malware attack in 2017, which severely impacted organizations around the world, was stopped when a security researcher reverse engineered the malware to discover a kill switch.
That same malware was given to the AI malware analysis agent, which discovered the same kill switch within a minute.
A Gradual Approach to Passwordless Adoption
Google’s focus on meeting user needs and reducing complexity extends to individual end users.
In November 2024, Google announced it was rolling out mandatory multifactor authentication (MFA) on all Google Cloud accounts. The phased rollout is designed to be completed by the end of 2025.
Heather Adkins, VP Security Engineering at Google Cloud, told Infosecurity that mandatory MFA is part of a broader strategy to bring about passwordless authentication to its users.
“We’re on this journey of killing off the password, we’ve been on that journey since 2010,” she said.
Adkins explained that there has to be a level of acceptance from users for passwordless solutions, such as passkeys, to ensure they work effectively. MFA provides a step towards this goal, being a method that most users are now familiar with, such as through work or online banking.
“SMS based MFA is a necessary step to the bigger goal but it’s certainly not sufficient for solving the severe class of vulnerability which is use of passwords,” she commented.
