Foresite Catalyst
MXDR for Google Cloud
On September 23, Google and Foresite co-hosted the Toronto Cybersecurity Forum at Google’s downtown office. The event brought together security leaders, practitioners, and innovators to explore how AI-powered operations are reshaping the modern SOC.
From high-level strategy to hands-on technical exercises, the day delivered a clear message: security operations are evolving rapidly, and organizations need to adapt at Google scale and speed.
Setting the Stage: From Incident Response to AI-Powered Defense
The forum opened with a powerful reflection on the journey to the AI-driven SOC, a journey that began not with an AI breakthrough, but with a crisis.
The backstory of Google Chronicle is inextricably linked to the infamous Operation Aurora incident of 2010. This highly sophisticated state-sponsored attack on Google and dozens of other major corporations was a massive wake-up call, proving that even the most advanced perimeter-based "castle-and-moat" security models were fundamentally broken. The incident didn't just expose a vulnerability; it exposed a critical flaw in security architecture: a lack of visibility and an inability to analyze massive, disparate security data sets at speed.
Out of that necessity, Chronicle was born. The mission was simple, yet monumental: to build a security platform that could ingest, normalize, and analyze all of an organization’s security telemetry in real-time, at Google scale.
The Foundation: Unified Data and the GIGO Principle
This leads directly to the core principle discussed at the forum: "Garbage in, garbage out" (GIGO). Your AI is only as useful and effective as the data it is built on. If the data feeding an AI engine is messy, siloed, or incomplete, the resulting detection and response will be slow and ineffective.
To solve this, Chronicle introduced the Unified Data Model (UDM). UDM is the common language that enables AI use cases. It acts as an abstraction layer, normalizing security telemetry from thousands of different sources—firewalls, endpoints, cloud logs—into a single, structured schema. This injection and normalization of security data in an effective and scalable manner is what transforms raw, unusable noise into clean, AI-ready signal. By basing its entire operation on UDM, Chronicle ensures the AI models are working with the cleanest, most complete data possible.
The Advantage: Google’s Fully Integrated AI Stack
The final, critical piece of the puzzle is the technology driving the AI. Google is uniquely positioned as the only security provider with a fully integrated vertical AI technology stack, from chip to software.
- Chip: Custom-built silicon like Tensor Processing Units (TPUs) powers the lightning-fast, resource-intensive analysis required for large-scale security operations.
- Infrastructure: Global, secure data centers and networking designed for speed and scale.
- Software/AI Models: Advanced security platforms like Google Security Operations (Chronicle) and integrated AI like Gemini built directly on top of this hardware foundation.
This vertical integration means there are no compatibility gaps, no performance bottlenecks, and no vendor-hopping delays. For partners like Foresite, this full-stack integration means we can fully utilize a seamlessly optimized system to deliver maximum value, speed, and efficacy to our clients’ security operations.
Next-Gen SecOps in Practice
Foresite followed with a practitioner-focused session on how these concepts come alive in the field. Drawing on our Catalyst platform, we showed how organizations can:
- Detect and respond to threats in real time with Google SecOps.
- Automate compliance and reporting through integrated GRC tooling.
- Reduce fatigue by replacing repetitive SOC toil with AI-driven workflows.
The discussion emphasized outcomes, not just tools — demonstrating how next-gen SecOps enables teams to move faster, focus on the threats that matter, and scale operations without adding overhead.
Shopify’s Perspective: Scaling Security with AI
One of the highlights of the day was a roundtable discussion featuring Shopify’s Shane Lawrence, who shared insights into the challenges of scaling security operations within a developer-first, high-growth environment.
From balancing agility with security to ensuring visibility across a rapidly evolving cloud footprint, the conversation underscored that Canadian enterprises are already tackling the realities of AI-driven SecOps.
AI as a Co-Pilot: Addressing the Human Challenge
The technical deep dive quickly transitioned to a lively, unscheduled 30-minute Q&A session sparked by a thought-provoking question from a security leader at Shopify: "If AI is so effective, are we building the technology that will ultimately replace human analysts?"
This fear of replacement is common, but the ensuing conversation revealed something deeper: AI is being embraced precisely because of the significant pain points currently crippling the cybersecurity industry.
As explored further in AI in Cybersecurity: The Analyst’s Co-Pilot, AI is redefining what human-machine collaboration looks like inside the modern SOC — turning analysts into architects of smarter, faster, and more resilient defenses.
The forum participants quickly agreed that the primary issues facing security operations centers (SOCs) today are not technological, but human:
- High Burnout: Analysts are overwhelmed by alert fatigue, false positives, and the sheer volume of mundane, repetitive tasks.
- Low Retention & Talent Shortage:strong> The stress of the job, coupled with a global skills deficit, creates a revolving door, leaving security gaps wide open.
The Consensus: A Force Multiplier, Not a Replacement
The final consensus was clear: AI is not a replacement for humans; it is a force multiplier.
Instead of automating the analyst out of a job, AI is being tasked with automating the tedious, low-value work that causes the burnout. By offloading Tier 1 triage, basic log analysis, and preliminary investigation, technologies like Google Security Operations empower security teams to become exponentially more effective and efficient.
Analysts can shift their focus from sifting through noise to strategic threat hunting, complex incident response, and designing better preventative controls. This shift not only covers down on the talent shortages but also drastically increases the quality of life for existing teams, turning a role riddled with burnout into a more engaging, strategic, and sustainable career path.
Hands-On: Ctrl.Alt.Defeat Cyber Range
The forum closed on a high note with Ctrl.Alt.Defeat, a fast-paced cyber range that put attendees’ detection, hunting, and response skills to the test. In simulated real-world attack scenarios, teams raced against the clock to uncover threats and outmaneuver adversaries.
The rewards matched the challenge: winners took home Star Wars LEGO, while runners-up received a limited-edition Foresite coin — etched with our Catalyst modules and Google Cloud Security partners — a lasting reminder of the day’s theme: practitioner skill, innovation, and partnership driving security forward.
The exercise proved why immersive training matters: it builds confidence, sharpens instincts, and prepares analysts for the speed and pressure of real incident response.
Why Toronto, Why Now
Toronto has become a hub for AI and cloud innovation — home to leading research, global enterprises, and fast-scaling startups. Hosting this forum in Canada’s tech capital showcased the growing demand for AI-powered cybersecurity across the region.
For Foresite, partnering with Google to bring together leaders, innovators, and practitioners highlights our commitment to enabling organizations to transform security from a barrier into a catalyst for growth.
What’s Next for AI-Driven SecOps
The Toronto Cybersecurity Forum was just one step in a broader journey. As AI-driven SecOps becomes the new standard, Foresite will continue to work alongside Google Cloud to bring these capabilities to enterprises worldwide.
Learn more about how our Catalyst platform extends Google SecOps into a fully managed security operation.
Schedule a consultation to see how AI-driven SecOps can work in your environment.
