Keeper Security, which makes a zero-trust and zero-knowledge Privileged Access Management (PAM) platform which focuses on password management and cloud-native privileged account management, has announced a new partnership with Google Security Operations to protect businesses against cyber threats. The integration streams privileged access activity from Keeper into the Google Security Operations SIEM, which unifies threat detection, management and response with frontline intelligence and AI to help organizations stay ahead of new and emerging risks, and which will enable faster detection and stronger defense against threats. By streaming privileged access activity into Google Security Operations , organizations can stop attackers before stolen credentials turn into full-scale breaches. Keeper’s cloud-native PAM platform, KeeperPAM, now integrates with the Google Security Operations SIEM, the AI-powered engine of the modern SOC. Organizations can now find and investigate threats with AI-powered detections from Google and rich insights from Keeper. It can also streamline deployment with faster onboarding and automated third-party responses and unify SOC data to strengthen security and reduce costs.
As attackers increasingly leverage AI-driven techniques and sophisticated cyber campaigns, organizations must improve both visibility and speed of response. By combining Keeper’s Advanced Reporting and Alerts Module (ARAM) with Google Security Operations, security teams gain real-time, centralized insights into privileged access activity across their environments. ARAM takes Keeper’s reporting capabilities to the next level with enterprise-grade, customizable reporting and alerting functionality, allowing administrators to monitor any size user population, view summary trend data and receive real-time notifications of risky or unusual behavior, with all event data able to be logged into third party SIEMs. Events are continuously streamed directly into Google Security Operations, helping to eliminate visibility gaps and reduce the burden of manual oversight. The result is faster, more precise detection and response to potential breaches.
“Privileged access should never be a blind spot,” said Craig Lurey, CTO and Co-founder of Keeper Security. “By integrating our capabilities into Google Security Operations, we’re giving enterprises unprecedented visibility and control over their most sensitive accounts, enabling faster detection and stronger defense against threats.”
Keeper employs a zero-trust and zero-knowledge architecture to enforce robust end-to-end encryption across all users, devices and sessions, safeguarding your data at every touchpoint. KeeperPAM itself is a unified, cloud-native platform that secures passwords, passkeys, secrets and privileged sessions across hybrid and multi-cloud environments. KeeperPAM uses agentic AI to facilitate real-time threat detection and response through its KeeperAI feature, enforcing least-privilege access policies and delivering actionable intelligence from every privileged account. KeeperPAM thus reduces the risk of breaches and strengthens enterprise cyber resilience. Keeper’s Advanced Reporting and Alerts (ARAM) module empowers InfoSec administrators to support compliance audits and monitor over 100 different event types via customized reports, real-time notifications and integration into 3rd party SIEM. These include failed logins, administrative changes, record sharing and vault transfers. Keeper also works out-of-the-box with password rotation, passwordless authentication, SSO, SIEM, SDK, MFA and CI/CD applications. Keeper’s patented PAM platform also enables organizations to achieve complete visibility, security, control and reporting across every user on every device in any organization, and meets compliance mandates by unifying integral PAM functionality into one unified solution.
Keeper’s zero-knowledge security model has full end-to-end encryption and a unique data segregation framework to protect against cyber attacks and data breaches. Encryption and decryption occur on the device level, upon a user logging in to their Keeper vault. Each individual record stored in the user’s vault is encrypted with a random 256-bit AES key that is generated on the user’s device. The data remains encrypted after it leaves the user’s device, transmits over the internet, and is stored in the Keeper vault. The data can only be decrypted by the end-user, on their device, using their master password or elliptic curve private key.
The method of encryption that Keeper uses is a well-known, trusted algorithm called Advanced Encryption Standard (AES) with a 256-bit key length. Keeper uses PBKDF2 with HMAC-SHA256 to convert the user’s master password to a 256-bit encryption key with a minimum of 1,000,000 rounds. Sharing of secrets between users uses elliptic curve cryptography for secure key distribution. Keeper’s SSO Cloud capability provides authentication against a SAML 2.0 identity provider, while retaining full zero-knowledge encryption with the user’s vault.
So how does it all work?
Real-time monitoring is facilitated by continuous event streaming from Keeper into Google SecOps, enabling immediate detection of suspicious or unauthorized behaviour, while operational efficiency is enhanced through automated reporting and alerting that reduce manual log reviews, freeing IT and security teams to focus on strategic priorities. Furthermore, comprehensive event logging and access control documentation aid regulatory compliance for standards such as GDPR, PCI DSS, SOC and ISO. Additionally, the ingestion of BreachWatch event data offers proactive protection by identifying exposed credentials and helping to prevent account takeover attempts. In addition, the ingestion of BreachWatch data can be ingested to identify exposed credentials and prevent account takeover attempts. With zero-trust architecture, Keeper data is encrypted and decrypted at the device and record levels, so Keeper can never access it. The Keeper platform is continuously validated by third-party security experts through penetration testing, bug bounties and a public vulnerability disclosure program.
Google Security Operations offers a unified experience across SIEM, SOAR, and threat intelligence to drive better detection, investigation, and response. Google SecOps includes full fledged security orchestration, automation and response (SOAR) capabilities. It lets you build playbooks that automate common response actions, orchestrate over 300 tools (EDRs, identity management, network security and more), and collaborate with other members of the team using an auto-documenting case wall.
Google SecOps also provides a rich and growing set of curated detections out of the box. These detections are developed and continuously maintained by Google’s team of threat researchers. They leverage the Gemini investigative chat assistant to search your data, iterate, and drill down using natural language and to create detections. Google SecOps also allows for custom detection authoring using the intuitive Yara-L language, in a fraction of the time and code.