During its annual Cloud Next conference in Las Vegas, Google unveiled a range of new cloud-based security offerings and enhancements to existing ones. Google specifically designed these updates to meet the needs of customers managing extensive, multi-tenant corporate networks.
A number of the announcements revolved around Gemini, Google’s leading family of generative AI models.
As an expert in artificial intelligence, I can tell you that Google recently introduced Gemini in Threat Intelligence. Gemini powers this new component of the company’s Mandiant cybersecurity platform. Now available for public preview, Gemini in Threat Intelligence offers the capability to analyze significant amounts of potentially malicious code. Users can easily conduct natural language searches for ongoing threats or indicators of compromise. Additionally, Gemini can provide concise summaries of open-source intelligence reports sourced from various websites.
Sunil Potti, General Manager of Cloud Security at Google, stated in an Eltrys blog post that “Gemini in Threat Intelligence now provides conversational search capabilities across Mandiant’s extensive and expanding threat intelligence database, sourced directly from frontline investigations.” For thorough exploration, Gemini efficiently guides users to the most pertinent pages within the integrated platform. In addition, VirusTotal, the malware detection service by Google, now has the capability to automatically incorporate OSINT reports. Gemini, on the other hand, conveniently provides a summary of these reports within its platform.
In other news, Gemini is now able to provide support for cybersecurity investigations within Chronicle, Google’s cybersecurity telemetry service for cloud customers. Scheduled for release at the end of the month, the upcoming feature assists security analysts in their regular tasks. It provides recommendations based on the specific context of a security investigation, summarizes security event data, and allows for the creation of breach and exploit detection rules through an intuitive chatbot-like interface.
Gemini powers a cutting-edge feature within the Security Command Center, Google’s enterprise cybersecurity and risk management suite, enabling security teams to effortlessly search for threats using everyday language. This feature also provides concise summaries of misconfigurations, vulnerabilities, and potential attack paths.
Completing the security updates is privileged access manager (in preview), a service that provides just-in-time, time-bound, and approval-based access options to help mitigate risks associated with privileged access misuse. Google is currently in preview for a new feature known as the principal access boundary. This feature allows administrators to set restrictions on network root-level users, limiting their access to authorized resources within a defined boundary.
Finally, Autokey (in preview) aims to streamline the process of creating and managing customer encryption keys for high-security use cases. On the other hand, Audit Manager (also in preview) offers a range of tools for Google Cloud customers in regulated industries to generate proof of compliance for their workloads and cloud-hosted data.
In a blog post, Potti expressed his belief in the immense potential of generative AI to shift the advantage towards defenders. “And we are constantly integrating AI-driven capabilities into our products.”
Other companies are also working on developing generative AI-powered security tools. Last year, Microsoft introduced a range of services that utilize advanced AI technology to analyze and connect data related to cyber attacks, with a focus on identifying and addressing cybersecurity incidents in a more efficient manner. Startups, such as Aim Security, are also entering the field with the goal of dominating this emerging market.
However, the long-term viability of these tools remains uncertain due to the tendency of generative AI to make errors.