Google is launching a new cloud service designed to combine multiple streams of threat intelligence with Gemini-generated AI models to help security teams classify large amounts of data faster and more accurately to better protect organizations from cyberattacks. is creating.
Announced this week at the RSA conference in San Francisco, Google Threat Intelligence Services joins the company's Mandiant threat intelligence group, VirusTotal online malware detection and analysis service, and its ability to protect billions of devices and email accounts from threats. It takes advantage of the visibility that Google has. .
At the same time, the service leverages open source intelligence from the security community. Additionally, we've integrated Google's Gemini 1.5 Pro-generated AI models to help security professionals make sense of all the information, identify and analyze threats such as suspicious files faster, and eliminate time-consuming manual tasks. Automate and enable questions to be addressed through natural language processing. .
The service is available now and is part of Google Cloud's larger security portfolio, giving teams a more comprehensive view of their security landscape while reducing the time, energy, and costs associated with processing threat intelligence. Sunil Potti says: Google Cloud's VP and General Manager of Security is his manager, and his girlfriend Sandra Joyce is Google's VP of Threat Intelligence.
“Combining Gemini with a comprehensive view of the threat landscape will enhance your threat research process, strengthen your defense capabilities, and help you identify and defend against emerging threats,” Potti and Joyce wrote in a blog post. “We have reduced the time it takes.” “Customers can now compress large datasets in seconds, quickly analyze suspicious files, and simplify difficult manual threat intelligence tasks.”
Combining AI and Cybersecurity
It also puts Google Cloud's security capabilities in closer competition with the likes of Microsoft's Copilot for Security service, and is part of a larger industry trend to bring generative AI capabilities to cybersecurity tools. It is also a rapidly growing market. The AI market in cybersecurity was valued at $10.5 billion in 2020 and is expected to reach $46.3 billion by 2027, according to analysts at market research firm Statista.
Morgan Stanley notes in the report that “Cybersecurity organizations must rely on traditional tools such as antivirus protection, data loss prevention, fraud detection, identity and access management, intrusion detection, risk management, and other core security areas. We are increasingly relying on AI in conjunction with '
The technology's ability to process vast amounts of data and find patterns allows it to detect and analyze real threats faster than humans, with few false positives, and can be used to prioritize responses, phishing campaigns, and more. Identify and flag suspicious emails and simulate social engineering attacks. This is to help security teams better protect against cybercriminals and discover potential flaws before they do, the global investment bank wrote.
Morgan Stanley says leveraging AI is also important for organizations given the fact that threat groups are doing similar things to hone their attacks.
Multiple intelligence streams
For Google, the amount of threat intelligence it has access to is key to the new service. The insights the company collects themselves come from securing 4 billion devices and his 1.5 billion email accounts. The vendor blocks 100 million phishing attacks every day and gives Google “a vast array of sensors and a unique perspective on internet and email-borne threats that allow us to connect the dots on attack campaigns.” , Potti and Joyce wrote.
Mandiant, which Google acquired for $5.4 billion in 2022, also has incident response specialists and threat intelligence analysts. Google Cloud CEO Thomas Kurian said when the deal closed that the addition of Mandiant will bring the company “proven global expertise in comprehensive incident response, strategic readiness, and technical assurance.” , organizations can now mitigate threats and reduce business risk before, during and after a trade.” Incident. “
Mandiant investigates more than 1,100 cases a year.
Google's VirusTotal has more than 1 million users and provides potential threat indicators and real-time insight into emerging attacks, Potti and Joyce wrote.
Add generation AI
They write that the Gemini 1.5 Pro AI model can support up to 1 million tokens, providing the longest context window and performing the process of reverse engineering malware faster than humans. According to Potti and Joyce, the model processed the decompiled code of the malware file of the WannaCry ransomware worm, which targeted systems around the world running Windows in 2017, and analyzed it in 34 seconds. I was able to create . A kill switch for the malware was also identified.
“We also offer Gemini-driven entity extraction tools to automate data fusion and enrichment,” they write. “We can automatically crawl the web to obtain relevant open source intelligence (OSINT) to categorize online industry threat reports. We can then transform this information into a knowledge collection that identifies motives, targets, tactics, and techniques. ,Create corresponding hunting packs and response packs extracted from ,procedures (TTPs), actors, toolkits, and indicators of ,compromise (IoCs).
In total, Google Threat Intelligence can provide a comprehensive overview of over 10 years of threat reports and products in seconds.
Recent articles by author
