Google unveiled Google Threat Intelligence, a new Google Cloud Security offering, at the RSA Conference on Monday. The service aims to provide organizations with enhanced visibility into the global threat landscape, enabling them to better protect digital assets and respond to emerging cybersecurity threats.
Google Threat Intelligence draws information from various streams, including Google’s threat insights, Mandiant’s expertise, VirusTotal’s insights, and open-source intelligence from security communities.
Organizations can use this information to inform their approaches to protecting against external threats, managing attack surfaces, protecting against digital risks, analyzing indicators of compromise, and gaining expertise.
“The difference with this offering is not about the how, but more about the what, Steve Cobb, CISO of SecurityScorecard, told CSO. “The massive quantity and quality of threat intelligence available to Google is staggering. Mandiant’s insights from being on the front lines paired with the rich community data available in VirusTotal and the pure volume of data collected from Google’s email and business platform, really make the difference in this offering.”
Google Threat Intelligence includes Gemini 1.5 Pro AI model
The offering includes Gemini 1.5 Pro artificial intelligence model, which uses insights to drive threat intelligence operations, such as threat scanning and response. Gemini 1.5 Pro has a context window of up to one million tokens, allowing it to perform tasks such as condensing large datasets, reverse engineering malware, analyzing files, and producing custom summaries.
Google Threat Intelligence is offered as part of Google Cloud Security’s comprehensive security portfolio. The company did not provide further details on the Gemini-powered security updates to Chronicle and Workspace.
Security Operations, Google’s platform for detecting, investigating, and responding to cybersecurity threats, will use AI to automate detections from threat discoveries. Google and Mandiant experts provide teams with curated detections that let them specify the type of threat detection they need for their environment. The company unveiled two new kinds of detections: cloud and emerging threats.
New detections include cloud and emerging threats
Cloud detections help protect against serverless threats by tracking cryptocurrency mining incidents and findings from Google Cloud and Security Command Center Enterprise. They also integrate rules for detecting unusual user behavior, machine learning-generated alerts for device issues, and basic security coverage for Amazon Web Services. Cloud detections are now available with SecOps Enterprise and Enterprise Plus.
“As with many tools, I think it’s going to be a situation that depends on the maturity of an organization’s security team,” said Nick Hyatt, Director of Threat Intelligence at Blackpoint Cyber.
“There are a lot of security teams that buy threat intelligence tools and then don’t do anything with them because they don’t know how to use the tool to meet their needs. Threat Intelligence can’t be completely automated — even with the benefits that generative AI brings to the table, and you still need human analysis to validate results and provide context.”
AI cybersecurity tools such as Gemini are part of a major trend
The introduction of AI-enhanced cybersecurity tools such as Google Threat Intelligence reflects a broader industry trend toward leveraging artificial intelligence and machine learning for more effective threat detection and response, said Aura Chief Scientist and EVP of Product and Development Zulfikar Ramzan.
“The reality is AI is enabling more sophisticated cyber attacks from criminals, and we need defenses that keep up — for the enterprise and the individual,” he said. “AI technologies enable security solutions to analyze large volumes of data rapidly, identify patterns, and detect anomalies that may indicate potential security breaches.
“Google’s use of its Gemini AI technology, coupled with its extensive data resources, represents the evolution of cybersecurity defense mechanisms towards more proactive and predictive approaches. These tools not only enhance the speed and accuracy of threat detection but also enable security teams to stay ahead of emerging threats in an increasingly complex digital landscape.”