Google Cloud uses generative AI to boost security operations
Google Cloud Security has announced several new innovations leveraging generative AI to advance its security operations. These updates, revealed during the recent RSA Conference in San Francisco, are set to streamline security operations, boost productivity, and enhance threat detection capabilities, offering significant improvements in the field of cybersecurity.
The new AI-driven solutions from Google aim to simplify security operations by reducing the complexities of do-it-yourself configurations that often hinder efficiency. Michelle Abraham, research director at IDC, highlighted that Google Security Operations provides unique threat intelligence and advanced capabilities that are seamlessly integrated into the platform. This integration enables security teams to identify the latest threats with ease, without necessitating complex engineering efforts.
Google's Applied Threat Intelligence was a focal point at the Next 24 event, demonstrating how it empowers security teams to turn insights into actionable intelligence. The company unveiled new features that will be released later this year, which utilise AI to automatically generate detections based on new threat discoveries. These features are designed to help teams identify malicious activities within their environments and provide precise directions for triage and response.
As part of the updates, Google Security Operations has introduced curated detections to minimize manual processes and improve security outcomes. These detections, developed in collaboration with experts from Mandiant, are regularly updated to stay ahead of emerging threats. Key additions to the curated detections include:
Cloud Detections: These address serverless threats, cryptomining incidents, findings from Google Cloud and Security Command Center Enterprise, anomalous user behaviour, machine learning-generated prioritized endpoint alerts, and AWS coverage for identity, compute, data services, and secret management.
Frontline Threat Detections: These provide coverage for newly detected methodologies, threat actor tactics, techniques, and procedures (TTPs), including those from nation-states and new malware families. These detections are available in the Google Security Operations Enterprise Plus package.
Google has also introduced Gemini within Security Operations, aimed at significantly enhancing the productivity of security analysts. Gemini reduces the time spent on complex tasks by allowing analysts to search for context, understand threat actor campaigns, initiate response sequences, and receive guided recommendations using natural language queries.
Additionally, the Investigation Assistant, now generally available, supports security professionals in making faster and more accurate decisions. It provides summaries of events, hunts for threats, creates rules, and recommends actions based on the context of investigations. The Playbook Assistant, currently in preview, further simplifies the creation of response playbooks, the customization of configurations, and the incorporation of best practices.
Managing data pipelines, a critical and time-consuming task in security operations, is addressed with Google's new autonomous parsers. These parsers can automatically extract key-value pairs from log files, making the data readily available for search, rules, and analytics. Currently supporting JSON-based logs, Google plans to expand support to other formats, thereby reducing the overhead of maintaining custom parsers and accelerating the detection authoring process.
For comprehensive threat management, Google Security Operations integrates seamlessly with Mandiant Managed Defense and Mandiant Hunt. This collaboration combines the expertise of Mandiant's defenders with Google's AI-powered capabilities to monitor, detect, triage, investigate, and respond to incidents effectively.
Google also offers SecOps CyberShield tailored for public sector clients, enhancing cyber threat capabilities for governments globally. This initiative underscores Google's commitment to providing specialized support across diverse sectors, ensuring robust cybersecurity standards across various domains.