At its annual Cloud Next conference in Las Vegas, Google on Tuesday unveiled new cloud-based security products and services — in addition to updates to existing products and services — aimed at customers running large, multi-tenant enterprise networks.
Many of the announcements had to do with Gemini, the flagship of Google’s family of AI models.
For example, Google unveiled Gemini in Threat Intelligence, a new Gemini component of the company’s Mandiant cybersecurity platform. Now in public preview, Gemini in Threat Intelligence can analyze large chunks of potentially malicious code and allow users to perform natural language searches for persistent threats or indicators of compromise, as well as summarize open source intelligence reports from across the web.
“Gemini in Threat Intelligence now offers conversational search across Mandiant’s vast and growing repository of threat intelligence directly from front-line investigations,” Google cloud security GM Sunil Potti wrote in a blog post shared with TechCrunch. “Gemini will navigate users to the most relevant pages on the integrated platform for deeper research… In addition, [Google’s malware detection service] VirusTotal now vacuums automatically OC reports, which Gemini summarizes directly on the platform.”
Elsewhere, Gemini can now help with cybersecurity investigations at Chronicle, Google’s cyber telemetry offering for cloud customers. The new feature, due out by the end of the month, guides security analysts through their typical workflows, recommending actions based on the context of a security investigation, summarizing security event data, and creating intrusion and exploit detection rules from an interface that looks like chatbot.
And in Security Command Center, Google’s enterprise cybersecurity and risk management suite, a new Gemini-based feature allows security teams to search for threats using natural language while providing summaries of misconfigurations, vulnerabilities and potential attack paths.
Rounding out the security updates was Privileged Access Manager (in preview), a service that offers just-in-time, time-limited, and approval-based access options designed to help mitigate the risks associated with privileged access abuse. Google is also introducing master access limit (also in preview), which allows administrators to apply restrictions to root-level network users so that those users can only access authorized resources within a specially defined limit.
Finally, Autokey (in preview) aims to simplify the generation and management of customer encryption keys for high-security use cases, while Audit Manager (also in preview) provides tools for Google Cloud customers in regulated industries to generate evidence of compliance for their workloads and cloud-hosted data.
“Generative AI offers tremendous potential to tip the balance in favor of defenders,” Potti wrote in the blog post. “And we continue to infuse our products with AI-based capabilities.”
Google isn’t the only company trying to produce productive AI-powered security tools. Microsoft last year launched a set of services that leverage genetic artificial intelligence to correlate attack data while prioritizing cybersecurity incidents. Startups including Aim Security are also entering the fray, aiming to corner the nascent space.
But with genetic AI prone to making mistakes, it remains to be seen whether these tools have staying power.
