At its annual Cloud Next conference in Las Vegas on Tuesday, Google unveiled latest cloud-based security services and products aimed toward customers managing large, multi-tenant enterprise networks, along with updates to existing services and products.
Many of the announcements involved Gemini, Google's flagship family of generative AI models.
For example, Google introduced Gemini in Threat Intelligence, a brand new Gemini-based component of the corporate's Mandiant cybersecurity platform. Now in public preview, Gemini in Threat Intelligence can analyze large swaths of probably malicious code and permit users to perform natural language searches for ongoing threats or signs of compromise, in addition to aggregate open source intelligence reports from across the online.
“Gemini in Threat Intelligence now offers conversational search across Mandiant’s vast and growing inventory of threat intelligence directly from frontline investigations,” Sunil Potti, GM of cloud security at Google, wrote in a blog post shared with TechCrunch. “Gemini guides users to probably the most relevant pages on the integrated platform for closer inspection… In addition, VirusTotal (Google's malware detection service) now mechanically ingests data OSINT Reports that Gemini aggregates directly into the platform.”
Elsewhere, Gemini can now assist with cybersecurity investigations in Chronicle, Google's cybersecurity telemetry offering for cloud customers. Set to launch later this month, the brand new feature will walk security analysts through their typical workflows, recommend actions based on the context of a security investigation, aggregate security event data, and create rules to detect breaches and exploits through a chatbot-like interface.
And in Security Command Center, Google's enterprise cybersecurity and risk management suite, a brand new Gemini-driven feature enables security teams to look for threats in natural language while providing summaries of misconfigurations, vulnerabilities and possible attack paths.
Rounding out the safety updates were Privileged Access Manager (in preview), a service that gives just-in-time, time-bound, and permission-based access options to mitigate the risks related to misuse of Privileged Access. Google can also be introducing a master access boundary (also in preview) that can allow administrators to implement restrictions for users on the network root level, in order that those users can only access authorized resources inside a specifically defined boundary.
Finally, Autokey (in preview) goals to simplify the creation and management of customer encryption keys for high-security use cases, while Audit Manager (also in preview) provides tools for Google Cloud customers in regulated industries to offer compliance evidence for to create their workloads and their cloud-hosted data.
“Generative AI offers enormous potential to tip the scales in favor of defenders,” Potti wrote within the blog post. “And we proceed to integrate AI-driven features into our products.”
Google isn't the one company attempting to develop generative AI-powered security tools. Microsoft last 12 months launched a variety of services that use generative AI to correlate attack data while prioritizing cybersecurity incidents. Startups, including Aim Security, are also jumping into the fray and aiming to overcome the emerging market.
But given generative AI's tendency to make mistakes, it stays to be seen whether these tools have endurance.