At the recent RSA Conference in San Francisco, Google Cloud introduced Google Threat Intelligence, a new security offering for large organizations. The new solution provides users with actionable insights, external threat monitoring, attack surface management, digital risk protection, and in-depth analysis of Indicators of Compromise (IOC).
Google Threat Intelligence leverages Google's proprietary threat insights, combining it with VirusTotal's insights and Madiant's threat intelligence resources, technologies from the cybersecurity companies that Google acquired in the last few years. Sunil Potti, VP/GM for Google Cloud Security, and Sandra Joyce, VP for Google Threat Intelligence, explain:
We offer deep insights from Mandiant’s leading incident response and threat research team, and combine them with our massive user and device footprint and VirusTotal’s broad crowdsourced malware database.
The new service is designed to manage a large number of alerts and simplify alert prioritization by providing a unified score that aggregates hundreds of technical details. According to the announcement, Google protects 4 billion devices and 1.5 billion email accounts, blocking 100 million phishing attempts per day—a dataset that provides Google with a unique perspective on internet and email-borne threats.
Google Threat Intelligence incorporates Gemini in Threat Intelligence, an AI-powered agent facilitating conversational search across Google's repository of threat intelligence. This feature empowers customers to gain insights and enhance their protection. Potti and Joyce add:
By combining our comprehensive view of the threat landscape with Gemini, we have supercharged the threat research processes, augmented defense capabilities, and reduced the time it takes to identify and protect against novel threats. Customers now have the ability to condense large data sets in seconds, quickly analyze suspicious files, and simplify challenging manual threat intelligence tasks.
Gemini in Threat Intelligence includes VirusTotal Code Insight, a feature for analyzing code snippets. It helps in the examination of potentially malicious code, eliminating the need for script reverse engineering. On Hacker News, user ungreased0675 writes:
The addition of Gemini makes the product less appealing to me. I want nothing to do with that product. The idea of threat intelligence from Google’s global network still sounds tasty though.
Summarizing all the Google announcements at the RSA conference, Steph Hay, senior director at Google Cloud Security, and Umesh Shankar, chief technologist at Google Cloud Security, write:
We have a vision for a world in which the practice of "doing security" is less laborious and more durable, as AI offloads routine tasks and frees the experts to focus on the most complex issues. Organizations can now address security challenges with the same capabilities that Google uses to keep more people and organizations safe online than anyone else in the world.
Google also announced the automatic parsing of log files for Google Security Operations, helping security teams with the necessary data and context for more effective investigations and detection authoring. Additionally, both Gemini in Security Operations and Gemini in Threat Intelligence are now generally available.