Google Integrates Generative AI into Cloud Security Solutions

At the recent Cloud Next conference in Las Vegas, Google showcased an array of innovative cloud-based security products and services alongside significant updates to its existing offerings. These advancements are tailored for businesses managing extensive, multi-tenant corporate networks. A major focus of the announcements centered around Gemini, Google’s leading suite of generative AI models.

One standout introduction was Gemini in Threat Intelligence, a newly integrated feature within Google’s Mandiant cybersecurity platform. Currently in public preview, Gemini in Threat Intelligence empowers users to analyze substantial portions of potentially harmful code and conduct natural language searches for ongoing threats or indicators of compromise. Additionally, it summarizes open-source intelligence reports from various online sources.

“Gemini in Threat Intelligence provides conversational search capabilities across Mandiant’s extensive threat intelligence database directly from frontline investigations,” said Sunil Potti, Google’s GM of cloud security, in a blog post. “Gemini will guide users to the most pertinent pages within the integrated platform for deeper analysis. Moreover, Google’s malware detection service, VirusTotal, now automatically incorporates OSINT reports, which Gemini summarizes right within the platform.”

In addition, Gemini is set to enhance cybersecurity investigations in Chronicle, Google's telemetry solution for cloud customers. Launching by month’s end, this capability will assist security analysts in their workflows by recommending actionable steps based on the context of an investigation. It will summarize security event data and generate breach and exploit detection rules via an intuitive chatbot-style interface.

Moreover, Security Command Center, Google’s enterprise cybersecurity and risk management suite, now features a Gemini-driven tool that allows security teams to search for threats using natural language. This tool also provides summaries of misconfigurations, vulnerabilities, and potential attack routes.

Additional updates include a preview of a privileged access manager, which offers time-sensitive and approval-based access options to reduce risks associated with privileged access misuse. Google is also introducing a principal access boundary feature (currently in preview), enabling administrators to set restrictions on network root-level users, ensuring they can only access authorized resources within a designated area.

Finally, Autokey (in preview) aims to simplify the creation and management of customer encryption keys for high-security environments, while Audit Manager (also in preview) equips Google Cloud clients in regulated industries with tools to provide proof of compliance for their workloads and cloud-hosted data.

“Generative AI has immense potential to empower defenders,” Potti noted in the blog post. “We are committed to integrating AI-driven features into our products.”

While Google leads in this realm, it is not alone; Microsoft launched a suite of services last year that harness generative AI for correlating attack data and prioritizing cybersecurity incidents. Startups like Aim Security are also making strides in this emerging field, aiming to carve out their niche.

Nonetheless, as generative AI exhibits a propensity for errors, the long-term efficacy of these tools remains to be seen.