Google unveils AI solutions to deal with security challenges
- Google Cloud announced it is integrating Duet AI into its security solutions at Google Cloud Next 2023.
- Duet AI is an AI assistant powered by Google’s PaLM 2 large language models, trained and tuned with Google Cloud-specific content
- Google Cloud also unveiled Mandiant Hunt, a managed threat-hunting service.
Generative AI in cybersecurity continues to be in demand as companies look to deal with security challenges. While more companies have unveiled a variety of generative AI security tools, having them work together can be challenging.
For Google, using generative AI to deal with security challenges can be a game-changer. Generative AI is already being heavily used in other applications. Naturally, cybersecurity and other security applications would eventually find a use for it too.
At Google Cloud Next 2023, Google unveiled many upgrades and enhancements to its AI solutions. With generative AI at the core, most of these solutions are meant to improve business productivity and output. In fact, Google reported that 70% of tech unicorns are already using Google’s products for their solutions.
During the summit, Google announced that several security products will have AI incorporated into them. Among these plans is the idea of integrating Duet AI into security products, as well as bringing innovation across security operations and cloud platforms.
What is Duet AI?
Duet AI is Google’s AI-powered assistant. Unveiled earlier this year, Duet AI has now been integrated into almost all of Google’s solutions and offerings. Built on top of Google’s large foundation models, Duet AI is specially trained to help businesses be more productive on Google Cloud.
The AI-powered assistant uses the Vertex AI platform to provide personal and contextualized AI assistance, while ensuring data is private and secure. At Google Cloud Next 2023, Google announced that Duet AI will be integrated into its Workspace and other cloud capabilities.
In cybersecurity, Duet AI will be added into three key products to help businesses not only deal with security challenges, but also provide valuable insights on threats and manage their cybersecurity a lot better.
A holistic approach to AI in security
“We are taking a holistic approach to both securing AI, as well as infusing AI to enhance security products. We start with posture, governance, and compliance controls for AI workloads, both those built on Vertex AI and others that customers may bring and deploy in Google Cloud. Our Google Cloud Security AI Workbench is an industry-first extensible platform powered by our specialized security foundation model, Sec-PaLM 2, and we use it to enable our own first-party applications as well as partner and customer apps with AI-driven functionality,” commented Sunil Potti, VP/GM for Google Cloud Security in a blog post.
Specifically, the three key products Duet AI will be added to are:
Duet AI in Mandiant Threat Intelligence – Will help surface prevalent tactics, techniques and procedures that threat actors use by summarizing threat intelligence into an easy-to-comprehend format. This will let security teams understand Google reports about a threat, including how it targets their organization, as well as to make threat intelligence actionable across their organization.
Duet AI in Chronicle Security Operations – Simplifies search and allows complex data analysis and threat detection engineering, to help reduce toil and elevate the effectiveness of defenders. Chronicle can automatically provide a summary of what’s happening, as well as giving content and guidance on important threats. It can also offer recommendations for how to respond to those threats.
Duet AI will also power Chronicle’s new natural language search, letting defenders enter questions in natural language. Chronicle will generate the query and present a fully mapped syntax for search.
Duet AI in Security Command Center – Teams will be able to stay ahead of adversaries with near-instant analysis of security findings and possible attack paths. Designed for simplicity, even non-specialists can easily defend their organization.
The Mandiant Hunt
Duet AI in Chronicle, the AI-powered assistant, will be part of the Chronicle Security Operations, which is an essential security suite for organizations. In addition to which, Google also introduced Mandiant Hunt for Chronicle Security Operations to help businesses protect their digital assets from threats.
The managed threat-hunting service integrates Mandiant’s frontline intelligence and expertise with Google Cloud technology to proactively search for undetected attacks. With the ability to find threats missed by traditional detection mechanisms, Mandiant experts build hypotheses using a robust and adaptable collection and analysis strategy, alongside traditional automated hunting that searches for indicators of compromise. This approach focuses on patterns of behavior against techniques and procedures seen in the wild.
Put simply, Mandiant Hunt offers businesses:
- A means to close the skills gap by gaining elite-level, specialty security skills without the burden of hiring, tooling, and training.
- Confidence that they can defend against the latest threats with the help they need to find novel or hidden attacks, as well as the insight they need to improve their security controls.
- And the context they need to make informed decisions with the necessary tools in Chronicle Security Operations to quickly respond.
“Unlike other security operations platforms, Chronicle allows customers to ingest their security data and store it for 12 months by default. This cache of data can help security teams uncover newly discovered threat actor behaviors in older security telemetry, a valuable tool for tracking down previously unknown malicious activity.
“Chronicle’s powerful ability to quickly analyze and search growing amounts of security telemetry for anomalies boosts the hunt teams’ ability to test and refine threat hunting hypotheses” explained Ed Murphy, Product Manager and Shelly Tzoumas, Senior Product Marketing Manager at Google Cloud in a blog post.
The blog post also explained that the hunting activity is informed by real-time threat intelligence from Mandiant, as well as signals from the devices and users protected by Google Cloud and VirusTotal’s intelligence of more than nine billion files and URLs. Businesses receive findings that explain what the expert hunters looked for, how and where they looked, and what they found, mapped to the MITRE ATT&CK framework so they can take decisive action.
Mandiant Hunt is currently available in preview mode, with general availability expected by the end of the year.
READ MORE
- 3 Steps to Successfully Automate Copilot for Microsoft 365 Implementation
- Trustworthy AI – the Promise of Enterprise-Friendly Generative Machine Learning with Dell and NVIDIA
- Strategies for Democratizing GenAI
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications