Cloud CISO Perspectives: Early June 2023

Welcome to the first Cloud CISO Perspectives for June 2023. Earlier this week, we held our annual Google Cloud Security Summit, an online gathering where we discuss the latest technologies and strategies that can help protect your business, your customers, and your cloud transformation from emerging threats. 

If you weren’t able to attend the online keynotes, demos, and breakout sessions, you can still catch the recordings on the summit website. In today’s newsletter, I’ll be taking a look at our announcements and how they advance our approach to security, including security and AI.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

The ongoing evolution of cloud innovation and frontline intelligence

Google is constantly evolving to stay ahead of threats. To help defend ourselves and our users, we’ve been working to integrate AI into our cybersecurity products and innovations since 2011. In the run-up to this year’s Security Summit on June 13, we made several important announcements regarding AI and security.

In March, we discussed how important it is to be bold and responsible with AI, so it can have a positive impact on the security ecosystem — much like a digital immune system where we learn and adapt from previous risks to our digital health, our systems become better equipped to protect against, anticipate, and predict future attacks.

At the RSA Conference in April, we introduced the Google Cloud Security AI Workbench, an industry-first extensible platform powered by a specialized security large-language model (LLM), Sec-PaLM 2. In addition to revealing that we are working to include Security AI Workbench technology in our own products and solutions, we announced a partnership with Accenture to use Security AI Workbench to enhance their solutions, too.

Just before the Security Summit, we published our Security AI Framework outlining our principles and guidance on how to secure AI systems. We made several announcements before the summit, including fraud protection for reCAPTCHA Enterprise; machine-learning powered API abuse detection for Apigee; support for passkeys in Google Workspace; and our Cryptomining Protection Program in Security Command Center Premium.

At the Summit, we announced three major updates to our security products.

• Chronicle TDIR brings cloud-focused threat detection, investigation, and response to our Chronicle Security Operations suite. 

• Secure Web Proxy is a new, cloud-based service that can help monitor and secure egress web traffic.

• We’re also adding attack path simulation to Security Command Center Premium, which mimics how a real-world attacker could exploit security gaps to access high-value assets to give defenders insight into securing their most valuable and most vulnerable resources.

We also revealed 12 more companies are committed to work with Google Cloud to bring AI-based security enhancements to their respective products: Broadcom, Crowdstrike, Egnyte, Exabeam, F5, Fortinet, Netskope, Securiti, SentinelOne, Sysdig, Tenable, and Thales.

The ongoing evolution of how we do security at Google is a major theme throughout our Security Summits, and in our two-track approach this year. The Cloud Innovation track highlighted how innovations across our portfolio, including generative AI-driven capabilities, can help organizations around the world address their most pressing security challenges. Meanwhile, our Frontline Intelligence track centered on our latest insights into how the threat landscape is developing.

While using AI boldly and responsibly is vital to improving cybersecurity, helping organizations achieve digital sovereignty is also an important trend that we discussed at this year’s summit. We now have offerings and partnerships in Belgium, France, Germany, and Luxembourg, and at the Security Summit announced a new partner offering in Spain. 

From our ongoing discussions in the market, we’ve learned that designing a digital sovereignty strategy that balances control and innovation faces four primary challenges. Digital sovereignty discussions often focus only on data residency, and we would like to broaden the discussion in line with Google Cloud’s vision of sovereignty that covers three distinct pillars: 

• Data sovereignty (including control over encryption and data access), 

• Operational sovereignty (visibility and control over provider operations), and 

• Software sovereignty (providing the ability to run and move cloud workloads without being locked-in to a particular provider, including in extraordinary situations such as stressed exits). 

We introduced our interactive Digital Sovereignty Explorer in March to help business leaders better understand their organizations’ digital sovereignty requirements. It seeks to simplify terms and explain important concepts. At each step, the Explorer aims to help you to clarify key considerations and tradeoffs in your digital sovereignty options, to understand available solution options, and to make more informed choices about potential solutions for your particular cloud workloads.

Our Frontline Intelligence track highlighted lessons learned from this year’s M-Trends report, and how security operations are taking a more active role in cyber defense. Three key conclusions from the report demonstrated that:

• Ongoing, targeted cyberattacks conducted explicitly in the service of real-world conflicts have weakened the already-porous wall between digital and physical worlds.

• Threat actors are becoming more aggressive in the real world, and are more willing to harass and intimidate targets — even to threaten them with physical violence.

• It can be harder to protect hybrid on-premise and cloud networks than it is to protect cloud-only networks.

It's an exciting time to be in cybersecurity. The public cloud is facing its Gutenberg moment, driven in part by AI advancing at such a rapid pace. AI can bring lasting benefits to security infrastructure and also aid in the creation of more secure products and solutions. 

It is now our role to embrace the AI opportunity, to be bold and to be seen as responsible leaders within our organizations to ensure the risks are understood. In many ways, AI has already changed the way we work, and I expect that flywheel of innovation to continue. At Google Cloud, we will continue to work with you to create exciting solutions with the rapid pace I know there will be many more to come.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month: 

• Get ready for Google Cloud Next: Discounted early-bird registration for Google Cloud Next ‘23 is open now. This year’s Next comes at an exciting time, with the emergence of generative AI, breakthroughs in cybersecurity, and more. It’s clear that there has never been a better time to work in the cloud industry. Register now.

• IAM: There and back again using resource hierarchies: While comprehending IAM can feel like a job that's never started (or ended), the fictional land of Middle-earth can help you understand how IAM resource hierarchies can protect your most precious. Read more.

• Why Snap chose BeyondCorp Enterprise to build a durable Zero Trust framework: When Google Cloud and Snap announced an expanded relationship this year, part of Snap’s decision was to better secure its cloud workloads with a Zero Trust access framework — an essential part of Snap’s cloud journey. Read more.

• Introducing new ways Security Command Center Premium can protect identities: Security Command Center Premium, our built-in security and risk management solution for Google Cloud, has released new capabilities to help detect compromised identities and protect against risks from external attackers and malicious insiders. Read more.

• Announcing Google Cloud’s first OSCAL package: Google Cloud is proud to announce that we have successfully submitted the complete OSCAL package for Department of Defense Impact Level 5 to eMASS. This is a major milestone for us, as it represents our step forward supporting scalable compliance for Google Cloud and its customers. Read more.

• New capabilities for Cloud Firewall threat intelligence and geo-location features: New capabilities are now generally available for Cloud Firewall, including threat intelligence, geo-location objects, address groups, and local IP ranges. Read more.

• How to easily migrate your on-premises firewall rules to Cloud Firewall policies: Migrating an on-prem firewall or firewall appliance configuration to Google Cloud can be daunting. It requires thinking about security and segmentation with a different mindset. Here's how to do it.

News from Mandiant

• Barracuda ESG zero-day vulnerability exploited by aggressive actor, suspected links to China: Mandiant assesses that UNC4841, an espionage actor in support of the People’s Republic of China, is likely behind a wide-ranging campaign involving exploitation of a zero-day vulnerability in Barracuda Email Security Gateway appliances. The campaign is affecting public and private organizations worldwide. Read more.

• How Mandiant consultants and analysts are leveraging AI today: Mandiant is leveraging generative AI in bottom-up use cases to help identify threats faster, eliminate toil, and better scale talent and expertise that increase the speed and skill we bring to serving our customers. Read more.

• Zero-day vulnerability in MOVEit transfer exploited for data theft: Mandiant has observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft. Mandiant observed this campaign impacting organizations operating in a wide range of industries based in Canada, India, and the U.S. Read more.

• VMware ESXi zero-day used by Chinese espionage actor to perform privileged guest operations on compromised hypervisors: In late 2022, Mandiant published details surrounding a novel malware system deployed by UNC3886, a Chinese cyber espionage group, which impacted VMware ESXi hosts, vCenter servers, and Windows virtual machines (VM). Through continued security research and investigations over the past year, Mandiant has discovered additional techniques UNC3886 has utilized across multiple organizations to keep out of the sights of EDR solutions. Read more.

Google Cloud Security podcasts

We launched a weekly podcast focusing on Cloud Security in February 2021. Hosts Anton Chuvakin and Timothy Peacock chat with cybersecurity experts about the most important and challenging topics facing the industry today. Earlier this month, they discussed:

• Will SIEM ever die: What can its past tell us about its future: Security Information and Event Management (SIEM) has been around a long time. We discuss which old SIEM lessons still apply today, which old lessons can harm your organizations, and what are the top modern cloud security use cases for SIEM, with David Swift, security strategist at Netenrich. Listen here.

• Lessons from how Google secures 5 billion devices: SafeBrowsing is a consumer and business product that protects more than 5 billion devices. We talk about how it mitigates threats for consumers and businesses at the same time, how it works at the billion-device scale, and the engineering and scaling magic behind the low false positive rate for blocking, with Panos Mavrommatis, senior engineering director at Google Cloud. Listen here.

Mandiant podcasts

• Frontline stories: The executive's role in cybersecurity: Host Kerry Matre is joined by Jesse Jordan and Howard Israel of Mandiant to discuss their experiences helping executives get the right information from their security leaders, and understanding their roles during a breach. Listen here.

• Frontline stories: Crisis communications during a breach: Dan Wire from Mandiant joins host Kerry Matre to discuss the ins and outs of crisis communications during a breach, and what you can do to prepare for a crisis. Listen here.

• Threat trends: How AI will impact threat intelligence: Guest host Dan Lamorena, head of Mandiant Product Marketing, talks to John Hultquist, senior manager, Mandiant Intelligence, about how the bad guys may use AI in the near future to scale attacks, while Vijay Ganti, head of product management, Threat Intelligence, Detection and Analytics for Google Cloud Security, walks through the AI use cases that will help organizations better defend against those attacks. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back at the end of the month with more security-related updates.