Cloud CISO Perspectives: What you missed at Phil and Kevin’s RSA Conference fireside chat

Welcome to the first Cloud CISO Perspectives for May 2024. In this update, I’ll review my RSA Conference fireside chat with Mandiant CEO Kevin Mandia.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

--Phil Venables, VP, TI Security & CISO, Google Cloud

What you missed at our RSA Conference fireside chat

By Phil Venables, VP, TI Security & CISO, Google Cloud

This year’s RSA Conference is just in our rearview mirror, and Google Cloud continued to make important announcements there. We unveiled Google Threat Intelligence and Google Security Operations, advanced our approach to AI and security, and demonstrated how our partners are enthusiastically embracing our security values.

Since we covered so many topics, I thought it would be helpful to summarize our discussion from a high level.

AI: Hype versus reality, and the broader risks we face

We started our fireside chat by jumping straight into AI, which has the potential to revolutionize cybersecurity. We’re already seeing benefits in areas such as malware analysis, where as a demonstration of its capabilities, we were able to use AI to help us reverse engineer WannaCry and find its killswitch in a single pass — in 34 seconds.

• We began by discussing concerns about how some security leaders and organizations are focusing on micro-risks such as model poisoning and prompt injection while neglecting broader issues.
• Those bigger issues can be thought of as three key pillars of AI risk: data management (which includes training, fine-tuning, parameters, and testing), AI software lifecycle management, and operational risk of deployment (including input and output guards, and circuit breakers.)
• Kevin clarified that AI will not replace all security jobs: There's no single AI model that will work for everyone, and each organization will need to control their own models and biases.
• We’re now entering into the “data as code” era, where the importance of data management in AI will play a growing and crucial role in AI systems.

AI applications in security

• Generative AI looks like it will have an impressive impact on cybersecurity. Gen AI models such as Google Cloud’s SecLM, which can help with tasks such as the aforementioned malware decoding, vulnerability analysis, and secure code generation, will need to be governed by a risk-management foundation such as our Secure AI Framework in order to maximize impact and mitigate risk.
• AI has the potential to improve mundane workflows, especially with incident write-ups and analysis.
• Mandiant now uses AI for threat intelligence, report generation, and investigation acceleration, while still emphasizing the need for human oversight and transparency in AI-driven decisions.
• Gen AI and traditional machine learning have the potential to create remarkable impacts on anomaly detection.

Why CISOs matter

• As an industry, we are shifting to a risk-based approach to security. The ability of AI to assess and mitigate risks could help facilitate a move from maturity-based security programs to risk-based models. Combined with concerns over data security risks and operational risks, this could further evolve the role of CISO to a “chief digital risk officer.”
• CISOs can help drive the use of AI to advance institutional checks and balances, especially with risk and compliance. AI could be used to help with identity and access management, privileged reviews, and separation of duties.
• AI systems should be tested, just like any other system. AI can be used to evaluate the security and efficacy of other AI and it can act as an input and output guard. Still we need to use human red teams to ensure trust and safety, and to find edge cases.
• We can expect to see opportunities for CISOs to take on more responsibility in areas such as software security and AI governance, leading to increased empowerment and a more strategic role.

Defending against nation-state attacks, using regulations to achieve goals

• Defenders need to use AI to advance their security goals if for no other reason than malicious actors are using AI to find vulnerabilities and launch zero-day attacks.
• Especially in light of the recent Cybersecurity Review Board report, industry collaboration can play a vital role in promoting higher standards for tech companies.
• This is where umbrella organizations such as the CSA can help: As an industry, we need clear and consistent standards for cloud providers and SaaS companies to drive security uplift and manage change.
• Not all security objectives are directly related to cybersecurity. We must be able to balance issues such as data sovereignty and localization, and ensure that they support security goals. To do so, we need clear delineation and appropriate controls for each objective.

If you missed us at RSAC, you can use our insider’s guide to revisit Google Cloud keynotes, panels, and presentations from the conference. To learn more, you can contact us at Ask Office of the CISO and come meet us at our security leader events.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

• Advancing the art of AI-driven security with Google Cloud: AI has the power to revolutionize cybersecurity. Read our latest advancements and announcements from the RSA Conference here. Read more.
• Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale: Google Threat Intelligence is a new offering that combines Mandiant, VirusTotal, and Google technologies and resources with Gemini to deliver unparalleled visibility into the global threat landscape. Read more.
• Introducing Google Security Operations: Intel-driven, AI-powered SecOps: This update to Google Security Operations is designed to reduce the DIY complexity of SecOps and enhance the productivity of your entire Security Operations Center. Read more.
• How to craft an Acceptable Use Policy for gen AI (and look smart doing it): Want to use AI in a safe, secure, dependable, and robust way? You should craft a “building code” for gen AI with your internal Acceptable Use Policy. Here’s how. Read more.
• Chrome Enterprise expands ecosystem to strengthen endpoint security and Zero Trust access: At RSAC, we announced a growing ecosystem of security providers who are working with us to extend Chrome Enterprise’s browser-based protections. Read more.
• The power of choice: Empowering your regulatory and compliance journey: At Google Cloud, we know you have diverse regulatory, compliance, and sovereignty needs, so at Next ‘24 we announced new ways to expand your power of choice. Read more.
• Securing the AI software supply chain: A new research publication: From the development lifecycles for traditional and AI software to the specific risks facing the AI supply chain, this new report explains our approach to securing our AI supply chain using provenance information and provides guidance for other organizations. Read more.
• Google is named a Visionary in the 2024 Gartner® Magic Quadrant™ for SIEM: We’re excited to share that Gartner has recognized Google as a Visionary in the 2024 Gartner® Magic Quadrant™ for SIEM, our first time participating. Read more.
• Automatically disabling leaked service account keys: What you need to know: Starting June 16, exposed service account keys that have been detected in services including public repos will be automatically disabled by default for new and existing customers. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

• From assistant to analyst: The power of Gemini 1.5 Pro for malware analysis: This study investigates how Gemini 1.5 Pro can impact malware deconstruction and analysis, including reverse engineering WannaCry and finding its killswitch in 34 seconds. Read more.
• A practical guide to ransomware protection and containment strategies: Mandiant has updated its Ransomware Protection and Containment Strategies report, with expanded strategies that organizations can proactively take to identify gaps and harden their environments to prevent the downstream impact of a ransomware event. Read more.
• Uncharmed: Untangling Iran's APT42 operations: Mandiant experts explore APT42, an Iranian state-sponsored cyber espionage actor who uses enhanced social engineering schemes to gain access to victim networks, including cloud environments. They target Western and Middle Eastern NGOs, media organizations, academia, legal services, and activists. Read more.

Now hear this: Google Cloud Security and Mandiant podcasts

• Looking back at the RSAC that just was: From the show floor to the keynote hall to the catered lunch, hosts Anton Chuvakin and Tim Peacock review this year’s conference, and what it bodes for getting real with gen AI, the future of SecOps, and maybe even the decline of XDR. Listen here.
• Defending against the dark side of gen AI: How are threat actors using gen AI right now, and how do we expect them to get better at it? Elie Bursztein, cybersecurity research lead, Google DeepMind, goes deep into the dark with Anton and Tim. Listen here.
• Getting real with gen AI: Redefining SecOps with practical AI applications: Security Operations Centers have been down the road of automation before with UEBA and SOAR. AI looks a lot like those but with more matrix math. Payal Chakravarty, director of product management, Google SecOps, discusses with Anton and Tim the promises and challenges of AI in the SOC. Listen here.
• Defender’s Advantage: Digging into M-Trends 2024: Jurgen Kutscher, vice president, Mandiant Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report. Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been using AI in purple and red teaming operations. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.