Jump to Content
Security & Identity

New AI capabilities that can help address your security challenges

August 29, 2023
Sunil Potti

VP/GM, Google Cloud Security

At Google Cloud, we continue to address pervasive and fundamental security challenges: the exponential growth in threats, the toil it takes for security teams to achieve desired outcomes, and the chronic shortage of security talent. 

At Google Cloud Next, we are leaning in to help solve these challenges by supercharging security with Duet AI, as well as bringing innovation and enhancements across our security operations and cloud platforms.

Addressing top security challenges with AI

We are taking a holistic approach to both securing AI as well as infusing AI to enhance security products. We start with posture, governance, and compliance controls for AI workloads, both those built on Vertex AI and others that customers may bring and deploy in Google Cloud. Our Google Cloud Security AI Workbench is an industry-first extensible platform powered by our specialized security foundation model: Sec-PaLM 2, and we use it to enable our own first-party applications as well as partner and customer apps with AI-driven functionality. 

https://storage.googleapis.com/gweb-cloudblog-publish/images/AI_layers.max-1000x1000.png

Duet AI in Security

Today, we are announcing the expansion of our AI capabilities with Duet AI in Google Cloud, our AI collaborator that provides generative AI-powered assistance to cloud defenders where and when they need it. For cybersecurity professionals, we’ve added Duet AI in three key products, available now in preview and expected to be generally available this year:

  • Duet AI in Mandiant Threat Intelligence can help surface prevalent tactics, techniques and procedures (TTPs) used by threat actors against organizations by summarizing our industry-leading, frontline threat intelligence into an easy-to-comprehend format. Security teams can now quickly understand what Google reports about the adversary, how the latest threats may be targeting their organization, and how they can make threat intelligence actionable across their organization.

https://storage.googleapis.com/gweb-cloudblog-publish/images/Duet_AI_in_Mandiant_Threat_Intelligence_su.max-1800x1800.png

Duet AI in Mandiant Threat Intelligence summarizes threat research

  • Duet AI in Chronicle Security Operations can help transform threat detection, investigation, and response for cyber defenders by simplifying search, complex data analysis, and threat detection engineering, to help reduce toil and elevate the effectiveness of each defender. With Duet AI, Chronicle can automatically provide a clear summary of what’s happening in cases, give context and guidance on important threats, and offer recommendations for how to respond. Duet AI also powers Chronicle’s new natural language search. Defenders can enter questions in natural language, and Chronicle will generate the query from their statement, present a fully mapped syntax for search, and make it possible for you to quickly refine and iterate on results. 

https://storage.googleapis.com/gweb-cloudblog-publish/images/chronicle.max-2000x2000.png
Duet AI in Chronicle Security Operations summarizes cases and recommends next steps
  • Duet AI in Security Command Center can help teams stay one step ahead of adversaries with near-instant analysis of security findings and possible attack paths. These new capabilities help to simplify complex issues so non-specialists can more easily defend their organization. By reducing toil through summarizing threat criticality, implications, and recommended remediations, Duet AI in Security Command Center can help ensure they do not overlook critical findings. 

https://storage.googleapis.com/gweb-cloudblog-publish/original_images/SCC.gif

Duet AI in Security Command Center explains attack path simulations

Gen AI has the potential to make security solutions even more effective, said Scott Howitt, chief digital officer, UKG.

“UKG is using the power of generative AI to transform our business, for our customers and our internal operations. For security, we have experimented with bringing gen AI into the Security Operations Center (SOC). It certainly will supplement SOAR tools in the short term,” he said. “In the long run, we believe Level 1 SOC analysts will use gen AI to supplement their knowledge instead of having to reach out to Level 2 and Level 3 analysts for support. This will speed up our Mean Time to Detect and Respond (MTTR) to incidents, which is critical for all security efforts.” Howitt said.

Augment security operations with expert help

As we infuse security operations with AI, we continue our work to make detection and response more effective.

To that end, we’re introducing Mandiant Hunt for Chronicle, now in preview. Mandiant Hunt for Chronicle provides continual threat hunting by Mandiant experts on Chronicle data to expose attacker activity and help reduce business impact. It integrates the latest insights into attacker behavior from Mandiant’s frontline experts with Chronicle Security Operations’ powerful ability to quickly analyze and search security data. Mandiant Hunt for Chronicle can help organizations close the skills gap and gain elite-level support without the burden of hiring, tooling, and training. 

“Security can be stressful and knowing that you're watching for everything, that you're aware of everything that could possibly happen within your organization. We've got this peace of mind that Mandiant is watching that for us,” said Alex Hammond, senior security architect, Ascendium Education Group.

Additional innovations across the security cloud

We’re also continuing to deliver new capabilities to bolster cybersecurity in Google Cloud environments:

  • To add to our posture management capabilities in Security Command Center, we’re integrating agentless vulnerability scanning, powered by Tenable, to detect operating system, software, and network vulnerabilities on Google Compute Engine virtual machines. This capability is now in Preview. Additionally, to help tailor detection and monitoring capabilities for specific environments, Security Command Center now allows organizations to design their own customized posture findings (now generally available) and threat detectors (now in Preview.)

  • We’re announcing two new network security advancements: First, Cloud Firewall Plus, available in Preview, adds advanced threat protection and next-generation firewall (NGFW) capabilities to our distributed firewall service, powered by Palo Alto Networks. It can help protect networks from intrusions, malware, spyware, and command-and-control attacks, inspect TLS traffic, and incorporate threat intelligence from Google Cloud and Palo Alto Networks. Second, Network Service Integration Manager, coming to Preview later this year, allows network admins to easily integrate trusted third-party NGFW virtual appliances for traffic inspection.

“Increasingly, our workloads are migrating to the cloud. We wanted to have comprehensive threat protection closer to our workloads. Google Cloud’s Firewall Plus with its Cloud NGFW capabilities simplified our network architecture, gave us granular access control and advanced policy enforcement, all of which improved our overall security posture and lowered operation costs,” said Richard Persaud, Network Security Architect, McKesson CoverMyMeds.

  • For data security, we are happy to announce the private Preview of Confidential Computing running on 4th Gen Intel Xeon Scalable CPUs with TDX technology. Together with our existing Confidential Computing on AMD hardware, we provide cryptographic isolation from other workloads and cloud provider access across our platform — all without code changes. We’re also expanding the coverage footprint of our Sensitive Data Protection offerings with enhanced integration now generally available for Dataplex and Dialogflow, and in Preview for Cloud SQL.

  • And we’ve continued to invest in digital sovereignty offerings as requirements grow around the world. We’re happy to announce that Assured Workloads Japan Regions is now in Preview, offering customers controlled environments that support data residency in our Japanese regions, options for local control of encryption keys, and administrative access transparency. We also continue to grow our Regulated and Sovereignty solutions partner initiative to bring innovative third-party solutions to customers’ regulated cloud environments. 

Finally, the official Google Cloud Certified Professional Cloud Security Engineer Exam Guide is now available. This book provides in-depth practical insights for helping to establish secure and compliant cloud environments, covering essential security controls and best practices for Google Cloud practitioners, especially those seeking certification

Supercharging Google Workspace with generative AI

Google Workspace is the world’s most popular productivity suite, with billions of users and millions of customers relying on tools like Gmail, Google Docs, Sheets, Meet, and Chat to get things done. Workspace can help provide organizations with a safer way to work by helping protect people from cyber threats, prevent data loss, and support compliance requirements. We recently announced AI-powered security and digital sovereignty controls in Workspace to enterprise and public sector organizations to help keep their users and data safe. 

Take your next security steps with Google Cloud

Google Cloud brings together frontline intelligence and expertise, a modern SecOps platform, and a trusted cloud foundation, all infused with the power of gen AI to help drive the security outcomes you’re looking to achieve. 

For insight on securing AI and Google’s Secure AI Framework, read our new paper, “Securing AI: Similar or Different?”, which covers critical differences and similarities between security AI and traditional systems.

For more on our Next ‘23 announcements, you can watch our security spotlight, and check out all our Next content and sessions.

Posted in