Google Cloud Next Tokyo:7/30、31 東京ビッグサイトにて開催!
SEP2

SEP2 triages cybersecurity threats 20x faster with Gemini Enterprise Agent Platform

Results on Google Cloud
  • 6x faster to write threat detection rules with Gemini

  • 20x faster to triage new security alerts

  • Builds interconnected security agents with Gemini Enterprise Agent Platform

  • Allows analysts to focus on complex threat patterns

SEP2 uses Gemini Enterprise Agent Platform to deploy custom AI agents for faster triage and enhanced threat detection capabilities.

Moving past manual analysis to defeat modern threat actors with Google AI

In a world of constant digital threats, businesses don’t just need a basic security tool—they need ongoing support to protect their organizations. As an award-winning cybersecurity specialist, SEP2 fulfills this role by delivering high-level security solutions from its UK-based security operations center. Running on Google Cloud, the team works closely with clients to understand their needs and provide long-term protection against sophisticated digital actors.

The engineering team at SEP2 has always brought deep expertise and an innovative approach to active defense, evidenced by their evolution away from outdated, rigid support tiers, toward a flexible swarm mentality, where domain experts collaborate directly on threats. An official Google Cloud partner, with expertise in Google AI services, SEP2 had already begun building automations directly within Google Security Operations.

A person is viewing a data dashboard on a large monitor in an office setting
We chose Gemini for our custom AI agents because the technology delivers exactly what we need. Our internal testing revealed outstanding accuracy and performance, which made committing fully to the Gemini Enterprise Agent Platform a clear and easy decision.

Paul Starr

CEO and Co-founder, SEP2

However, as the volume of log data grew, the manual workload became an operational bottleneck. SEP2 security analysts spent up to 20 minutes manually checking firewalls, endpoints, and threat feeds for a single event, creating temporary data backlogs during activity spikes and risking delays for high-priority cases. To handle this data collection, SEP2 turned to Gemini Enterprise Agent Platform to build custom AI security agents capable of complex reasoning tasks.

“We chose Gemini for our custom AI agents because the technology delivers exactly what we need,” explains Paul Starr, CEO and co-founder of SEP2. “Our internal testing revealed outstanding accuracy and performance, which made committing fully to the Gemini Enterprise Agent Platform a clear and easy decision.”

Scaling security operations with AI agents using Gemini Enterprise Agent Platform

To reduce the burden of security data analysis and enable engineers to focus on deep investigations, SEP2 uses Gemini Enterprise Agent Platform to build an ecosystem of interconnected AI agents. These digital specialists function alongside human experts to manage multi-step actions automatically. SEP2 builds these autonomous workflows by defining specific agent personas, such as triage agents and threat intelligence agents, which process vast log volumes using Gemini models.

A person working with industrial controls and automation systems

When a new alert triggers, the triage and threat intelligence agents pull data across firewalls, endpoints, and external threat feeds. This entire data-gathering process takes the agents just one minute, turning each 20-minute manual task into a quick, automated step that presents a standardized summary to the human team. Human specialists then review the notes within a few minutes to authorize remediation actions.

“The reasoning capabilities within Gemini models bring great accuracy to our investigations,” explains Starr. “When you supply the right operational context, the model doesn’t just act as a cheerleader that automatically agrees with your prompt. Instead, it actively challenges analytical assumptions, unearths hidden anomalies, and reports findings with clarity.”

This collaborative design is enhanced by the close relationship between SEP2 and the Google Cloud team, who share similar engineering philosophies and open communication channels. This close alignment allows SEP2’s research and development team to maximize the platform's flexibility. When security analysts identify a new requirement, such as integrating an additional external threat intelligence feed or adjusting the format of an alert summary, the development team can build and deploy the new capability within a few hours to immediately support the live remediation process.

The reasoning capabilities within Gemini models bring great accuracy to our investigations. When you supply the right operational context, the model doesn’t just act as a cheerleader that automatically agrees with your prompt. Instead, it actively challenges analytical assumptions, unearths hidden anomalies, and reports findings with clarity.

Paul Starr

CEO and Co-founder, SEP2

SEP2 established data privacy and compliance as foundational priorities within this platform architecture. Because the company services enterprise clients with strict security needs, they use Google Cloud configuration parameters to ensure that all customer data remains isolated. No client information is ever used to train public models, and the platform satisfies UK data residency requirements by keeping sensitive customer data in localized data centers.

Building proactive defense and a self-healing security center for tomorrow’s threats

By integrating Gemini models directly into its threat detection workflows, SEP2 has significantly accelerated its proactive security posture. Engineers can now input natural human language and receive programmatic language to build new threat detection rules six times faster. Although creating rules more rapidly increases the volume of incoming logs, the automated triage agents easily process the extra data load, preventing the engineering team from experiencing alert fatigue.

A branded white mug from SEP2 on an office desk

Because the team consists of highly skilled security specialists, automating these repetitive tasks prevents employee burnout by keeping their daily work intellectually engaging. Instead of acting as administrators who spend hours sorting through thousands of repetitive minor events such as benign link clicks, the specialists can dedicate their time to analyzing unique and complex threat patterns.

SEP2 is now evolving its proactive defense strategy by leveraging the Gemini Enterprise Agent Platform and Google Security Operations. The company is currently developing continuous threat-hunting agents designed to identify subtle behavioral anomalies within massive datasets, even before formal detection rules are established.

Using a “digital twin” approach, these automated workflows run alongside human teams to provide real-time oversight. The long-term goal is a self-healing security operations center where verified threats trigger automated containment actions—such as isolating compromised machines or locking out accounts—within seconds. This allows human experts to focus their energy on immediate investigation and the implementation of long-term security patches.

“Our primary goal of remediating attacks as fast as possible has been significantly empowered by the agentic ecosystem of the Gemini Enterprise Agent Platform and Google Cloud,” Starr concludes. “It has expanded our capabilities and allowed us to redefine the standard for modern security operations.”

Our primary goal of remediating attacks as fast as possible has been significantly empowered by the agentic ecosystem of the Gemini Enterprise Agent Platform and Google Cloud. It has expanded our capabilities and allowed us to redefine the standard for modern security operations.

Paul Starr

CEO and Co-founder, SEP2

Tech-driven and people-powered, SEP2 is an award-winning cybersecurity specialist service provider, delivering a complete suite of managed security solutions.

Industry: Technology

Location: UK

Products: Gemini Enterprise Agent Platform, Gemini, Google Cloud, Google Security Operations

  • Google Cloud プロダクト
  • 100 種類を超えるプロダクトをご用意しています。新規のお客様には、ワークロードの実行、テスト、デプロイができる無料クレジット $300 分を差し上げます。また、すべてのお客様に 25 以上のプロダクトを無料でご利用いただけます(毎月の使用量上限があります)。
Google Cloud