putilov_denis - stock.adobe.com
Google showcased its vision of how it is applying generative AI to cybersecurity at its Google Cloud Next conference in San Francisco in August. Since ChatGPT made generative AI accessible to anyone wanting to interact with the technology early this year, we've seen a flurry of interest in using it to address cybersecurity challenges.
Google made key announcements in this area to bring new features and capabilities to customers. A look at the key security updates and trends from the show follows.
Looking at the Google vision
Alphabet and Google CEO Sundar Pichai kicked off the conference, describing the profound shift to AI that touches every sector, industry and business function, affecting the way we live and work. He covered this theme in May at the Google I/O developer conference, staking a claim on leadership for taking an AI-first approach over the last decade.
Google is well known for its search capabilities and its technological competence, facing stiff cloud platform competition from the wide enterprise adoption of Microsoft products and the accessibility of AWS.
In an earlier blog, I described how important it is for security teams to understand each cloud service provider's (CSP) built-in security features via its platform and architecture, as well as added security features and capabilities, which make it a competitive advantage to ensure security for customers.
This is a strong area for Google to emphasize its work on AI, particularly generative AI, which can create new content by learning patterns of existing data and generating new data with similar characteristics. As Google Cloud CEO Thomas Kurian put it, "Just as Google simplifies the complexity of the internet for every user with a search box, it is simplifying sophisticated AI models with a simplified chat experience."
New research -- The Life and Times of Cybersecurity Professionals Volume VI -- from TechTarget's Enterprise Strategy Group and the Information Systems Security Association (ISSA) emphasized the shortage of security professionals for the number of available jobs and the challenges for infosec professionals lacking the advanced skills needed to protect companies and the applications they use. Google's leadership in AI and its ability to democratize AI for its users in their roles -- particularly in cybersecurity -- can have a profound impact on its business and its capability to win customers.
Presentations and announcements at the conference discussed more than 100 foundation models in Google Cloud's AI platform, Vertex AI; increased capacity for Pathways Language Model 2 (PaLM 2); improved supercomputing capabilities; the fifth generation of cloud Tensor Processing Units; and more. But the most exciting part of the conference was that Google showcased customer stories and demos bringing its vision of democratizing AI to life.
In a keynote, Google Cloud developer advocate Priyanka Vergadia demonstrated how developers can use Duet AI -- Google's intelligent chatbot assistant -- to help them in their jobs. It can save developers time from having to do research or perform manual, tedious tasks, such as code generation, source citation, API design and publishing, and application migration.
For security, Vergadia said a lot of developer time is spent building and securing code. For security teams, it can be difficult to gain visibility or collect needed data to investigate security issues. Duet AI provides automation for deployments, helps developers ensure their applications are configured correctly, helps them understand and debug issues, and creates more secure and reliable applications.
Duet AI was announced earlier this year at Google I/O and is now available in preview mode across Google Cloud. This is promising in order to help organizations meet their shift-left and DevSecOps goals to make it easier for developers to secure their own code so security teams can scale.
Efficient detection and response
The ESG and ISSA research on cybersecurity professionals showed a majority (63%) find their jobs more difficult than two years ago. Of those, 81% said cybersecurity complexity and their workloads have increased; 59% said cyberthreats and their attack surfaces have increased; and 46% reported their teams were understaffed.
Generative AI can help address these challenges. Kevin Mandia, CEO of Mandiant, part of Google Cloud, described the benefits of using its products with generative AI to help security teams detect, investigate and respond with speed, scale and intelligence. He described the company's accomplishments with Chronicle CyberShield, announced earlier in August, to centralize data for government entities' threat intelligence, boosting their capabilities and increasing skills for their cybersecurity teams for faster detection and response to defend and protect countries.
Google Cloud also announced applying Duet AI across the following three products in preview mode to help security teams:
- Mandiant Threat Intelligence to deliver threat intelligence based on breach analytics, including the most prevalent tactics, techniques and procedures to help focus teams on rapid response.
- Google Chronicle to speed SecOps processes to help analysts quickly investigate security events, saving analysts' time writing and refining searches, as well as triaging complex cases.
- Google Security Command Center to analyze security findings with attack path simulation to help security teams prioritize remediation actions to mitigate risk.
A demo highlighted the workflow of a security analyst assisted by Duet AI, starting with using Chronicle to gain a view of security events. The analyst could more quickly view what happened, when and who was involved, as well as determine what to do. It auto grouped alerts, generated summaries of what happened and provided next steps using threat intelligence curated from threat intelligence feeds, including Mandiant. The SIEM search was also facilitated with Duet AI's natural language understanding chat interface, making it easier to write queries without needing familiarity with Unified Data Model and easier to search and retrieve from large volumes of data for rapid response.
From there, the analyst could pivot to Security Command Center to gain an AI-generated summary to understand what's happening in the Google Cloud environment, including the information on affected hosts and assets. It provides possible attack paths and exposure scores to understand how an attacker can gain access. Instead of dealing with alerts and the complexity of triage and analysis, the capabilities help security staff efficiently respond to mitigate risk and effectively manage security posture.
Other security announcements at the show included the following:
- Mandiant Hunt for Chronicle Security Operations in preview to augment security teams with threat hunting by Mandiant experts on Chronicle data.
- Agentless vulnerability scanning integrated into Security Command Center in preview, powered by Tenable, to detect OS, software and network vulnerabilities on Google Compute Engine VMs.
- Security Command Center now allows organizations to design their own customized posture findings, in general availability, and threat detectors, in preview.
- Cloud Firewall Plus in preview to add advanced threat protection and next-generation firewall capabilities to Google Cloud's distributed firewall service, powered by Palo Alto Networks.
These updates use Duet AI in preview mode. As noted by my colleague Mike Leone, who covered AI announcements at the show, the timing and pricing of general availability are still to be determined, as this is a new area for vendors to explore fair pricing models.
Google Cloud security partner ecosystem
As the first fully in-person Google Cloud Next show since 2019, the conference provided the opportunity for partners to exhibit their products and services. This is an important opportunity for competitive advantage as organizations use ISVs to secure their applications across cloud environments. As cloud-native security vendors emerge with specialized offerings, they tend to prioritize which CSPs they want to work with based on ease of integration and partnership benefits.
This is another area where Google Cloud stands out in terms of AI leadership. Its Security AI Workbench provides an extensible platform powered by Google's specialized security foundation model: Sec-PaLM 2, providing AI-driven functionality for Google's applications, as well as for partner and customer apps.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.