Cyberattacks are growing more frequent and complex as a result of the development of generative AI. According to a report, there was a 20% rise in data breaches from 2022 to 2023. But maintaining an advantage over threats may also depend on GenAI.
Google presented new AI-powered technologies at Google Cloud Next ’24 on Tuesday, aiming to enhance threat detection, expand insights, and provide solutions. Both solutions, which are integrated into Google’s SecLM API, empower security teams and boost productivity by utilizing Gemini, the company’s freshly rebranded AI chatbot.
Threat Intelligence: Gemini
Gemini now accesses Mandiant, Google’s threat data compilation service, through conversational search to gain knowledge about the actions of malicious actors. Google expects that by using Gemini, security teams would be able to more accurately identify suspicious activities, resulting in a quicker detection of threats.
By “automating web crawling for relevant Open-Source Intelligence (OSINT) articles, ingesting information and providing concise summaries to aid analysts,” the tool also improves the efficiency of threat research, according to a Google blog post. Gemini in Security, like most existing AI applications, aims to increase the productivity of baseline protection efforts so that security analysts may concentrate on advanced threats.
The company says that Gemini enables security teams to examine larger code samples in search of indications of possibly harmful behavior. “Gemini’s larger context window allows for analysis of the interactions between modules, providing new insight into code’s true intent,” Google stated. Public preview of the feature is presently underway.
In security operations, Gemini
Google is currently integrating Gemini in Security Operations to Chronicle, the company’s security operations platform, following the general release of Duet AI in Security Operations in December 2023. The functionality summarizes information using natural language, which can help security teams identify and address vulnerabilities and improve Chronicle’s usability.
As per Google, the upgrade includes a new assisted investigation feature that “navigates users through the platform via conversational chat, summarizes event data, converts natural language to new detections, and recommends actions it takes.” By the end of April 2024, Gemini will be widely accessible in Security Operations.
The goal of both Gemini enhancements is to assist users in creating more effective security-specific data agents.
Enhancements to Gmail and Workspace
Additionally, Google unveiled a Workspace add-on that enables IT teams to use AI models and data loss prevention (DLP) policies trained on their organization’s data to categorize and safeguard critical material. Workspace administrators will be able to continually assess both new and old Drive files for every employee, as well as automatically safeguard data across the whole organization.
By using a company’s specific data to train models, the add-on further customizes privacy efforts and may aid teams in anticipating security requirements. The add-on will be accessible for most Workspace plans for $10 per month per user; however, Google did not specify to whom or when the feature would be broadly available.
Gmail and Workspace were developed with a zero-trust security strategy in mind, according to Google’s announcement. In keeping with this, the business is also introducing classification labels and expanded DLP controls to Gmail (which is now in beta). Gmail already prevents “more than 99.9% of spam, phishing attempts, and malware from reaching your inbox,” according to the firm, and LLMs will now enable them to remove 20% more dubious content.
Additionally, the business claims that the update would enable Google to “evaluate 1,000 times more user-reported spam in Gmail every day.”
Experts predict that our existing encryption techniques will eventually be superseded by quantum computing. Google also revealed that it is integrating “experimental support for post-quantum cryptography (PQC) in client-side encryption” through third-party partners Thales and Fortanix in order to account for quantum computer attacks.