Artificial intelligence tools are being abused to conduct cyberattacks. How do you beat them? You join them — by using AI to bolster modern-day defenses.
Artificial intelligence (AI) and machine learning (ML) have become hot topics in the technology space in recent years. While the launch of tools including ChatGPT introduced the explosive potential of AI chatbots to the community at large, in the enterprise, AI and ML can have far more transformative impacts on existing business operations — and on security.
On Tuesday, at Google Next, the tech giant’s annual conference taking place in the Moscone Center in San Francisco, Google debuted new AI-based solutions focused on enhancing the cybersecurity capabilities of the company’s cloud and security solutions.
In the words of Sunil Potti, Vice President and General Manager of Google Cloud Security, the company wants to “address pervasive and fundamental security challenges: the exponential growth in threats, the toil it takes for security teams to achieve desired outcomes, and the chronic shortage of security talent.”
One way these challenges can be tackled is by utilizing AI as part of a “holistic approach,” says Potti, and by giving security teams technologies that expedite processes, improve threat detection and speed up existing workflows — allowing defenders the time and breathing space necessary to focus on tasks that need a human operator’s guiding hand.
Here’s everything you need to know about Google’s security enhancements introduced at Google Next 2023 and the expansion of Duet AI capabilities — all of which are at the heart of new security offerings.
Introducing Duet AI: Mandiant Threat Intelligence
Duet AI has been integrated into a number of key products of use to cloud defenders, the first of which is Mandiant Threat Intelligence.
Mandiant Threat Intelligence is a service that compiles threat data, including the tactics, techniques, and procedures (TTPs) used by cybercriminals and state-sponsored threat actors worldwide. Automatically generated summaries can give security teams rapid data on adversaries and their techniques, which can assist defenders in making informed decisions to secure their networks. Duet AI will expedite these functions and make it easier for threat intelligence to be integrated into existing SOC workflows.
Duet Al in Mandiant Threat Intelligence is available now in preview and will be generally available this year.
Duet Al in Chronicle Security Operations
Duet Al can now be found in Chronicle Security Operations, Google’s answer to a Security Operations Center (SOC) for modern businesses.
The artificial intelligence system will focus on streamlining some threat detection and security practices by providing automatically generated summaries based on important threats and contextual data, as well as providing response recommendations, in order to “better help defenders protect their digital assets from persistent threats”.
A particularly interesting feature of the new generative Duet AI integration is how natural language processing is utilized. According to Google, Duet AI will enhance Chronicle’s natural language search, allowing defenders to enter questions, of which Chronicle will generate queries from their statements and “present a fully mapped syntax for search, and make it possible to quickly refine and iterate on results.”
Ed Murphy, Product Manager & Shelly Tzoumas, Senior Product Marketing Manager, commented:
“Duet Al in Chronicle provides generative Al-powered assistance to cloud defenders where and when they need it. It can help transform threat detection, investigation, and response for cyber defenders by simplifying search, complex data analysis, and threat detection engineering, to reduce toil and elevate the effectiveness of each defender.”
Duet Al in Chronicle Security Operations is now available in preview and is expected to become generally available this year.
Duet Al in Security Command Center
Duet Al is also being integrated into Google Cloud’s Security Command Center, a built-in security and risk management solution for Google Cloud customers. The security solution can be used to uncover misconfigurations — a common issue that allows unauthorized access and causes data breaches — threat detection and protection for Google Compute Engine, Google Kubernetes Engine, BigQuery, CloudSQL, and more, alongside attack path simulation features.
Now, Duet AI will be offered for the “near-instant” analysis of security issues and potential attack paths. Google says that the introduction of AI into Security Command Center will reduce the legwork associated with threat analysis, with summaries allowing defenders to focus on remediation and prevent “critical findings” from being overlooked.
Furthermore, Google is adding Tenable’s agentless vulnerability scanning to the security solution.
Mandiant Hunt for Chronicle
In addition, Google has introduced Duet Al in Mandiant Hunt for Chronicle Security Operations, which is now available in preview.
Google completed the acquisition of Mandiant, a top-tier threat intelligence and cyber forensics firm, in 2022. Since then, Mandiant’s capabilities have been merged with Google technologies, and DuetAI’s inclusion in Mandiant Hunt is the latest improvement.
According to Google, Mandiant Hunt, the managed threat-hunting service, now “integrates Mandiant’s frontline intelligence and expertise with Google Cloud technology to proactively search for undetected attacks.” The introduction of AI may assist defenders in detecting more threats to their organizations, including novel attack methods, via the detection of malicious behavior patterns and by combining older security data and new telemetry.
“Mandiant Hunt for Chronicle provides continual threat hunting by Mandiant experts on Chronicle data to expose attacker activity and help reduce business impact. It integrates the latest insights into attacker behavior from Mandiant’s frontline experts with Chronicle Security Operations’ powerful ability to quickly analyze and search security data. Mandiant Hunt for Chronicle can help organizations close the skills gap and gain elite-level support without the burden of hiring, tooling, and training.”