Google unveils AI-driven threat intelligence to streamline defences
Google has unveiled a new cybersecurity product - Google Threat Intelligence, a comprehensive solution aimed at combating one of the main challenges in threat intelligence: the lack of a holistic view of threats and the difficulty in translating intelligence into actionable protection.
Google Threat Intelligence merges the expertise of Mandiant, the reach of the VirusTotal community and Google's incomparable visibility. The product utilises Gemini, an artificial intelligence (AI) agent set to revolutionise the speed and efficiency of dealing with threats.
As Principal Analyst at Enterprise Strategy Group Dave Gruber explains, "While there is no shortage of threat intelligence available, the challenge for most is to contextualize and operationalize intelligence relevant to their specific organization. Unarguably, Google provides two of the most important pillars of threat intelligence in the industry today with VirusTotal and Mandiant. Integrating both into a single offering, enhanced with AI and Google threat insights, offers security teams a new means to operationalize actionable threat intelligence to better protect their organizations."
This new solution provides unparalleled visibility into global threats. Through Google's in-depth insights from Mandiant's leading incident response and threat research team, combined with their extensive user and device footprint and VirusTotal's large crowdsourced malware database, Google Threat Intelligence has the potential to offer unique insights. Google currently protects four billion devices, blocks 100 million phishing attempts per day and defends 1.5 billion email accounts.
Top-tier consultants at Mandiant meticulously monitor threat actor groups for activity and changes in their behaviour. They use their frontline intelligence to help defend customers against sophisticated actors across the globe, conducting more than 1,100 investigations annually. VirusTotal's global community of over one million users contributes potential threat indicators, while data from the security community enriches Google Threat Intelligence's knowledge base through open-source intelligence.
Google Threat Intelligence's advantage is its innovative move away from traditional, labour-intensive approaches to operationalising threat intelligence, which can delay response times. Instead, the AI-driven Gemini analyses potentially malicious code and provides summarised results. Improved threat research processes, augmented defence capabilities, and reduced response times are all now within reach.
This approach is typified by the inclusion of Gemini 1.5 Pro in Google Threat Intelligence. This tool simplifies the technical and labour-intensive process of reverse engineering malware. As one example of its efficiency, it processed the entire decompiled code of the malware file for WannaCry in a single pass, taking only 34 seconds to deliver its analysis and identify the killswitch.
Google Threat Intelligence forms part of Google Cloud Security's comprehensive security portfolio, which also includes Google Security Operations, Mandiant Consulting, Security Command Center Enterprise, and Chrome Enterprise. With these offerings, organisations can address security challenges using the same capabilities Google uses to keep more people and organisations safe online than anyone else in the world.