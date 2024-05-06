



Photo Alliance/Getty Images

After revealing security updates to Chronicle and Workspace powered by Gemini at Next '24 last month, Google is upgrading its security software with new artificial intelligence (AI) features.

Security Operations (SecOps) is Google's platform for detecting, investigating, and responding to cybersecurity threats. The new feature, announced at his RSA Conference on Monday, uses AI to automate detection through threat discovery and builds on Applied Threat Intelligence, which the company also unveiled in his Next '24.

AI-powered updates reduce the heavy lifting and give security teams more bandwidth to see the big picture. SecOps allows security teams to “surfacing the latest threats in a turnkey manner that doesn't require complex engineering,” Michelle Abraham, his director of IDC Research, said in a release.

New curated detections

Experts at Google and Mandiant, the company's threat data compilation service, provide teams with curated detections that allow them to specify the types of threat detections their environments require. Today, Google announced his two new types of detection: cloud and new threats.

Cloud detection protects against serverless threats by tracking crypto mining incidents and findings from Google Cloud and Security Command Center Enterprise. It also includes rules for detecting anomalous user behavior, alerts generated by machine learning (ML) for device issues, basic security coverage from Amazon Web Services (AWS), and information from the Mandiant Managed Defense team. Insights are also integrated. Cloud discovery is now available in SecOps Enterprise and Enterprise Plus.

New threat detections “can cover recently detected techniques and are based on the tactics, techniques, and procedures (TTPs) of threat actors, including nation states and newly detected malware families,” the company said in a release. Ta. Emerging threat detection is available with SecOps Enterprise Plus.

Gemini update: 2 new assistants

Google also announced that it has added two features to Gemini: Investigation Assistant and Playbook Assistant. Gemini is already enabling security teams to use natural language to contextualize threat tactics to better understand them and respond with guided recommendations.

The Investigation Assistant uses the context of the investigation to answer questions, summarize events, create rules, respond to threats faster and more accurately, and more. Meanwhile, Playbook Assistant, which is in preview, incorporates the team's expertise and best practices into building responsive playbooks to minimize time-consuming steps.

autonomous parser

As Google said in the release, keeping data parsers up to date is important for security, but it can be time-consuming for teams to maintain. To address this, the company announced that SecOps now “automatically parses log files by extracting all key-value pairs, making them available for searches, rules, and analysis.” explained in the release.

Automating data parsers gives your team access to the most up-to-date context and data, enabling faster discovery and more effective investigations. This feature is in preview and currently supports JSON-based logs, but Google plans to add other formats in the future.

According to the announcement, the upgrade is “designed to reduce do-it-yourself complexity for SecOps and improve productivity across security operations centers.” Later this year, the feature will allow users to “identify malicious activity occurring within their environment and share clear instructions to guide triage and response,” the release added. There is.

