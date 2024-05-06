



The new Google Threat Intelligence product announced at RSAC 2024 combines insights from Mandiant, VirusTotal, and Google with features powered by GenAI to provide faster protection against threats, the company said.

Google Cloud on Monday announced new cybersecurity products that represent major advances in making threat intelligence more automated and more actionable, executives told CRN.

The new Google Threat Intelligence service, announced in conjunction with RSA Conference 2024, provides faster protection against threats and a simplified user experience for security professionals, said Eric Doerr, vice president of engineering for Google Cloud Security. says Mr.

He said he believes this will make a big difference in how security organizations are equipped to protect themselves.

According to Doerr, Google Threat Intelligence stands out in the crowded threat intelligence space by combining insights from three large data sources: Mandiant, VirusTotal, and Google, with new capabilities powered by GenAI.

Here are five things to know about the new Google Threat Intelligence service announced Monday at RSAC 2024.

integrated product

The company said its new unified threat intelligence offering was made possible by integrating capabilities from multiple sources within Google Cloud.

That includes Mandiant, a well-known incident response and threat intelligence company that Google acquired in 2022, and which Google Cloud says investigates more than 1,100 cyber incidents each year. The new service also leverages VirusTotal, a crowd-sourced malware database that Google has owned for more than a decade and has more than 1 million users.

And of course, the new threat intelligence product leverages data belonging to Google itself, including the 1.5 billion Gmail accounts and 4 billion devices protected by the company.

By combining and analyzing these three large data sources, Google Threat Intelligence can significantly improve threat correlation, Doerr said.

Each source provides important insights on its own, but they become even more valuable when combined.correlation of [the sources] It will be more practical, he told CRN. In some cases, you may see threats that you would not have seen without triangulating across these data points.

AI acceleration

According to Google Cloud, the key benefit of the new Google Threat Intelligence service is to provide security professionals with rapid insights through the use of generative AI.

Specifically, the service uses Google's Gemini AI technology, including the Gemini 1.5 Pro service launched in April. Google Cloud says Gemini allows security professionals to quickly compress and analyze large datasets, and also provides the ability to extract open source intelligence from the web.

Google Threat Intelligence allows security teams to extract over 10 years of threat reports and create comprehensive custom summaries in seconds, the company said in a blog post.

Meanwhile, the company says Gemini is now generally available as part of its security products, which include Google Threat Intelligence and Google Security Operations.

Pinpoint threats

Ultimately, the new Google Threat Intelligence service will provide more data, more visibility and more automation, Doerr said.

[Its] It's automated to the point where it actually tells you if there's a problem and actually contains it, he said. So it's actually putting all the pieces of the puzzle together.

SecOps platform

Although Google Threat Intelligence can be licensed as a standalone product, it is also deeply integrated into the Google Security Operations platform (formerly Google Chronicle Security Operations), Doerr said.

As part of Google SecOps, the new Google Threat Intelligence service enables use cases such as automated threat hunting when new threats are discovered. [thats] If it's present in your environment, we'll report it. He said there was no need to do anything. That kind of thing is truly magical.

Team integration

Google Cloud has leveraged the Mandiant acquisition to roll out a variety of new products and features since the $5.4 billion deal closed in September 2022. But the debut of Google Threat Intelligence is one of the most ambitious services to bring together data and expertise. From Mandiant and Google.

The service is made possible by the complete integration of Google and Mandiant's respective threat intelligence teams, Doerr said. Now they have integrated those processes and tools, he said.

After a big acquisition like that, it takes time to really learn “what's in this team?” What abilities do they have? What tools do they have? Mr. Doerr said.

Once we had that understanding, he said, it became very clear that if we combined these elements in new ways, we could actually do things that we couldn't do independently before. This vision for Google Threat Intelligence was born out of that very process.

