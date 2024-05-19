



At the recent RSA conference in San Francisco, Google Cloud announced Google Threat Intelligence, a new security product for large organizations. The new solution provides users with actionable insights, external threat monitoring, attack surface management, digital risk protection, and deep analysis of indicators of compromise (IOCs).

Google Threat Intelligence leverages Google's unique threat insights and combines them with insights from VirusTotal and threat intelligence resources from Madiant, technology from cybersecurity companies Google has acquired in recent years. Sunil Potti, VP/GM of Google Cloud Security, and Sandra Joyce, VP of Google Threat Intelligence, explain:

We provide deep insights from Mandiant's leading incident response and threat investigation teams and combine them with our large user and device footprint and VirusTotal's extensive crowdsourced malware database.

The new service is designed to manage large numbers of alerts and simplify alert prioritization by providing a unified score that aggregates hundreds of technical details. According to the announcement, Google protects his 4 billion devices and his 1.5 billion email accounts, and he blocks 100 million phishing attacks per day. This dataset provides Google with a unique perspective on Internet and email threats.

Google Threat Intelligence includes Gemini, an AI-powered agent that facilitates conversational searches across Google's threat intelligence repository. This feature enables customers to gain insight and improve protection. Potti and Joyce add:

By combining a comprehensive view of the threat landscape with Gemini, we have enhanced our threat research process, strengthened our defense capabilities, and reduced the time it takes to identify and defend against emerging threats. Customers can now compress large data sets in seconds, quickly analyze suspicious files, and simplify difficult manual threat intelligence tasks.

Threat Intelligence's Gemini includes VirusTotal Code Insight, a feature that analyzes code snippets. This helps inspect potentially malicious code and eliminates the need to reverse engineer scripts. On Hacker News, user ungreased0675 wrote:

The addition of Gemini made this product less appealing to me. I don't want anything to do with that product. The idea of ​​threat intelligence from Google's global network still sounds appealing.

Summarizing all of Google's announcements at the RSA conference, Steph Hay, senior director of Google Cloud Security, and Umesh Shankar, chief technologist at Google Cloud Security, wrote:

We have a vision of a world where “doing security” becomes less effortful and more durable, as AI eases the burden of day-to-day tasks and frees up experts to focus on the most complex problems. I have. Organizations can now meet their security challenges with the same capabilities that Google uses to keep more people and organizations safe online than anyone else in the world.

Google also announced automated analysis of Google Security Operations log files. This provides security teams with the data and context they need to create more effective investigations and detections. Additionally, both Gemini for Security Operations and Gemini for Threat Intelligence are now generally available.

