Google has unveiled ‘Google Threat Intelligence,’ a new service powered by the AI-driven agent Gemini 1.5, marking a significant advancement in the integration of Artificial Intelligence (AI) into the cybersecurity domain. This announcement was made during the RSA Conference in San Francisco on May 7, 2024. Google’s Threat Intelligence leverages conversational search capabilities across an extensive repository of threat intelligence data, offering users faster insights and enhanced protection against evolving threats.
Traditional methods of operationalizing threat intelligence have often been labor-intensive and time-consuming, potentially delaying responses to emerging threats by days or weeks. In response to this challenge, Google collaborated with cybersecurity firm Mandiant and the VirusTotal threat intelligence community to develop its own threat intelligence service.
By combining its comprehensive view of the threat landscape with Gemini’s capabilities, Google has streamlined threat research processes, augmented defense capabilities, and reduced the time required to identify and mitigate novel threats. Through Google Threat Intelligence, customers can quickly condense large datasets, analyze suspicious files, and simplify complex manual threat intelligence tasks.
Gemini 1.5, Google’s latest large language model, enhances malware reverse engineering, a sophisticated technique used by cybersecurity professionals. For instance, the integrated AI was able to analyze the entire decompiled code of the WannaCry malware file in a single pass, delivering its analysis and identifying the killswitch within 34 seconds.
Moreover, the intelligence service includes an entity extraction tool for automating data fusion and enrichment processes. It can also autonomously gather relevant open-source intelligence (OSINT) from the web and classify online industry threat reports. Additionally, Google Threat Intelligence streamlines these reports into comprehensive custom summaries for easier consumption.
Furthermore, the Threat Intelligence platform converts gathered information into knowledge collections, incorporating hunting and response packs based on motivations, targets, tactics, techniques, and procedures (TTPs), threat actors, toolkits, and Indicators of Compromise (IoCs).
It’s worth noting that Google’s entry into AI-driven cybersecurity is not unprecedented. Microsoft previously introduced Copilot for Security, a generative AI-powered security solution aimed at enhancing security outcomes for defenders. This service offers capabilities such as summarizing complex security alerts, conducting impact analyses of security incidents, reverse engineering malware, and providing step-by-step incident response guidance.
Google’s initiative to integrate AI into its cybersecurity offerings underscores the growing importance of advanced technologies in combating cyber threats. By leveraging the power of AI, Google Threat Intelligence aims to empower organizations with faster insights and more effective protection mechanisms against the evolving threat landscape.