After revealing Gemini-powered security updates to Chronicle and Workspace at Next ’24 last month, Google is upgrading its security software with new artificial intelligence (AI) features.
Security Operations (SecOps) is Google’s platform for detecting, investigating, and responding to cybersecurity threats. Announced at RSA Conference on Monday, the new features use AI to automate detections from threat discoveries, and build on Applied Threat Intelligence, which the company also revealed at Next ’24.
Also: When is Google I/O 2024 and what to expect: Android 15, Gemini, Wear OS, and more
The AI-powered updates reduce busywork and give security teams more bandwidth to look at the big picture. SecOps “enables security teams to surface the latest threats in a turnkey way that doesn’t require complicated engineering,” IDC Research Director Michelle Abraham said in the release.
New curated detections
Experts from Google and Mandiant, the company’s threat data compilation service, provide teams with curated detections that let them specify the type of threat detection they need for their environment. Today, Google unveiled two new types of detections: Cloud and emerging threat.
Cloud detections help protect against serverless threats by tracking cryptocurrency mining incidents, as well as findings from Google Cloud and Security Command Center Enterprise. They also integrate rules for detecting unusual user behavior, machine learning (ML)-generated alerts for device issues, and basic security coverage for Amazon Web Services (AWS), as well as insights from the Mandiant Managed Defense team. Cloud detections are now available with SecOps Enterprise and Enterprise Plus.
Also: How we test VPNs in 2024
Emerging threat detection “can provide coverage for recently-detected methodologies, and is based on threat actor tactics, techniques and procedures (TTPs), including from nation-states and newly-detected malware families,” the company said in the release. Emerging threat detection is available in SecOps Enterprise Plus.
Gemini updates: two new Assistants
Google also announced two Gemini additions: the Investigation Assistant and Playbook Assistant. Gemini already lets security teams use natural language to contextualize and better understand threat tactics and respond to them based on guided recommendations.
Using the context of an investigation, the Investigation Assistant goes further by answering questions, summarizing events, creating rules, and responding to threats more quickly and precisely. Playbook Assistant, which is in preview, meanwhile incorporates a team’s expertise and best practices into building response playbooks to minimize time-consuming steps.
Autonomous parsers
As Google noted in its release, keeping data parsers current is critical for security, but can be time consuming for teams to maintain. To address this, the company announced that SecOps “can now automatically parse log files by extracting all key-value pairs to make them available for search, rules, and analytics,” the release explains.
Also: GitHub releases an AI-powered tool aiming for a ‘radically new way of building software’
Automating data parsers lets teams access the most up-to-date context and data, meaning faster detection and more effective investigations. The feature is in preview, and currently supports JSON-based logs, but Google plans to add other formats as well in the future.
According to the announcement, the upgrades are “designed to reduce the do-it-yourself complexity of SecOps and enhance the productivity of your entire Security Operations Center.” Later this year, the features will allow users to “identify malicious activity operating in your environment, and share clear directions that guide you through triage and response,” the release added.
Artificial Intelligence
This post was originally published on 3rd party site mentioned in the title of this site