Google adds generative AI to security tools

Yesterday at Google Cloud Next conference, the company announced new generative AI enhancements to three Duet AI security products aimed to ‘do more with less’ and make it easier to navigate large security datasets simply by asking questions in plain language.

  • Duet AI in Mandiant Threat Intelligence helps security teams understand the mass of data they have by providing a summary of a particular threat.  
  • Duet AI for Chronicle Security Operations helps teams ask better questions about a particular threat to identify the level of danger and how to respond.
  • Duet AI in Security Command Center enables less experienced security analysts to ask questions to understand the nature of the threat by providing analysis of security findings, potential attack paths and possible actions to take.

“AI is enabling security teams to improve their security posture by generating AI summaries to describe threats, by searching for patterns in security data to identify if teams have been targeted or companies have been targeted, and finally, by recommending actions to take both in response to active threats and also to proactively improve security posture,” Steph Hay, head of UX for cloud security at Google said.

Dave Ratner, CEO, HYAS had this comment :
   “Generative AI has the ability to both tremendously help and harm the cyber security industry.  Google is highlighting some very positive steps to drive efficacy and efficiency in  battling bad actors, but we can’t forget that criminals will be utilizing AI in nefarious ways to continue to make their attacks harder to detect and more effective, similar to what’s been highlighted by HYAS’ eyespy proof of concept and others.   While Protective DNS systems perform admirably today for business and operational resiliency, continued research into how best to detect and defend against tomorrow’s AI-based attacks is needed across the industry to ensure this same level of resiliency going forward.”

Emily Phelps, Director, Cyware follows with this comment:

   “Using AI is a good step toward aiding security teams to get the context they need to take meaningful actions. Cybersecurity programs often include different teams using disparate tools, lacking a shared taxonomy. This makes it difficult to get the right information to the right people to take the right action, even as insights are automatically distributed. Coupling automation with true collaborative technologies – that have flexible playbooks and defined workflows – will give enterprises the contextual insights needed to move faster and more effectively.”

This is a good move by Google. But security is best done in a layered approach. Which means that you as an organization need to have multiple layers to make sure that you don’t get pwned.

Leave a Reply

%d bloggers like this: