UPDATED 12:00 EDT / APRIL 24 2023

SECURITY

Google Cloud bolsters cybersecurity with generative AI model Sec-PALM

Google Cloud today announced it’s aiming to transform cybersecurity operations with a dedicated large language model called Sec-PaLM.

Announced at RSA Conference 2023 running this week in San Francisco, Sec-PaLM is a generative artificial intelligence model that powers a new offering called Google Cloud Security AI Workbench, which incorporates years of the company’s unique visibility into the evolving threat landscape and is fine-tuned for cybersecurity operations.

In an interview with SiliconANGLE, Eric Doerr, vice president of engineering for Google Cloud Security, explained that Security AI Workbench is designed to address challenges faced by enterprises around threat overload, “toilsome” tools and a widening talent gap. He noted that security teams today are struggling to get to grips with an increasing number of threats and the daily toil of ensuring systems are kept secure, which is something that involves lots of manual work. They’re not helped by the fact that many organizations are unable to recruit the experienced staff needed to handle these challenges.

Sec-PaLM has already faced down hundreds of the most advanced cybersecurity threats and relies on this experience to prevent the same attacks succeeding elsewhere. According to Google, it combines the company’s “world-class threat intelligence” with advanced incident analysis to stop malware infections in their tracks. “The language of security may be complex, but it doesn’t change every day,” Doerr said.

To address the increasing number of threats, Google Cloud Security AI Workbench provides teams with access to several tools. They include VirusTotal Code Insight, which uses Sec-PaLM to analyze and explain the behavior of potentially malicious scripts and identity which may be a threat. “It can identify malicious code and understand what it is doing, even if it has never seen it before,” Doerr said.

Meanwhile, Mandiant Breach Analytics for Chronicle is based on years of accumulated threat intelligence from Google’s Mandiant team and can automatically alert customers to ongoing, active security breaches. It leans on Sec-PaLM to help contextualize and respond immediately to such attacks.

The daily toils security teams face is reduced primarily through a strong dose of automation. Application developers can improve security using Assured OSS, a new service that gives organizations the ability to use exactly the same open-source software packages that Google uses in its own developer workflows, reducing the risk of vulnerabilities. Threat-hunting duties are alleviated with Mandiant Threat Intelligence AI, a new tool that leverages Sec-PaLM to find, summarize and counteract the most relevant threats.

Google Cloud Security AI Workbench also does much to address the talent shortage faced by security teams. Chronicle AI helps non-security personnel such as developers and system administrators to address threats and risks through the use of natural language queries. These users can search billions of previous security events in a conversational way, ask follow-up questions and generate detections, without needing to understand any complex syntax or schema. “We can create the query you’ll probably want, even if you’re not an expert,” Doerr said.

Another tool, Security Command Center AI, helps by translating complex attack graphs into human-readable explanations that illuminate how specific applications and systems are exposed to common security threats. It identifies how serious these risks are, and generates recommended actions users can take to address them.

“It takes each attack path and sees if it’s actually an exploitable path,” Doerr explained. “Generative AI can look at it and analyze what’s going on with that attack path, and suggest things to do immediately.”

One of the most interesting aspects of Sec-PaLM is Google’s promise that it will get smarter over time. According to Google, customers will be able to make their private data available to the platform, while still meeting their compliance needs, so it can learn on the job as it identifies new threats and challenges faced by their security teams.

Google said Security AI Workbench’s capabilities will be rolling out gradually over the summer, with VirusTotal Code Insight available in preview now and other features to be made available in the coming months.

With reporting from Robert Hof

Image: Google Cloud

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU