Google LLC is applying artificial intelligence to security across a wide range of use cases and announcements this week at its Cloud Next conference in San Francisco.

The enhancements target both end-users and security professionals, led by applications of the company’s Duet generative artificial intelligence engine to the Mandiant Corp. threat intelligence platform that Google acquired last year.

“There are three areas where generative can bring value: stopping novel threats, reducing workloads and scaling talent so level one operations can be as productive as level two and level as productive as level three,” said Jeff Reed, vice president of products for Google Cloud Security.

Duet AI features have been added to Mandiant Threat Intelligence to speed threat assessment and operationalize threat intelligence across an organization. Duet AI in Chronicle Security Operations uses generative AI to expedite threat investigation. Chronicle is Google’s cloud-native security operations suite.

Duet is also being applied in Google’s Security Command Center to help security professionals better understand risk assessments and get recommended remediation steps. Mandiant Hunt for Chronicle provides threat hunting on Chronicle data by Mandiant experts who use frontline intelligence to proactively search for undetected attacks. All features will be available later this year.

AI-powered threat hunting

Mandiant determines which of a company’s systems were affected by a breach, removes malware and takes steps to prevent similar cyberattacks in the future. “Mandiant has a massive corpus of threat information,” said Steph Hay, director of user experience for Google Cloud Security. In a demonstration, she showed how a search for the threat actor APT 43 yielded 11,000 search results.

“I have to have a tenured understanding to figure out what’s relevant to me,” she said. “Now we can use AI to generate a contextualized summary about a particular threat actor immediately.”

Hay showed how further information about the attacker could be retrieved using natural language queries. Previously, she said, “I’d have to have a specialized understanding of the Chronicle search syntax but now Duet is understanding my natural language input and generating the query without having to know the unique data model. I can use generative AI to create a summary of the attack paths and what I should do to lock them down.”

Auto classification

Google Workspace, which is the company’s office application suite, is also getting a number of AI-assisted enhancements.

AI will be applied to automatically and continuously classify and label data in Google Drive to help ensure appropriate sharing controls and protect against exfiltration: Administrators create AI models that are customized for each organization to classify and label new and existing files in Drive automatically. They can set criteria, such as device location or security status, that must be met for a user to share sensitive content in Drive.

Controls, such as data loss protection and certificate authority authorization, can then be applied based on the security policy. The feature is available in preview. Enhanced DLP controls are coming to Gmail in a preview later this year.

New controls aimed at data sovereignty, which restricts data storage to particular locations, are also being added in a number of features that will be available later this year.

Enhancements to client-side encryption, or CSE, which prevents third-party access to sensitive data, include support of mobile apps in Google Calendar, Gmail and Meet, the ability to set client-side encryption as the default for select organizational units, guest access support in Google Meet, comments support in Google Docs, and the ability for users to view, edit or convert Excel files.

Through partnerships with security providers Thales SA, Stormshield SAS, and Flowcrypt a.s., Google is also enabling CSE customers to store their encryption keys with a trusted partner in the country of their choice. Organizations will be able to choose whether covered data is processed in the European Union or the U.S. and have the option to store a copy of their Workspace data in a country of their choice. They can also use access approvals to control Google support access for troubleshooting purposes as well as monitor Google actions with Google’s Access Transparency.

Google also said select administrator accounts of its resellers and largest enterprise customers will be required to add two-step verification to their accounts starting later this year in a phased rollout. Workspace administrators will also have the option to require additional approval by another administrator to complete a sensitive action, such as changing authentication settings for a user.

Image: Bing Image Creator