Skip to main content

Google’s new AI Product, Threat Intelligence, was announced at the 2024 RSA Conference in San Francisco. Aimed at simplifying cybersecurity threat analysis for businesses, this solution tackles the challenge of deciphering complex threat reports, enabling organizations to gain a clearer understanding of potential threats.

Threat Intelligence integrates three key elements to deliver actionable insights and user-friendly reports for businesses:

Gemini AI Agent: This AI assistant, built on Google’s large language model (LLM) technology, excels at analyzing vast amounts of threat data. Gemini can identify patterns, summarize complex reports in simple language, and even reduce the overwhelming noise of generic alerts.

Mandiant: Acquired by Google in 2022, Mandiant boasts a team of experienced security professionals. These experts monitor malicious actors and provide valuable insights into attacker tactics, techniques, and procedures (TTPs).

VirusTotal: This massive online community allows users to submit suspicious files and URLs for analysis. This crowdsourced data offers valuable real-time insights into emerging threats, keeping Google Threat Intelligence at the forefront of detection.

Google Threat Intelligence
Credit: cloud.google.com

The Power Behind Google Threat Intelligence

Google’s unique perspective on the internet threat landscape, gathered from its massive user base and email services, empowers threat intelligence. This provides unmatched visibility into potential threats, allowing businesses to gain a comprehensive overview of the threats specific to their organization.

One of the most significant advantages of Google Threat Intelligence is its ability to condense large datasets in seconds and automate manual threat intelligence tasks through the power of Google’s Gemini 1.5 Pro large language model. This translates to significantly faster analysis. For example, Google claims its product analyzed the infamous 2017 WannaCry ransomware attack (which affected numerous organizations worldwide) in just 34 seconds and identified the killswitch, compared to what could have been a process taking days or weeks. This speed allows businesses to respond to threats much faster and minimize potential damage.

Moreover, Threat Intelligence integrates Mandiant’s renowned team of threat analysts into its platform, providing users with access to expert guidance and insights into attacker tactics, techniques, and procedures (TTPs). Additionally, contributions from VirusTotal’s community offer real-time insights into threat indicators, further enhancing Threat Intelligence’s capabilities.

Going beyond mere reporting, Threat Intelligence offers a comprehensive suite of features. These include early warning systems for potential breaches that identify compromised credentials, websites, and phishing attacks abusing your brands, centralized tools for efficient threat investigation, and streamlined workflows facilitated by a dedicated workbench for threat analysis and training resources tailored to security teams. This allows businesses to grow their security team’s capabilities and respond to threats faster with confidence.

A Demo showing how Google Threat Intelligence Works

With a fusion of AI-driven analysis and human expertise, Google Threat Intelligence protects organizations in various ways, including external threat monitoring, attack surface management, digital risk protection, Indicators of Compromise (IOC) analysis, and expertise. As AI technology continues to evolve, we can expect even more sophisticated threat detection and prevention tools in the future. Google, with its commitment to innovation showcased at the RSA Conference, demonstrates its dedication to building a safer digital environment for all.

About the author: