Google brings Duet AI to Mandiant Threat Intelligence, wider security suite
Natural language insights into security data could empower security teams and reduce toil
Google Cloud has announced a range of new security capabilities for its Duet AI assistant, which will be implemented across Google Cloud’s security products for improved insight into enterprise-level threats.
Duet AI will be brought to Google Cloud applications including Mandiant Threat Intelligence, Chronicle Security Operations, and Security Command Center in order to provide security teams with productivity boosts and enhanced insights.
Within Mandiant Threat Intelligence, Duet AI will aggregate and summarize new threat intelligence, providing firms with simple explanations of active threat actors as well as up-to-date advice on avoiding and remediating attacks based on user prompts.
The AI tool will also be used to provide contextual information on threats within Chronicle Security Operations, and act as the backbone for a new natural language search function.
This can be used to improve the speed at which security teams can discover and respond to threats.
In an example, Google Cloud showed AI-generated results for 15 instances of document sharing within an enterprise environment, in which Duet AI laid out a timeline of cases involving suspicious file sharing, identified the user associated with the actions, and recommended the next steps.
Google Cloud expressed hope that Duet AI could be used to reduce toil and burnout in cyber security, by slashing the need for manual research and analysis.
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
In Security Command Center, the AI assistant, which Google calls a ‘collaborator’, can provide IT teams with plaintext summaries of security vulnerabilities and attack vectors in near-real time.
Combined with its capabilities in Mandiant and Chronicle’s applications, Duet AI can also be used to inform the steps an organization must take to stamp out poor security hygiene within its workforce.
The launch could have a sizable impact on overall security incidents, with the majority of breaches still linked to email attacks.
Tools such as Duet AI may also help security teams explore the risks of introducing generative AI into their stack, with many workers still lacking the skills to safely use the technology.
Establish a clear roadmap for cyber security investigations and resolution.
DOWNLOAD FOR FREE
Google Cloud stated it will use Security AI Workbench, a platform powered by its custom security large language model (LLM) Sec-PaLM 2, as the bedrock for its security applications and will extend its abilities to partner and customer software with AI abilities.
At the launch of the AI Workbench in April 2023, Google Cloud stated that it would work to integrate more AI features across its product range in order to widen access to security information and further assist security teams.
In bringing Duet AI to Google Cloud’s security suite, Google has positioned its AI offering in direct competition with Microsoft Security Copilot, which leverages GPT-4 to provide insights and recommendations on threats within an organization’s environment.
The productivity tools Duet AI and 365 Copilot already share a number of similarities, as both Google and Microsoft have invested heavily in the wide potential for generative AI applications across their respective enterprise offerings.
Google Cloud also revealed a number of new products and services coming to the security cloud in the coming months. In collaboration with Tenable, the firm will bring agentless vulnerability scanning of Google Compute Engine Virtual Machines to the cloud via preview.
This will allow firms to detect vulnerabilities across their environments without having to mass-install security software. Firms can now customize their own posture findings through the Security Command Center.
Palo Alto Networks has also worked with Google Cloud to bring next-generation firewalls to the cloud. This can accurately detect malware, analyze TLS traffic, and actively work off up-to-date threat intelligence from Palo Alto Networks and Google Cloud.
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.