Our Blog

Google Cloud Cybersecurity AI

26 Apr 2023

Google Cloud Cybersecurity AI

Cybersecurity and AI were always destined to combine for both wonderful and disastrous ways – with AI capable of social engineering techniques, and models being trained in how to speak to human operators in ways almost indistinguishable, it was inevitable that it would come to be a powerful tool for both good and bad actors.

We have seen AI-generated phishing emails and campaigns, AI and Machine Learning models capable of writing code at an expert level that could be used maliciously in hacking and vulnerability exploitation campaigns; and a pandora’s box of capabilities yet to be uncovered.

Contrarily, we have seen AI-assisted traffic monitoring and threat detection – AI/ML protecting the workloads, automated response systems and threat prevention models and the like, where AI are equally partaking in the cyber defence, and almost fighting against their counterparts in the black hat world. So contrasted in their uses yet virtually parallel in the materials, subjects and training they have received to learn from.

Google cloud logo

Google Cloud Security AI Workbench

With the introduction of Google Cloud’s Security AI Workbench, we now see an even clearer positive use for AI in Cybersecurity; extremely intelligent, continuously learning AI/ML capable of not just identifying known attacks and threats but detecting completely new ones without human aid. With the creation of the Sec-PaLM specific model of PaLM (Pathways Language Model) designed with cybersecurity in mind, we see a future of cybersecurity where the human influence could perceivably be entirely removed from the equation.

Sec-PaLM is google’s own large language model for cybersecurity – designed to address the growing issue of a talent gap in the sector, and the continuous manual work of system(s) security in the role of a Security Analyst, it reduces the daily toil through a strong emphasis on automation, capable of identifying and understanding mailicious code it has never seen – and explaining the behaviour of said scripts. Sec-PaLM can find, summarise and counteract threats, as well as contextualising and responding to active breaches.

Google Cloud’s Security AI Workbench provides access to several tools – including VirusTotal Code Insight, which uses Sec-PaLM to analyse and explain scripts – “it can identify and understand malicious code, even if it hasn’t seen it before.” said Eric Doerr in an interview with SiliconANGLE.

Additionally, Mandiant Branch analytics for Chronicle is based on years of threat intelligence built up over time from Google’s Mandiant team and can auto-alert users to ongoing breaches, while leaning on Sec-PaLM to contextualise and respond immediately to said attacks.

Workbench also includes Security Command Centre AI which translates complex attack graphs into readable explanations to illuminate threat exposures, generating recommended actions for addressing them after identifying the risk severity.

Generative AI can look at and analyse paths taken by Security Command Centre AI and analyse it; and suggest what needs doing – immediately.

Chronicle AI is another aspect of Security AI Workbench included to address the talent shortage of security teams – allowing non-security personnel such as developers and system admins to address concerns through natural language queries. Users can search billions of datapoints of previous security events through conversational interactions, asking follow-ups and generating detections without complexity; “we can create the query you’ll probably want, even if you’re not an expert.” Doerr said.

Google Cloud Security AI Workbench

The daily toil of security teams is unparalleled and as mentioned previously, there is a huge talent vs demand gap in the industry. Add this to the heavy workload on the shoulders of so many security teams and it’s clear that we need something to bridge the gap. Enter the Assured OSS service on Google Cloud.

Assured OSS gives organisations the ability to wield the same package of open-source software packages that Google uses in it’s own workflows reducing the vulnerability risks. Threat-hunting duties are passed over to Mandiant Threat Intelligence AI leveraging Sec-PaLM to find, summarise and counteract threats.

Better with time

And as if Google’s new offering wasn’t good enough – they also promise improvements over time; the more data Sec-PaLM gets, the more training it receives, the smarter it will become. Google have promised that customers can make private data available without compromising meeting compliance needs, therefore allowing Sec-PaLM to continue improving as it identifies and learns about new threats and attacks faced.

Cybersecurity in the Summer

Google are looking to gradually roll out Security AI Workbench services over the summer, with VirusTotal Code Insight available in preview already. This offering from Google Cloud, offers an unrivalled step forward in cybersecurity and provides hope of a future better protected from threat actors and cyberattacks.

Security is a vital aspect to consider when selecting cloud services, and Google Cloud Platform offers its users various options that can fit into any organisation. As a user, you have the flexibility to determine the model that best suits you, allowing you to effectively manage your security while optimising your cloud solutions. We hope this blog has provided you with valuable insights on Google Cloud Security, including its services, and significant points to keep in mind as you manoeuvre your way through cloud computing technology.

If you’re looking for a cloud provider, whether that’s migrating from on-premises TO the cloud, or from one Cloud provider to another, Secure IT Consult offers migration services and cloud consultancies to ensure that you’re best-positioned in the cloud to take full advantage of the HUGE range of services on offer. We provide:

  • Consultancy services to ensure you’re moving to the correct provider for your unique needs to be met and that you’re taking advantage of the provided tools and services.
  • Migration services to take you TO the cloud efficiently and effectively with minimal disruption and downtime, as well as data loss prevention and ensuring business performance is not hindered.
  • Optimisation services to ensure you are at your best cost-to-performance ratio, and that you aren’t spending more or less than you need for maximum efficiency.

We additionally offer Cloud Security and wider cybersecurity services you need to ensure you are well protected in the cloud, and there are no network vulnerabilities/exploits that could be used to damage you, your infrastructure, or your organisation.

For more information on the services Secure IT Consult can provide for your Cloud Computing needs, see our cloud services page, or contact us for more information.