9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Thanks to all the bells and whistles lately about generative AI, we’re seeing the technology everywhere. Every company is trying to use generative AI – including in infrastructure
Thanks to all the bells and whistles lately about generative AI, we’re seeing the technology everywhere. Every company is trying to use generative AI – including in infrastructure and when creating apps or software; Companies are looking for ways to make their employees work more efficiently. Today the same thing is happening in cybersecurity.
A persistent challenge in security has always been the human factor, such as the shortage of personnel for key security functions. This problem has persisted for years and dates back to the rise of cybersecurity. The idea behind introducing the generative AI component is to enable experts to focus on critical tasks by using AI to streamline routine tasks, thereby reducing human resources on simpler tasks. AI is therefore a valuable addition that can help many companies combat their talent shortage.
The question is: How does Google introduce AI into its security suite? For this purpose, she created the LLM model SecPaLM. The security stack can be seamlessly integrated into SecPaLM. And it will bring an important change in the different tools.
The integration of this model is now being expanded to Google’s security tools, including Chronicle, Mandiant, VirusTotal and Security Command Center. This development provides a streamlined experience for security analysts and engineers. Their tasks also become easier, such as understanding current security issues. This is possible because AI quickly creates summaries to quickly identify problems. In addition, AI helps solve problems by locating and addressing them. Chronicle, in particular, allows users to inquire about events, current events, impact on users, and whether they indicate a problem. This innovation goes a step further by helping analysts write rules, a skill that typically requires time and language skills. This improvement makes the learning curve less steep.
Additionally, cloud engineers without a security background also benefit. Those who do not specialize in security are empowered to conduct investigations and formulate rules, even without a deep understanding of the intricacies of security. Whether someone is working with data or using tools like Security Command Center, Chronicle, or Mandiant, these advances are democratizing access to security knowledge and skills for everyone.
How can you leverage these generative AI integrations? The best part is that you don’t have to take any extra steps; it can be done effortlessly. Once we talk about personalized integrations where you use your own data, there will most likely be an integration via APIs (to be confirmed).
Below is an overview of Google’s core security stack and how it will leverage generative AI.
This tool allows you to monitor and examine your Google Cloud Platform (GCP) environment. It allows you to identify any security vulnerabilities.
This is how generative AI is used here: Create summaries of results. In cases where a security issue is detected, such as an open firewall, the AI automatically generates a concise summary detailing the potential impact on your infrastructure resources. In addition, the system provides suggestions for corrective measures.
Graphical representation of attack patterns: An additional feature of generative AI visually represents potential attack patterns. This is particularly valuable for people new to the Google Cloud environment. The graphic clearly illustrates the plausible consequences of a possible attack, even if it only originates from an open firewall configuration.
This tool is a security telemetry repository that helps you find consistency between different security tools. This system also helps users create use cases and alerts to monitor and detect threats across your entire environment.
This is how generative AI is used here: Your investigations will be significantly faster thanks to the use of AI. An LLM is integrated directly into Chronicle, with an interface similar to ChatGPT or Bard. You enter into interactive conversations with the tool to request information. This isn’t a one-time thing, you can continue to have dialogues that give you more insight into issues.
Behind the scenes, you communicate with Chronicle, which independently generates questions for you. No in-depth knowledge of the Chronicle product is required, the research process is taken care of for you. Another function is setting rules. In Chronicle, like any other similar tool, you need to write detection rules. With generative AI, you express the rule you want in simple words and Chronicle Changes converts it into the correct computer language (YARA-L). This way, you create rules in seconds, not hours or days. This saves a lot of time and allows everyone to focus on safety. Even if you don’t know much about security, you can just type whatever you think and the AI will do the rules for you.
Chronicle SOAR automates your response to security issues. Collaborate with your team to troubleshoot problems and find solutions. Additionally, keep an eye on your system to identify any problems.
This is how generative AI is used here: Just like the Security Command Center, you get an AI-generated summary that explains the entire incident. Chronicle reports are divided into cases that represent potential security issues. These summaries give you more detail about what happened and how different alerts are related. With this information, you can create more effective solutions and deliver them faster.
Mandiant is the leading threat response platform and a major player in threat intelligence.
This is how generative AI is used here: Using AI capabilities, Mandiant has introduced a new feature that connects to Chronicle. This feature automatically notifies you when there is a security breach. The tool gives you a summary and helps you understand the context of the situation.
Virus Total analyzes suspicious files, domains, IPs and URLs to detect malware and other intruders and automatically forward them to the security team.
This is how generative AI is used here: Introducing a new feature called Code Insight. In the past, you have used VirusTotal to check if an IP address or file was malicious. This has now been improved: you can enter part of the code and it will explain how it affects security. This is very useful if you want to understand what different parts of the code do and whether or not it is harmful to your environment.
Many large security companies are integrating generative AI into their tools. The problem, however, is that they don’t have the extensive data that Google offers.
It is important to highlight Google’s potential impact and its important role in this area. As you know, Google is the largest search engine in the world. This position allows the company to collect enormous amounts of information, both positive and negative. From an intelligence perspective, Google has massive amounts of data on malware, threat actors, and more. Thanks to the widespread use of the Google search engine, this data is easily available without any special effort. This means you can access the wealth of information that Google searches and general internet activity provide.
By integrating VirusTotal, the world’s largest collection of threats, and working with Mandiant, a leading player in the field, you get access to this collection of information. This collaboration is significant for anyone wondering who will take the lead in the emerging AI security and threat intelligence landscape.
Another important aspect to consider is people’s ongoing concern about protecting their personal information for privacy reasons. The same data protection principles that apply to GCP apply to security tools and AI. This means that you have the option of having your own SecPalm so that you can use your data within this framework. This results in a personalized user experience.
Imagine a scenario where you are a large financial institution when it comes to data management. You may have several custom tools that store sensitive data such as credit card information and personal information. With SecPalm you have the ability to use this information in your own secure environment without sharing it with others. It is logical that the attitude of keeping confidential information secret is crucial.
Integrating generative AI into cybersecurity, based on Google’s SecPaLM model, will certainly have an impact on security teams. It does this by increasing efficiency, enabling deeper and faster insights, and addressing talent shortages.
From optimized investigations to intuitive rule design, generative AI will support specialists and non-security experts alike. Google’s expansive position in data sources and continued attention to privacy ensure you can safely use your data for a personalized user experience in this ever-changing era of AI-powered security.
This is a post from DevoTeam. Click here for more information about the company.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
