Google is unveiling a new product called Google Threat Intelligence at the RSA conference in San Francisco, expanding its range of AI tools.

Google Threat Intelligence combines comprehensive threat intelligence with an AI-powered agent called Gemini to provide organizations with faster threat intelligence. This should enable them to better protect themselves against cyber attacks.

The new platform provides a unique view of threats worldwide and protects four billion devices and 1.5 billion email accounts every day. The product uses this data to make connections between attacks and their campaigns, enabling faster identification and response. The AI-driven platform Gemini plays a crucial role in this by quickly analyzing suspicious files and summarizing the results.

In addition to machine learning and AI, Google Threat Intelligence also harnesses the power of crowdsourcing through VirusTotal, where more than a million users share threat indicators. Additionally, Mandiant’s team of threat experts monitors changes in threat actor behavior, contributing to the operational readiness of the information collected.

AI updates in Security Operations

In addition to introducing Google Threat Intelligence, the search giant is also introducing several AI-driven security tools and updates within Security Operations on Google Cloud. This update is intended to reduce the complexity of Security Operations (SecOps) and improve productivity across the Security Operations Center.

New Google Security Operations features leverage AI to automatically generate detections based on recently discovered threats. These capabilities are intended to identify malicious activity in an environment and provide clear instructions for classification and response. This will be available later this year.

Google Security Operations also offers a suite of composite detections that are regularly developed and maintained by Google and Mandiant experts. These detections enable customers to identify threats relevant to their environment.

Additionally, new detections have been added that address serverless threats and cryptomining incidents across Google Cloud, as well as expanded detections for AWS covering identity, compute, data services, and secrets management.

Gemini Features

Additionally, the addition of the “Gemini” capability within Security Operations strengthens the capabilities of security teams. Gemini helps reduce the time security analysts spend writing, executing and refining queries and reviewing complex cases by approximately sevenfold.

New generally available features like Investigation Assistant help security professionals make faster decisions and address threats more accurately and quickly by answering questions, summarizing events, searching for threats, creating rules, and providing action recommendations based on research context.

Finally, Playbook Assistant, currently in preview, is designed to help teams easily create response playbooks, customize configurations, and integrate best practices, simplifying time-consuming tasks that require deep expertise.