Google has introduced Google Threat Intelligence, which combines an in-depth view of threats with Gemini’s AI capabilities to “supercharge” the process.
Gemini, formerly Bard, is Google’s multimodal large language AI model deployed to find security threats and create summaries of its findings.
The new security solution was announced at the annual RSA conference for IT security professionals in San Francisco between May 6th – 9th, 2024.
Dave Gruber, Principal Analyst, Enterprise Strategy Group, provided his review of Google Threat Intelligence: “While there is no shortage of threat intelligence available, the challenge for most is to contextualise and operationalise intelligence relevant to their specific organisation.
“Unarguably, Google provides two of the most essential pillars of threat intelligence in the industry today with VirusTotal and Mandiant.
Integrating both into a single offering, enhanced with AI and Google threat insights, offers security teams a new means to operationalise actionable threat intelligence to better protect their organisations.”
How Gemini Helps
Google Threat Intelligence is utilising Gemini1.5 Pro’s AI power to offer a more efficient and effective solution for IT security teams in their fight against malware.
According to Google, Gemini 1.5 Pro provides the world’s longest context window and supports up to one million tokens.
Google’s AI assistant can simplify the complex and time-consuming task of reverse engineering malware by automatically applying one of the most advanced threat analysis techniques currently available.
To showcase the potency of the Gemini-infused Threat Intelligence offering, it was used to process the entire decompiled code of a malware file for WannaCry in a single scan. In total, it took just 34 seconds to generate its analysis and locate the ‘kill switch’, a mechanism to immediately shut down or isolate a system, application, or device that may be infected by malware.
Google also provides an extraction tool powered by Gemini to automate data enrichment and fusion. The tool is capable of crawling the web to find open-source intelligence (OSINT) and online industry threat reporting. It converts this information into knowledge collections with hunting and response packs from tactics, targets, techniques, motivations, actors, procedures (TTPs), Indicators of Compromise (IoCs), and toolkits.
Google Threat Intelligence can condense over ten years of threat reports to apply to custom summaries in a matter of seconds.
The US tech giant summarises the benefits of leveraging Gemini as part of its Threat Intelligence solution: “By combining our comprehensive view of the threat landscape with Gemini, we have supercharged the threat research processes, augmented defence capabilities, and reduced the time it takes to identify and protect against novel threats.
“Customers now can condense large data sets in seconds, quickly analyse suspicious files, and simplify challenging manual threat intelligence tasks.”
In February this year, Google unveiled Gemini Business and Enterprise subscription plans for Google Workplace users.
Gemini Business and Enterprise grant customers access to Google’s most advanced AI models, namely Gemini Ultra, which is the most capable of Gemini’s three iterations. Gemini will be natively embedded into the Workspace experience.
Gemini for Workspace introduces a new standalone feature enabling users to engage in secure chats with Gemini, fortified with enterprise-level data protection measures.
In March, UC Today’s Rebekah Carter created a useful guide to Google Gemini, exploring what it is and why it is so central to Google’s AI master plan.