Google unveils new Threat Intelligence offering

 Google Threat Intelligence has been unveiled at RSA, a new offering from Google Cloud Security that combines the ‘depth of Mandiant frontline expertise, the global reach of the VirusTotal community, and the breadth of visibility only Google can deliver’ according to the company and intel will be based on billions of signals across devices and emails.

Google Threat Intelligence includes Gemini in Threat Intelligence, the company’s AI-powered agent that provides conversational search across a vast repository of threat intelligence, enabling customers to gain insights and protect themselves from threats faster than ever before.

“While there is no shortage of threat intelligence available, the challenge for most is to contextualise and operationalise intelligence relevant to their specific organisation,” said Dave Gruber, principal analyst, Enterprise Strategy Group. “Unarguably, Google provides two of the most important pillars of threat intelligence in the industry today with VirusTotal and Mandiant. Integrating both into a single offering, enhanced with AI and Google threat insights, offers security teams a new means to operationalise actionable threat intelligence to better protect their organisations.”

Based on Mandiant’s leading incident response and threat research team, combined with Google’s massive user and device footprint and VirusTotal’s broad crowdsourced malware database, the new offering will bring:

  • Google threat insights: Google protects 4 billion devices and 1.5 billion email accounts, and blocks 100 million phishing attempts per day. This provides a vast sensor array and a unique perspective on internet and email-borne threats that allow the company to connect the dots back to attack campaigns.
  • Frontline intelligence: Mandiant’s eIite incident responders and security consultants dissect attacker tactics and techniques, using their experience to help customers defend against sophisticated and relentless threat actors across the globe in over 1,100 investigations annually.
  • Human-curated threat intelligence: Mandiant’s global threat experts monitor threat actor groups for activity and changes in their behaviour to contextualise ongoing investigations and provide the insights you need to respond.
  • Crowdsourced threat intelligence: VirusTotal’s global community of over 1 million users continuously contributes potential threat indicators, including files and URLs, to offer real-time insight into emerging attacks.
  • Open-source threat intelligence: We use open-source threat intelligence to enrich our knowledge base with current discoveries from the security community.

Google Threat Intelligence ‘boasts a diverse set of sources that provide a panoramic view of the global threat landscape and the granular details needed to make informed decisions’ according to the official blog.

Services will include external threat monitoring, attack surface management, digital risk protection, Indicators of Compromise (IOC) analysis, and expertise.

AI-driven operationalisation

Traditional approaches to operationalising threat intelligence are labor-intensive and can slow down your ability to respond to evolving threats, potentially taking days or weeks to respond.

Google Threat Intelligence uses Gemini to analyse potentially malicious code and provides a summary of its findings.

From the blog: ‘By combining our comprehensive view of the threat landscape with Gemini, we have supercharged the threat research processes, augmented defence capabilities, and reduced the time it takes to identify and protect against novel threats. Customers now have the ability to condense large data sets in seconds, quickly analyse suspicious files, and simplify challenging manual threat intelligence tasks’.

Google Threat Intelligence is part of Google Cloud Security’s comprehensive security portfolio, which includes Google Security OperationsMandiant ConsultingSecurity Command Center Enterprise, and Chrome Enterprise.