RSAC 2024: Google Threat Intelligence unveiled

Last week, at the RSA Conference 2024 (RSAC 2024), Google announced its new flagship cybersecurity offering for enterprises: Google Threat Intelligence. This comprehensive offering combines Mandiant and VirusTotal threat intelligence with Gemini generative artificial intelligence.

Since Google acquired Mandiant and VirusTotal, each solution remained available to be acquired by customers and deployed separately. Integrations have existed with other Google Cloud technologies for years, but until now, it was not available in one comprehensive solution.

Google Threat Intelligence leverages the “frontline” footprint of Mandiant solutions embedded globally for detecting novel cybersecurity threats, with VirusTotal’s robust crowdsourced malware database. Open source intelligence is also integrated for additional cybersecurity threat analysis.

Gemini generative AI for cybersecurity

As generative AI continues to mature and adapt to enterprise use cases, Google has also included its Gemini 1.5 Pro multimodal model in the threat intelligence platform. Gemini 1.5 Pro offers up to 1 million context tokens, and can dramatically reduce the labor-intensive process of reverse engineering malware.

Google boasts that its Gemini 1.5 Pro model was able to process the entire decompiled code of the malware file for WannaCry in a single pass. The analysis took only 34 seconds, generated a complete report and identified the killswitch.

For open source intelligence workflows, Google Threat Intelligence using Gemini can be leveraged to automatically crawl the web for relevant intel, and classify industry threat reporting. It converts the information to knowledge collections, and develops appropriate tactics, techniques and procedures (TTPs), identifying key actors, and Indicators of Compromise (IOCs).

If you doubted the applicability of generative AI for cybersecurity incident response or threat detection, this is the clearest demonstration yet that AI is disrupting the field.