Google bets on unifying security tools to ease CISO pain
At Google Cloud Next in Las Vegas, Google launches its Unified Security platform with the goal of bringing together disparate security solutions to help cyber leaders and practitioners address their most keenly felt pain points
Amid a plethora of artificial intelligence (AI) infrastructure and model innovations, customer demonstrations and other cloud announcements at Google Cloud Next, Google this week debuted a new Google Unified Security (GUS) platform, delivering innovations across its steadily-growing cyber portfolio as it seeks to deliver better outcomes and integrate ever-more deeply with its customers’ security teams.
One of the most keenly felt pain points for enterprise security leaders is the disconnected nature of the security product and services environment, with many organisations running huge numbers of complex point security solutions, leaving them with fragmented silos of data and a mixed up, even contradictory view of the threat landscape. This leaves them vulnerable and exposed to threat actors who know how to exploit these gaps.
Google feels this pain too and, speaking to Computer Weekly ahead of the opening keynotes, Google vice president of security engineering Heather Adkins said that this had clearly motivated the development of the Unified Security platform.
“I’m excited for customers because there are different things we now offer as a company,” said Adkins. “I can’t tell you how many conversations I’ve had over the past 20 years trying to put those things together.”
At its core, GUS, brings together a range of security products and services including threat intelligence, security operations, cloud security and secure enterprise browsing, couples them to the capabilities it acquired in 2022 through Mandiant, and melds them into a converged solution powered by its Gemini AI.
Google claims this lays the foundations for “superior security outcomes”, creating a single, scalable and searchable security data fabric that covers users’ entire attack surfaces, providing better visibility and quicker detection and response spanning networks, endpoints, the cloud, and other applications, all enriched with up-to-date Google Threat Intelligence and rendered more efficient with Gemini.
“The unified product creates this unified data layer that you can query all the time,” said Adkins. “So if I’m a CISO and I read about [Chinese APT] Salt Typhoon in a magazine and I want to know if we are impacted, I can just ask. I don’t have to sort out a threat report and go and ask my SOC [Security Operations Centre] to dive in.
“That’s the promise of this. You can completely change the workflows, whether you’re a CISO or a SOC analyst,” she said.
IDC senior research director for security and trust, Michelle Abraham, said: “Google Unified Security represents a step forward in achieving better security outcomes with the integration of browser behavior, managed threat hunting, and security validation to strategically eliminate coverage gaps and simplify security management and threat detection and response.
“This approach offers organisations a more holistic and streamlined defense against today’s complex threat landscape,” she said.
Is agentic AI the security pro’s friend?
The scale and scope of what Google is bringing together with GUS is extensive, but with the spread of agentic AI across the enterprise predictably a big theme at Google Cloud Next, expectations at Google are high that the potential benefits of agents will extend to the cyber security realm. So says Google vice president of product management, Brian Roddy
“I think customers are doing some interesting stuff with agentic AI,” he said. “Obviously people have started with things like customer support agents, but very quickly they are building tools that do deeper analysis, from tier one support to tier two and ultimately, tier three.
“What we’re trying to do is in a similar vein, just on security. What are all those really toilsome tasks that make security professionals’ lives miserable? How do we make sure we take as much of that out of their lives as possible?”
Some of Google’s biggest customers have already spent some time kicking the tires, and early customer feedback from these exercises seems broadly positive, said Roddy.
“They really like this stuff. Some of the new tools that are in early use, things like the malware reverse engineering tool, that is something that is completely new, that I’m aware of, in terms of doing something that traditionally required years of experience,” he said.
“If we can now do five to 10 times the amount of reverse engineering, that’s really bad news for the bad guys. We can stop a lot more attacks.”
Google’s malware analysis agent is designed to investigate whether code is safe or harmful. It analyses potentially malicious code and is also able to create and execute scripts for deobfuscation, summarising its work and providing a final verdict.
Early training exercises with this particular tool have produced some interesting results. Indeed, in one test run on a sample of the WannaCry ransomware worm that wrought havoc on the NHS in May 2017, the AI was able to find the ransomware’s kill switch and neuter it in a mere 34 seconds.
It took Marcus Hutchins, the threat intel analyst who first uncovered the kill switch and used it to sinkhole the malware seven hours to achieve the same feat.
Alongside the malware analysis agent which will go into preview for selected customers by the end of June, Google will also offer an alert triage agent to perform dynamic investigations on behalf of users.
The triage agent will analyse the context of each alert, gather relevant information, and render a verdict on the alert, accompanied by a history of its evidence and decision-making processes. Google said the always-on agent will “vastly reduce” the manual work of tier one and two SOC analysts who may otherwise spend hours looking into hundreds of “dead end” alerts every day.
“These are the first expert agents we’re introducing, there are many more coming,” said Peter Bailey, Google Cloud security vice president and general manager. “We see this as just a transformational way to run a TDIR [Threat Detection and Incident Response] pipeline far faster with far better outcomes.”
