Google is entering the cybersecurity generative AI capability race with the announcement of Google Cloud Security AI Workbench at the RSA Conference 2023. Aimed directly at Microsoft’s competing Security Copilot announcement, Security AI Workbench is a new platform that helps cybersecurity analysts automate and accelerate their security operations. The new platform is powered by Google’s specialized security-centric large language model (LLM), Sec-PaLM.
Security AI Workbench provides a unified platform for deploying, managing, and monitoring various security AI tools, including threat detection, incident response, and threat hunting.
Google touts that the new security model is “fine-tuned” for security use cases, and incorporates Mandiant’s “frontline intelligence on vulnerabilities, malware, threat indicators, and behavioral threat actor profiles.”
Security AI Workbench is designed to be easy to use, even for security analysts with limited AI experience. The platform provides a drag-and-drop interface for deploying and configuring AI tools, and it includes a variety of pre-trained models that can be used to detect threats and respond to incidents.
Solving Cybersecurity Budget, Resource, and Talent Gaps
Google hopes that the Security AI Workbench platform will help alleviate the crushing burden that every organization around the globe shares: lack of cybersecurity talent, resource constraints, and too many security tools and alerts.
Google is also introducing additional Sec-PaLM powered solutions into its portfolio with VirusTotal and Mandiant offerings. From Google’s announcement:
- VirusTotal Code Insight uses Sec-PaLM to help analyze and explain the behavior of potentially malicious scripts, and will be able to better detect which scripts are actually threats.
- Mandiant Breach Analytics for Chronicle leverages Google Cloud and Mandiant Threat Intelligence to automatically alert you to active breaches in your environment. It will use Sec-PaLM to help contextualize and respond instantly to these critical findings.
- Assured OSS uses Sec-PaLM for understanding and reviewing open-source software (OSS) packages for vulnerabilities and helping secure the software supply chain.
Key Capabilities of Google Cloud Security AI Workbench
- Unified platform: The workbench provides a unified platform for deploying, managing, and monitoring various security AI tools. This makes it easy for security analysts to get started with AI and to quickly deploy new tools as needed.
- Easy to use: The workbench is designed to be easy to use, even for security analysts with limited AI experience. The platform provides a drag-and-drop interface for deploying and configuring AI tools, and it includes a variety of pre-trained models that can be used to detect threats and respond to incidents.
- Powerful features: The workbench includes a number of powerful features that help security analysts improve their security operations. For example, the workbench can be used to automate threat hunting tasks, such as identifying anomalous behavior and investigating suspicious activity. The workbench can also be used to generate reports that can be used to share insights with other stakeholders in the organization.
The Generative AI movement has arrived and is taking over this year’s RSA Conference by storm. Companies and customers alike are demanding more from their technology investments with fewer resources than ever as cyber threats rise in sophistication.
Generative AI is becoming the next big thing for cybersecurity. How practical and intertwined it truly becomes with daily cyber operations has yet to be seen, but only time will tell.
Disclaimer: The author of this article is a current employee of Google. This article does not represent the views or opinions of his employer and is not meant to be an official statement for Google, or Google Cloud.
