Google launches unified enterprise security platform, announces AI security agents – Source: www.csoonline.com

Google has launched a new enterprise security platform called Google Unified Security that combines the company’s visibility, threat detection, and incident response capabilities and makes it available across networks, endpoints, cloud infrastructure, and apps. The platform combines threat intelligence from internal and third-party sources with expertise from Google’s Mandiant incident response arm and new AI-powered agents that can automatically triage and investigate alerts.

“Google Unified Security brings together what we are best at — scale, search, analytics — and applies it to security use cases,” Brian Roddy, VP of cloud security at Google Cloud, said during a press briefing attended by CSO. “It offers unmatched threat visibility, cloud security, the most trusted browser, and Mandiant expertise all in one converged security suite powered by Gemini AI and, of course, running on Google’s planet-scale infrastructure.”

The goal, according to Roddy, is to enable organizations to better respond to security challenges brought by increasingly complex IT infrastructures that are targeted with sophisticated attacks by both cybercriminal groups and state-sponsored threat actors.

The platform also allows integration with existing security tools, aiming to solve rather than add to the security data fragmentation problem generated by the multitude of tools that organizations and security teams already use.

Agentic AI on the horizon

Google is determined to leverage its Gemini AI model to create agents that can automate certain security functions to free up resources for security teams. One example is an upcoming agent in Google Security Operations, the company’s existing SecOps platform, that will triage alerts and perform investigations automatically.

This agent, which will become available for preview during the second quarter, is capable of understanding an alert’s context by gathering relevant information, and then provides a verdict that can be reviewed by analysts along with a history of the agent’s decision-making process.

Another AI-powered agent that will be added to Google Threat Intelligence, also during Q2, will perform malware analysis with the goal of determining whether a piece of code is malicious. The agent is capable of executing scripts safely in order to de-obfuscate them.

Google Security Operations now also provides a new Mandiant Threat Defense service that extends the size of enterprise security teams with Mandiant experts who can use AI-assisted techniques to hunt for and respond to threats in customer environments.

If a security incident is discovered, customers can use a new Mandiant Retainer service to quickly retain incident response services on demand with pre-negotiated terms and two-hour response times.

Cloud security enhancements

The Google Cloud Platform (GCP) Security Command Center will gain new capabilities for protecting cloud workloads, especially those related to AI model use.

Model Armor, a feature that’s part of GCP’s existing AI Protection service, will allow customers to apply content safety and security controls to prompts that are sent to self-hosted AI models, either on GCP or across multiple clouds.

A Data Security Posture Management (DSPM) capability that will become available for preview in June will allow for the discovery, security, and management of sensitive data, including data sets used to train AI models.

“DSPM can help discover and classify sensitive data, apply data security and compliance controls, monitor for violations, and enforce access, flow, retention, and protection directly in Google Cloud data analytics and AI products,” the company said.

Also in June, the Security Command Center will get a new Compliance Manager feature through which customers can define policies, control configurations and monitor enforcement to maintain and prove data compliance to auditors.

The Google Compute Engine and Google Kubernetes Engine will get new Security Risk dashboards that will provide information on vulnerabilities and security findings directly in the product consoles. And new third-party integration with Snyk’s developer security platform will help development teams identify vulnerabilities in their code.

Google Cloud will also get new integrations with network security vendors to protect Google Cloud workloads, as well as new features and capabilities related to network security. Among these are: DNS Armor, a feature to detect DNS-based threats built in collaboration with Infoblox Threat Defense; inline data loss protection for Secure Web Proxy (SWP) via integrations with Google’s Sensitive Data Protection and Symantec DLP; and L7 domain filtering capabilities for Google’s Cloud NGFW Enterprise.

Endpoint protection

On the endpoint protection side, Google relies heavily on the Chrome Enterprise browser and its paid Chrome Enterprise Premium service, which provides real-time malware and phishing protection while surfing the web, malware deep scanning on the endpoint, data loss prevention, URL filtering, user behavior insights, and more.

New capabilities for this service include the ability for organizations to configure their own branding and corporate assets to help identify phishing attempts on internal domains, as well as a new data masking feature that completes the DLP capabilities along with watermarking, screenshot blocking, and controls for copy, paste, upload, download, and printing.

“Foundationally, Google Unified Security integrates first- and third-party security telemetry into our data fabric for comprehensive visibility, searchability, and detection using our SecOps platform. It automatically enriches security data with the latest Google threat intelligence, driving better prioritization and identifying gaps. It performs security validation to proactively test and validate the effectiveness of security controls. It unifies response workflows across cloud, SaaS, and on-prem use cases to optimize resources. And it allows customers to bring in Mandiant threat hunters and consultants on demand to augment their team where they need it,” Roddy said.