Google unveils new threat intelligence service at RSAC 2024

SAN FRANCISCO -- Google unveiled a new threat intelligence offering that aims to use the company's scale, reach and AI technology as key differentiators.

Google Threat Intelligence was announced Monday at RSA Conference 2024. Sunil Potti, vice president and general manager of Google Cloud Security, and Sandra Joyce, vice president of Google Threat Intelligence, wrote in a blog post that the new offering melds insights from Mandiant's incident response investigations, crowdsourced intelligence from VirusTotal's community and security data from open-source intelligence sources.

Potti and Joyce said Google Threat Intelligence is powered by a "vast sensor array" that includes 4 billion devices and 1.5 billion email accounts with 100 million blocked phishing attempts per day.

The new service is also powered by Gemini, Google's multimodal artificial intelligence model, which the company said will operationalize threat intelligence faster and help security teams respond more quickly to threats.

"By combining our comprehensive view of the threat landscape with Gemini, we have supercharged the threat research processes, augmented defense capabilities, and reduced the time it takes to identify and protect against novel threats," the blog post read. "Customers now have the ability to condense large data sets in seconds, quickly analyze suspicious files, and simplify challenging manual threat intelligence tasks."

Potti and Joyce said Gemini 1.5 Pro can "dramatically simplify the technical and labor-intensive process of reverse engineering malware," claiming it was able to process the entire decompiled code of WannaCry and identify the killswitch in 34 seconds.

This latest offering is the latest piece of a constantly growing Google Cloud Security portfolio, which also includes Mandiant Consulting, Google Security Operations and more.

Katell Thielemann, an analyst at Gartner, told TechTarget Editorial that with this announcement, the picture of why Google acquired Mandiant is coming into focus.

"The combination of global telemetry at scale, expert knowledge, crowdsourced information, and AI should provide a formidable threat intelligence service for IT security teams," Theilemann said. "But it could also cut both ways, as attackers have historically used security tools to their advantage to learn about defenses and ways to get around them. It could also push attackers into technology areas further away from commoditized IT environments, such as cyber-physical systems in production environments, where these types of threat intelligence platforms will not work as well."

Mandiant Intelligence analyst John Hultquist told TechTarget Editorial at RSA that the recent security initiatives such as Google Threat Intelligence are fulfilling the potential of Google's acquisition of Mandiant.

"There is a tremendous amount of threat data that Google has visibility into from protecting users around the world 24/7. We're incredibly fortunate to be standing in the middle of all those rich sources of data and technology that we can use," he said. "We're just in a really powerful place to pull those pieces together and get a good view that we've never had before. And when you put AI right on top of that, it's an amazing mix."

Hultquist said he was also thinking about how to keep threat actors from utilizing Google Threat Intelligence and potentially misusing valuable security data.

"We definitely are thinking about who our customers are. That's 100% part of our process," he said. "I think about that all the time. It's really important for us to make sure that all this information is getting in the right hands."

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.

TechTarget Editorial security news director Rob Wright contributed to this report.