Google Cloud’s Sec-PaLM Generative AI Model Bolsters Cybersecurity

Highlights:

• Sec-PaLM is a generative AI model which powers a new offering known as Google Cloud Security AI Workbench. It integrates the company’s unique visibility into the evolving threat landscape over the years and is optimized for cybersecurity operations.
• Sec-PaLM has thwarted hundreds of the most modern cybersecurity threats and uses this knowledge to prevent similar attacks from prospering elsewhere.

Google Cloud announced that it plans to revolutionize its cybersecurity operations with the help of a large language model known as Sec-PaLM.

Sec-PaLM is a generative artificial intelligence model which powers a new offering known as Google Cloud Security AI Workbench. It integrates the company’s unique visibility into the evolving threat landscape over the years and is optimized for cybersecurity operations. The model was announced at the RSA Conference 2023, that took place this week in San Francisco.

Eric Doerr, Vice President of engineering for Google Cloud Security, explained in an interview with a leading media house that Security AI Workbench is made to address enterprise challenges involving threat saturation, “toilsome” tools, and a widening talent divide. He remarked that security teams struggle to keep up with the growing number of threats and the daily toil of ensuring that systems are secure, which requires much manual labor. They are hindered by the inability of many organizations to recruit the experienced personnel needed to overcome these obstacles.

Sec-PaLM has thwarted hundreds of the most modern cybersecurity threats and uses this knowledge to prevent similar attacks from prospering elsewhere. Google claims that it integrates “world-class threat intelligence” with advanced incident analysis to avoid malware infections. “The language of security may be complex, but it doesn’t change every day,” Doerr said.

To combat the growing number of threats, Google Cloud Security AI Workbench grants access to various tools to the teams. They include VirusTotal Code Insight, which employs Sec-PaLM to analyze and explain the behavior of potentially malicious scripts and identities that could pose a risk. “It can identify malicious code and understand what it is doing, even if it has never seen it before,” Doerr said.

Mandiant Breach Analytics for Chronicle is founded on years of threat intelligence accumulated by Google’s Mandiant team and can automatically notify customers of ongoing, active security intrusions. It depends on Sec-PaLM to contextualize and respond expeditiously to such attacks.

An abundance of automation predominantly alleviates the daily burdens faced by security teams. Assured OSS is a new service that enables organizations to use the same open-source software packages that Google employs in its developer workflows, thereby reducing the risk of vulnerabilities for application developers. With Mandiant Threat Intelligence AI, a new tool that leverages Sec-PaLM to identify, summarize, and counteract the most pertinent threats, threat-hunting tasks are simplified.

Additionally, the Google Cloud Security AI Workbench addresses the talent scarcity faced by security teams. Using natural language queries, Chronicle AI assists non-security personnel such as developers and system administrators in addressing threats and risks. These users can search for billions of previously happened security events conversationally, ask follow-up inquiries, and generate detections without knowing complex syntax or schema. Doerr stated, “We can create the query you’ll probably want, even if you’re not an expert.”

The Security Command Center AI translates complex attack graphs into human-readable explanations that reveal how specific applications and systems are susceptible to common security threats. It identifies the severity of these hazards and generates recommendations for how users can mitigate them.

Doerr explained, “It takes each attack path and sees if it’s actually an exploitable path. Generative AI can look at it and analyze what’s going on with that attack path, and suggest things to do immediately.”

One of its most intriguing features is Google’s promise that Sec-PaLM will become more intelligent over time. According to Google, customers can make their private data accessible to the platform while fulfilling compliance requirements. This will allow the platform to learn on the job as it identifies new threats and challenges its security teams face.

Google stated that Security AI Workbench’s capabilities will be progressively rolled out over the summer, with VirusTotal Code Insight available for preview now and additional features to be released soon.