Google LLC announced a series of cloud security services today, adding to various existing protective services and complementing its longstanding efforts with its Chronicle platform along with broadening industry partnerships with its tools.

Last week, the company announced a set of best practices for protecting customers’ artificial intelligence models from hacking called the Secure AI Framework. The first evidence of this framework is with Google Cloud Security’s AI Workbench, which was announced in April. It is powered by Google’s Sec-PaLM2 large-language model and Vertex AI machine learning platform to provide threat intelligence.

The workbench’s real significance is the number of security vendors that have already been using it and incorporating it into their own product lines. They include Accenture PLC, Broadcom Inc., CrowdStrike Holdings Inc., Egnyte Inc., Exabeam Inc., F5 Inc., Fortinet Inc., Netskope Inc., Securiti Inc., SentinelOne Inc., Sysdig Inc., Tenable Holdings Inc. and Thales SA.

Underlying the workbench offerings are huge threat datasets that Google now owns (above), including VirusTotal malware analysis, Mandiant threat intelligence, Chronicle breach analytics and playbooks, and open-source collections. Glen Pendley, chief technology officer at Tenable, said AI Workbench is “the first large language model built by security experts for security customers. This initiative will change the way that our joint customers protect their organizations and get ahead of security risk and exposure.” And according to John Martin, chief product officer of Netskope, “Enterprise teams can encourage the responsible use of generative AI applications if they have the right controls in place.” 

Chronicle’s offerings have also been expanded. The collection of security operations and event management tools was announced four years ago when it was moved from an experimental product to become a fundamental part of Google Cloud’s security efforts.

First is Chronicle’s threat detection, investigation and response, or TDIR for short, for Google Cloud, which will be incorporated into the main Chronicle Security Operations service. According to Google, “defenders can now get one-click ingestion of relevant cloud telemetry in Chronicle, and can detect cloud threats based on what Google knows, without the need for expert rule engineering.”

The tool can visualize threat story lines, surface cloud attack methods and streamline workflows and responses. For example, it can identify when a cloud credential, such as encryption keys, has been compromised, flag the particular event visually and correlate this with other network traffic, and recommend automated response to remediate the problem.

Sunil Potti, vice president and general manager of cloud security at Google Cloud, told SiliconANGLE that “by using generative AI to help automate threat detection, we have systems secure themselves by generating security and compliance controls at runtime. We want to infuse AI into every security workflow of our tooling where possible.”

Security Command Center will now include attack path simulation, and will mimic attackers’ behavior to help defenders identify potential vulnerable resources. It will do this automatically, dynamically and continuously using attack path graphs, and eventually be tied to the AI Workbench to make its results more meaningful to defenders. For example, one beta customer was a bank that found a service account with expired encryption keys that had been manipulated by an attacker for inappropriate access.  

A third service is its Secure Web Proxy, a fully managed proxy which provides granular controls for web egress traffic inspection, protection against malware and other malicious activities, and better network control. This adds to Google’s Cloud Armor web application firewall features and has the advantage of being easy to setup and scale up automatically, without the need to install any agents across cloud instances. Early customers were able to replace less-capable and non-cloud-based proxies and improve protective features.

The announced follow on the heels of last week’s announcement of Google’s Cryptomining Protection Program. It offers up to $1 million in cloud cost credits to help cover the compute expenses associated with undetected cryptomining attacks. Google claims its detection operates in “near real-time” and its features are at no additional cost and benefits will be paid out provided customers follow a set of best practices. It works by scanning the virtual machines for malware and compromised identities.

These services are all available as part of the premium fee level of Security Command Center, which works with a complex usage-based pay-as-you-go pricing scheme, and also has both one-year and multiyear fixed-price subscriptions.

Images: geralt/Pixabay; Google