Google Cloud today previewed new AI-enhanced capabilities for its Chronicle and Mandiant offerings: Duet AI in Mandiant Threat Intelligence, Duet AI in Chronicle Security Operations, and Duet AI in Security Command Center. The preview was was part of a larger group of generative AI-related announcements made at the Google Cloud Next event.
Duet AI in Mandiant Threat Intelligence
Mandiant Threat Intelligence is built on one of the largest, if not the largest, knowledgebases of threat data including threat actor tactics, techniques, and procedures (TTPs); indicators of compromise (IoC), incident forensics, and threat actor identification processes. The volume of data can make it difficult for security teams to properly leverage and apply to their circumstances.
By adding Duet AI to the mix, Google Cloud claims Mandiant Threat Intelligence can help security teams summarize information in the knowledgebase, identify the information most relevant to a given situation, and create reports that speak more directly to a target audience–for example, executive stakeholders or security operations personnel. “Security teams can now quickly understand what Google reports about the adversary, how the latest threats may be targeting their organization, and how they can make threat intelligence actionable across their organization,” said Google Cloud Security VP/GM Sunil Potti in a blog post.
Duet AI in Chronicle Security Operations
Google Cloud first announced generative AI capabilities for Chronicle Security Operations at this year’s RSA conference. Those capabilities were focused on improving threat detection, investigation, and response by simplifying data analysis.
Duet AI in Chronicle Security Operations offers similar capabilities. Specifically, Google Cloud claims it automatically generate summaries about ongoing incidents, providing context and recommendations for remediation. Duet also allows defenders to enter natural language queries into Chronicle. Duet automatically translates them into Chronicle’s syntax, allowing lower-skilled personnel to be more effective.
Duet AI in Security Command Center
AI-enhanced attack path simulation capabilities for Security Command Center were also first introduced at RSA Conference 2023. Today’s announcement builds on that by using Duet AI to provide “near instant” analyses of attacks and identify possible attack paths. “By reducing toil through summarizing threat criticality, implications, and recommended remediations, Duet AI in Security Command Center can help ensure they do not overlook critical findings,” Potti said.
Real human threat intelligence
Google Cloud also announced a new service that isn’t AI-enhanced: Mandiant Hunt for Chronicle. It provides Mandiant personnel to do threat hunting on top of Chronicle environment, and is intended to augment in-house security teams. “[Mandiant Hunt] integrates the latest insights into attacker behavior from Mandiant’s frontline experts with Chronicle Security Operations’ powerful ability to quickly analyze and search security data,” Potti said. “Mandiant Hunt for Chronicle can help organizations close the skills gap and gain elite-level support without the burden of hiring, tooling, and training.” Mandiant Hunt is currently in preview.
Generative AI, Risk Management, Security Operations Center, Threat and Vulnerability Management