Google Cloud Unveils Threat Intelligence Offering: 5 Things To Know

Launched at RSAC 2024, the new Google Threat Intelligence offering provides faster protection against threats by combining insights from Mandiant, VirusTotal and Google with GenAI-powered capabilities, the company says.

Google Cloud announced a new cybersecurity offering Monday that represents a major advancement by making threat intelligence more automated and “more actionable,” an executive told CRN.

Unveiled in connection with RSA Conference 2024, the new Google Threat Intelligence offering provides faster protection against threats along with a simplified user experience for security professionals, said Eric Doerr, vice president of engineering for Google Cloud Security.

“We think it's going to make a really big difference in how security organizations are equipped to defend themselves,” he said.

Google Threat Intelligence stands out in the crowded threat intel space by combining insights from three massive data sources — Mandiant, VirusTotal and Google — with new GenAI-powered capabilities, according to Doerr.

What follows are five things to know about the new Google Threat Intelligence offering unveiled Monday at RSAC 2024.

Unified Offering

The newly unified threat intelligence offering has been made possible through the integration of capabilities from multiple sources within Google Cloud, the company said.

Those include Mandiant, a well-known incident response and threat intel firm that Google acquired in 2022, which performs more than 1,100 cyber incident investigations every year, according to Google Cloud. The new offering also leverages VirusTotal, a crowdsourced malware database that Google has owned for more than a decade, which has more than 1 million users.

And of course, the new Threat Intelligence offering taps into data belonging to Google itself, including from the 1.5 billion Gmail accounts and 4 billion devices protected by the company.

By combining and analyzing these three massive data sources, Google Threat Intelligence can provide a dramatic improvement in threat correlation, Doerr said.

While each source offers major insights on its own, “when you add them together, they're even more valuable. The correlation of [the sources] makes it more actionable,” he told CRN. “Sometimes you'll see threats that you couldn't see without the triangulation across these data points.”

AI Acceleration

A major advantage of the new Google Threat Intelligence offering is to provide accelerated insights for security professionals through the use of generative AI, according to Google Cloud.

Specifically, the offering uses Google’s Gemini AI technology, including the Gemini 1.5 Pro service that launched in April. Using Gemini allows security professionals to rapidly condense and analyze massive data sets, along with providing the ability to extract open-source intelligence from the web, Google Cloud said.

Google Threat Intelligence enables security teams to “distill more than a decade of threat reports to produce comprehensive, custom summaries in seconds,” the company said in a blog post.

Gemini, meanwhile, is now generally available as part of security offerings that include Google Threat Intelligence and Google Security Operations, according to the company.

Pinpointing The Threat

Ultimately, the new Google Threat Intelligence offering provides “more data, more visibility, more automation,” Doerr said.

“[It’s] automated to the point of actually telling you whether or not you have a problem — and actually helping you contain that problem,” he said. “So it's really getting all the pieces of the puzzle together.”

SecOps Platform

Google Threat Intelligence can be licensed as a standalone offering, Doerr said, though it’s also “deeply integrated” into the Google Security Operations platform (formerly Google Chronicle Security Operations).

As part of Google SecOps, the new Google Threat Intelligence offering will enable use cases such as automated threat hunting — “where we see a new threat [that’s] present in your environment, and we flag that for you. You don't have to do anything,” he said. “That kind of thing is really magic.”

Team Integration

Google Cloud had previously rolled out a wide array of new products and capabilities leveraging its acquisition of Mandiant since the closing of the $5.4 billion deal in September 2022. But the debut of Google Threat Intelligence is one of the most ambitious offerings bringing together data and expertise from Mandiant and Google.

The offering is made possible by the fact that the respective threat intelligence teams at Google and Mandiant have now been fully integrated, Doerr said. “Now we’ve integrated those processes and tools,” he said.

After a major acquisition such as that one, “it takes time to really learn, ‘What does this team have? What capabilities do they have? What tools do they have?” Doerr said.

Once that understanding was gained, it became “really clear that if we put these pieces together in a new way, we can actually do stuff we've never been able to independently do before,” he said. “This vision of Google Threat Intelligence really came out of that process.”