Google unveils new Gemini-powered security updates to Chronicle and Workspace

At Google Cloud Next '24, Google said it's using natural language to make detecting and responding to threats easier for security teams.
Written by Radhika Rajkumar, Editor
A screenshot of a Google demo of new AI-powered updates to security

A Gemini for Security demo running in Chronicle.

Screenshot by Radhika Rajkumar/ZDNET

The rise of generative AI means cyber attacks are becoming more common -- and more sophisticated. Data breaches increased by 20% between 2022 and 2023, one study found. But GenAI could also be the key to staying ahead of threats. 

Also: The new Google search powered by next-gen AI may be subscription-only

At Google Cloud Next '24 on Tuesday, Google announced new AI-powered innovations across its security offerings that promise to improve threat detection, deepen insights, and specify solutions. Built into Google's SecLM API, both tools use Gemini, the company's recently rebranded AI chatbot, to support security teams and increase productivity. 

Gemini in Threat Intelligence 

Gemini now uses conversational search to access Mandiant, Google's threat data compilation service, for insights about bad actor behavior. Google hopes security teams can use Gemini to clock what suspicious activity looks like more precisely, making it quicker to catch threats.

The feature also makes threat research more efficient by "automating web crawling for relevant Open-Source Intelligence (OSINT) articles, ingesting information and providing concise summaries to aid analysts," according to a Google blog post. As with most current applications of AI, Gemini in Security is intended to let security analysts focus on advanced threats by making baseline defense efforts more productive.

Also: Google is deleting millions of users' search data from Incognito mode. Here's why it matters

According to the company, Gemini allows security teams to analyze bigger samples of code for evidence of potentially malicious activity. "Gemini's larger context window allows for analysis of the interactions between modules, providing new insight into code's true intent," Google said. The feature is currently in public preview.

Querying Chronicle with Gemini

Querying with Gemini

Screenshot by Radhika Rajkumar/ZDNET

Gemini in Security Operations

After making Duet AI in Security Operations generally available in December 2023, Google is now adding Gemini in Security Operations to Chronicle, the company's security ops platform. The feature uses natural language to summarize insights, which can support security teams' ability to detect and respond to threats and make Chronicle more accessible.

Also: Google's latest project could help protect you against cookie theft

The update comes with a new assisted investigation feature that "converts natural language to new detections, summarizes event data, recommends actions it takes, and navigates users through the platform via conversational chat," according to Google. Gemini in Security Operations will be generally available at the end of April 2024. 

Both Gemini updates are intended to help users build better security-specific data agents. 

Insights from Gemini for Security displayed in Chronicle

Insights from Gemini for Security.

Screenshot by Radhika Rajkumar/ZDNET

Workspace and Gmail Improvements

Google also announced an add-on for Workspace that lets IT teams classify and protect sensitive material with AI models and data loss prevention (DLP) controls trained on their organization's data. Workspace admins can automatically protect files company-wide and will be able to continuously evaluate existing and new Drive files for all employees. 

By training models on a company's unique data, the add-on further personalizes privacy efforts, and could help teams better anticipate security needs. At $10 per month per user, the add-on is available for most Workspace plans; Google did not clarify who that refers to.

Also: 61% of firms worry they are unprepared for security risks in quantum era

Google shared in its announcement that Gmail and Workspace were built with a zero-trust security approach in mind. In this vein, the company is rolling out extended DLP controls and classification labels to Gmail (in beta as of now). The company claims Gmail already stops "more than 99.9% of spam, phishing attempts, and malware from reaching your inbox," and that LLMs will now allow them to block 20% more questionable material.

The upgrade will also help Google "evaluate 1,000 times more user-reported spam in Gmail every day," according to the company.  

Experts say that quantum computing is one day coming for our current encryption methods. To account for quantum computer attacks, Google also announced it's adding "experimental support for post-quantum cryptography (PQC) in client-side encryption" via third-party partners Thales and Fortanix.

Editorial standards