The rapidly evolving world of Generative AI (GenAI) presents new opportunities and challenges for organizations from a security perspective.
AI can bolster security by identifying—and responding to—new threats in near real time. The challenge is that cyber attackers also have access to the same technology and they’re using GenAI to quickly develop new, targeted, sophisticated attacks.
At the same time, it’s also challenging for IT teams to integrate AI into their current workflows and develop the necessary skill sets to manage it. There’s also a risk of becoming over-reliant on automation for cybersecurity.
A majority of security professionals (63%) believe in AI’s potential to enhance security measures, according to the State of AI and Security Survey Report from the Cloud Security Alliance (CSA), sponsored by Google. Such measures include improving threat detection and response.
“However, there’s a keen awareness of the potential nefarious use of AI, as evidenced by the divided opinion: 34% see AI [as] more beneficial for security teams, while 31% view it as equally advantageous for both protectors and attackers,” says the report.
The report also uncovered apprehension about the use of AI when it comes to security, such as lack of data quality, which could lead to unintended bias (38%), and skills and expertise gaps for managing complex AI systems.
With the new and evolving security threats presented by GenAI, Google Cloud is introducing AI-powered capabilities across its security portfolio, designed to help security teams deal with increasing threats, repetitive (and time-consuming) manual work and the ongoing IT talent shortage.
Gemini is Google’s family of large language models. Gemini in Security Operations and Gemini in Threat Intelligence are designed to provide actionable visibility into the latest threats, with capabilities such as multi-step reasoning, extensions, and grounding databases to respond to user prompts.
These capabilities are helping to address a major concern of cybersecurity professionals: According to the CSA report, most IT pros “acknowledge that there are challenges in threat investigation and response, with only 12% reporting no difficulty with this task in their organization. This sets the stage for AI’s role as an empowerment tool.”
Gemini has three key capabilities for boosting security in Google Cloud:
Reduce manual work: Gemini in Security Operations can help to reduce repetitive manual tasks, such as managing multiple environments and investigating incidents. Cybersecurity practitioners can use natural language to generate queries and interact with security event data, and Gemini will offer recommendations and aid in remediation.
Detect and contain threats: Gemini in Threat Intelligence uses AI to deliver detailed, timely threat intelligence about threat actor behavior to security teams around the world. It also includes Code Insight, which analyzes the behavior of potentially malicious code without the need for reverse-engineering.
Simplify security: AI-assistive features can help security teams proactively mitigate risk. For example, Gemini in Security Command Center will summarize high-priority alerts for vulnerabilities and recommend mitigations.
The CSA report found that while there’s optimism about AI’s role in enhancing security, there’s also recognition of its challenges.
“This calls for evolving security strategies, rigorous data handling, transparent AI models, and continuous vigilance in updating security protocols to stay ahead in the fast-evolving, AI-driven cybersecurity landscape,” says the report.
While GenAI features baked into Google Cloud provide a host of new capabilities, it can also be overwhelming to figure out how to take advantage of these capabilities—and to ensure you’re not opening up the organization to further vulnerabilities through the use of AI.
At Pythian, our cloud security consulting services can help you ensure your security controls are working reliably. Our Security Posture Analysis—powered by our deep technical expertise and implementation skills across the widest array of cloud platforms, workloads, and use cases—identifies security risks and provides prioritized and actionable recommendations.
With our Security Implementation Assessment, our engineers will conduct a detailed analysis of a specific workload to understand the unique threat profile of different applications, platforms, and integrations. Once you receive our list of recommendations, you can choose to address those issues in-house or we can provide services to help you implement the appropriate remedial measures.
Want to shore up your security with Gemini in Google Cloud and Pythian expertise? Contact us info@pythian.com.