Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.
In just a short time, the work environment has been transformed: Today, the browser is the place to be.
Communication, collaboration, authentication, administration and coding are just a few activities that take place in the browser — essentially making it the new security endpoint.
To help organizations protect those critical access points, Google Cloud is today introducing Chrome Enterprise Premium, which brings security capabilities including zero trust, access policy controls and security reporting into its popular web browser.
The new platform is being unveiled today at Google Cloud Next, along with a multitude of other security news, including the incorporation of its new Gemini chatbot into several cybersecurity functions.
VB Event
The AI Impact Tour – Atlanta
Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
“Endpoint security is growing more challenging due to remote work, reliance on an extended workforce and the proliferation of new devices that aren’t part of an organization’s managed fleet,” said Parisa Tabriz, VP for Chrome at Google. “As these trends continue to accelerate and converge, it’s clear that the browser is a natural enforcement point for endpoint security in the modern enterprise.”
Google Gemini in security workflows and threat intelligence
Organizations must protect people, data and other important assets. But, existing tools can often struggle to address “the escalating velocity, breadth, and intricacy of modern cyberattacks,” asserts Sunil Potti, GM and VP of cloud security at Google Cloud. Instead, organizations need a convergence of capabilities that simplify, streamline and boost efficiency and effectiveness.
Google aims to provide this with its unveiling today of Gemini in Security Operations, Gemini in Threat Intelligence and Gemini in Security Command Center.
Gemini in Security Operations will offer a new assisted investigation capability in Chronicle Enterprise and Chronicle Enterprise Plus that will make recommendations based on investigation context, run searches and create detection rules. It will be generally available at the end of April.
“The goal here is to elevate the skills of our security teams, boosting their productivity, allowing them to more easily detect, investigate and respond to threats,” Brad Calder, VP/GM for Google Cloud platform and technical infrastructure, said in a press pre-briefing.
Gemini in Threat Intelligence will offer a conversational search across Mandiant’s repository of threat intelligence from frontline investigations. Analysts can ask questions about indicators of compromise, for instance, and the system will navigate them to relevant pages.
Google Cloud is also incorporating threat intel from VirusTotal, which will automatically ingest reports from the OSINT framework. Gemini will then summarize these into the platform.
“This provides the threat intel needed for a SecOps investigation and remediation so that you have all the information in a single place to perform that investigation,” Calder explained.
Finally, preview features through Gemini in Security Command Center allow security teams to search for threats and events through natural language. The system can also provide summaries of critical- and high-priority misconfiguration and vulnerability alerts and can summarize attack paths to help defenders understand cloud risks that need to be remediated.
Multinational conglomerate 3M is already using Gemini to identify what applies to them from a cybersecurity standpoint, Calder said. Meanwhile, engineers at Fiserv are creating detections and playbooks, and the company’s security analysts are more quickly getting to answers with intelligent summarization and natural language search.
“This is critical as SOC teams continue to manage increasing data volumes and need to detect, validate and respond to events faster,” said Ronald Smalley, Fiserv’s SVP of cybersecurity operations.
The browser is the new endpoint
According to Gartner, by 2030, enterprise browsers will be the “core platform for delivering workforce productivity and security software on managed and unmanaged devices for a seamless hybrid work experience.”
With this comes new security risks, which Chrome Enterprise Premium aims to address. The new offering includes:
- Enterprise controls to enforce policies and manage software updates and extensions to ensure compliance and align with enterprise policies;
- Event reporting, device reporting and forensic capabilities that can integrate with other Google and third-party tools;
- Context-aware access controls that can help enforce zero trust in SaaS and web-based apps and help mitigate data exfiltration risks for sanctioned and unsanctioned apps;
- Threat and data protection that provides content inspection and data loss prevention, anti-malware and anti-phishing using frontline intelligence and AI, URL filtering and site categorization.
The enterprise browser is already in use by the likes of Snap, Inc., which saw a 50% reduction in content transfers after setting up data loss prevention restrictions and warnings for sharing sensitive information.
Tim Ehrhart, domain head for information security at Roche, applauded Google Project Zero for its “cutting-edge security research and fast security patches.” Once turning on Google Enterprise Premium, “we were able to identify and stop an attempt to exfiltrate a large amount of corporate information within hours,” he said.
Google Cloud aims to secure the enterprise
Google Cloud is making a slew of other announcements (both security and non-security related) at its conference this week. Some of these include:
- The new privileged access manager (PAM), now in preview, which helps organizations move to on-demand access with just-in-time, time-bound, and approval-based access elevations.
- Preview of the new principal access boundary (PAB), which helps security administrators enforce restrictions on IAM principals so that they can only access authorized resources within a specific defined boundary.
- New capabilities in Gemini Cloud Assist, in preview, including identity access management (IAM) recommendations, encryption key insights and confidential computing insights.
- Preview of Mandiant Hunt for Security Command Center Enterprise, which makes on-call hundreds of elite-level analysts and researchers.
- The general availability of Security Command Center Enterprise, which offers security teams a single view of their posture controls, active threats, cloud identities and data.
- The general availability of cloud next generation firewall (NGFW), which includes threat protection powered by Palo Alto Networks.
- Preview of key management with Autokey, which helps simplify the creation and management of customer encryption keys (CMEK).