Empowering Google security and networking solutions with AI

In this Help Net Security interview, Sunil Potti, GM and VP of Cloud Security at Google Cloud, talks about how new security and networking solutions powered by AI help improve security so Google customers can address their most pressing security challenges and remain ahead of an ever changing threat landscape.

AI plays a significant role in Google Cloud’s recently announced new security and networking solutions. Can you share more about how Google’s Security AI Framework has been deployed in these products?

Over the years at Google, we’ve embraced an open and collaborative approach to cybersecurity. Our approach to securing AI systems is no different. Recently, we announced our Security AI Framework, or SAIF. The framework is inspired by the security best practices Google has applied to software development, while incorporating our understanding of security mega-trends and risks specific to AI systems.

We’re already doing a number of things to put SAIF into action, including building industry support; working directly with organizations, including customers and governments to help them understand how to assess AI security risks and mitigate them; sharing insights from Google’s leading threat intelligence teams like Mandiant and TAG on cyber activity involving AI systems; expanding our bug hunters programs to reward and incentivize research around AI safety and security; and continuing to deliver secure AI offerings with partners like GitLab and Cohesity.

As we advance SAIF and announce new security and networking solutions, we’ll continue to share research and explore methods that help to utilize AI securely. Our new products are a continuance of our commitment to delivering secure AI offerings and developing new capabilities to help our customers build secure systems.

Security AI Workbench allows partner plug-ins. How does this openness to third-party integration enhance the functionality and effectiveness of the platform?

By harnessing the power of AI and leveraging the scalability of Google Cloud technology, we not only enhance our own security tools, but also empower the industry as a whole. To achieve this, Google Cloud embraces third party integration to its security partners who share our vision of utilizing generative AI capabilities to effectively tackle enterprise security challenges. The integration of partner plug-ins through our Security AI Workbench facilitates the incorporation of supplementary threat intelligence, workflow enhancements, and other essential security capabilities for enterprises.

The update to Chronicle provides a range of new capabilities. Can you tell us more about how Google’s threat researchers developed the detection rule sets and how they help identify potential threats?

Google keeps more people safe online than anyone else. Part of the “magic” behind Google’s security is the sheer scale of threat intelligence we are able to derive from our billions of users, browsers, and devices. This level of intelligence into the ongoing threat landscape and the threats that matter most is now in the hands of our customers. Developed by Google threat researchers, the out-of-the-box detection rules in Chronicle surface cloud attack vectors and provide high fidelity, contextualized alerts that give quick insight into potential threats in an organization’s Google Cloud environment.

The concept of “seeing what attackers can see” sounds particularly interesting. Can you elaborate on how this aspect of the Security Command Center improves an organization’s security posture?

Google Cloud’s addition of attack path simulation to Security Command Center Premium offers defenders the opportunity to gain valuable insights into their critical resources and identify vulnerabilities by mimicking how a real-world attacker could exploit security gaps to access high-value assets. Using attack path simulation, security teams can better pinpoint where and how they may be attacked so they can implement the right preventative security controls.

Unlike other attack path tools that analyze static, point-in-time snapshots of an organization’s cloud footprint, Security Command Center continuously assesses Google Cloud resources and the current state of defenses to reduce coverage gaps and help prioritize security remediation efforts. Our product roadmap includes leveraging our Security AI Workbench to translate complex attack graphs to human-readable explanations of attack exposure, including impacted assets and recommended mitigations.

Can you explain how Cloud Secure Web Proxy integrates with Cloud Logging? What key insights can this provide to organizations about their network traffic?

By integrating Cloud Secure Web Proxy with Cloud Logging, organizations are able to record metrics and transaction logs for requests handled by the proxy. The proxy identifies traffic that doesn’t conform to policy and logs it to Cloud Logging, allowing organizations to monitor internet usage, discover and disrupt threats on their network by spotting command and control (C2C) traffic or anomalous data transfers.

In the long run, how does Google plan to evolve these products to ensure they continue to meet changing cybersecurity threats and trends?

As mentioned above, Google keeps more people safe online than anyone else in part due to the sheer scale of threat intelligence we are able to derive from our billions of users, browsers, and devices. This insight combined with VirusTotal and Mandiant’s frontline intelligence on vulnerabilities, malware, threat indicators, and behavioral threat actor profiles will be continuously funneled into our products to help our customers remain ahead of an ever changing threat landscape.

Can you share any success stories or case studies of early adopters?

Several preview customers have already validated the benefits of implementing Cloud Secure Web Proxy (SWP). I’ve included their testimonials below –

“Google’s Secure Web Proxy is a powerful tool that can help businesses of all sizes protect their cloud workloads from online threats. By using the granular policy controls and TLS inspection, we are ensuring that our cloud applications only access approved external destinations. Additionally we are able to comply with data security regulations,” said David Saleh, director, Cloud Architecture and Application Security, ATB Financial.

“Secure Web Proxy has helped us to improve our security in Google Cloud. We are now able to filter outbound HTTP and HTTPS traffic from our applications. In addition, having a native solution will allow us to replace the VM-based solution we currently have, providing us with cost savings and continuing to deliver on our strategy of replacing products with cloud native services,” said Roberto Vega, cloud analyst, Carrefour.

Further, NordNet AB, a pan-Nordic digital platform for savings and investments, has leveraged our new attack path simulations to pinpoint and mitigate cloud security risks.