Google Cloud today previewed new AI-enhanced capabilities for its Chronicle and Mandiant offerings: Duet AI in Mandiant Threat Intelligence, Duet AI in Chronicle Security Operations, and Duet AI in Security Command Center. The preview was was part of a larger group of generative AI-related announcements made at the Google Cloud Next event.
Duet AI in Mandiant Threat Intelligence
Mandiant Threat Intelligence is built on one of the largest, if not the largest, knowledgebases of threat data including threat actor tactics, techniques, and procedures (TTPs); indicators of compromise (IoC), incident forensics, and threat actor identification processes. The volume of data can make it difficult for security teams to properly leverage and apply to their circumstances.
By adding Duet AI to the mix, Google Cloud claims Mandiant Threat Intelligence can help security teams summarize information in the knowledgebase, identify the information most relevant to a given situation, and create reports that speak more directly to a target audience–for example, executive stakeholders or security operations personnel. “Security teams can now quickly understand what Google reports about the adversary, how the latest threats may be targeting their organization, and how they can make threat intelligence actionable across their organization,” said Google Cloud Security VP/GM Sunil Potti in a blog post.
Duet AI in Chronicle Security Operations
Google Cloud first announced generative AI capabilities for Chronicle Security Operations at this year’s RSA conference. Those capabilities were focused on improving threat detection, investigation, and response by simplifying data analysis.
Duet AI in Chronicle Security Operations offers similar capabilities. Specifically, Google Cloud claims it automatically generate summaries about ongoing incidents, providing context and recommendations for remediation. Duet also allows defenders to enter natural language queries into Chronicle. Duet automatically translates them into Chronicle’s syntax, allowing lower-skilled personnel to be more effective.
Duet AI in Security Command Center
AI-enhanced attack path simulation capabilities for Security Command Center were also first introduced at RSA Conference 2023. Today’s announcement builds on that by using Duet AI to provide “near instant” analyses of attacks and identify possible attack paths. “By reducing toil through summarizing threat criticality, implications, and recommended remediations, Duet AI in Security Command Center can help ensure they do not overlook critical findings,” Potti said.
