Source URL: https://cloud.google.com/blog/products/identity-security/driving-secure-innovation-with-ai-google-unified-security-next25/
Source: Cloud Blog
Title: Driving secure innovation with AI and Google Unified Security
Feedly Summary: Today at Google Cloud Next, we are announcing Google Unified Security, new security agents, and innovations across our security portfolio designed to deliver stronger security outcomes and enable every organization to make Google a part of their security team.
Introducing Google Unified Security
Enterprise infrastructure continues to grow in size and complexity, expanding the attack surface, and making defenders’ jobs increasingly difficult. Separate, disconnected security tools result in fragmented data without relevant context, leaving organizations vulnerable and reactive in the face of escalating threats. Security teams operate in silos, slowed by toilsome workflows, making it hard to accurately assess and improve the organization’s overall risk profile.
To address this challenge, we are bringing together our best-in-class security products for threat intelligence, security operations, cloud security, and secure enterprise browsing, along with Mandiant expertise, into a converged security solution powered by AI: Google Unified Security.
Now generally available, Google Unified Security lays the foundation for superior security outcomes. It creates a single, scalable, searchable security data fabric across the entire attack surface. It provides visibility, and detection and response capabilities, across networks, endpoints, clouds, and apps. It automatically enriches security data with the latest Google Threat intelligence for more effective detection and prioritization. Crucially, Google Unified Security makes every aspect of the practitioner experience more efficient with Gemini.
“Google Unified Security represents a step forward in achieving better security outcomes with the integration of browser behavior, managed threat hunting, and security validation to strategically eliminate coverage gaps and simplify security management and threat detection and response. This approach offers organizations a more holistic and streamlined defense against today’s complex threat landscape," said Michelle Abraham, senior research director, Security and Trust, IDC.
At the heart of Google Unified Security’s capabilities lie its integrated product experiences, exemplified by:
Browser telemetry and asset context from Chrome Enterprise integrated into Google Security Operations to power threat detections and remediation actions.
Google Threat Intelligence integrated with security validation to proactively understand exposures and test security controls against the latest observed threat actor activity.
Cloud risks and exposures from Security Command Center, including those impacting AI workloads, enriched with integrated Google Threat Intelligence to more effectively threat hunt and triage incidents.
Infused with new semi-autonomous AI capabilities, these integrated products provide preemptive security, enabling organizations to anticipate threats and remediate risks before attackers can act to cause business damage or loss.
“I see Google and its security suite as one of the top partnerships that I have within my organization. The value they bring, the expertise and the knowledge, the willingness to play with us to explore new opportunities and to look at new areas — it makes them a true partner and someone that we’re very happy to be working together with,” said Craig McEwen, deputy CISO, Unilever.
“Accenture and Google Cloud partner to help clients achieve the cyber resilience their businesses need to stay ahead of today’s threats. By integrating advanced threat intelligence, comprehensive visibility and AI assistance, we can help organizations shift from reactive to proactive and agile responses,” said Paolo Dal Cin, global lead, Accenture Security. “This unified approach, powered by Google Unified Security, can help us deliver a new standard of cyber resilience with greater scale, speed and effectiveness.”
“Deloitte Cyber and Google Cloud are working closely together to secure the modern enterprise – which includes using the leading capabilities from both Deloitte and Google to protect data, users, and applications. Google Unified Security brings together a centralized data fabric, integrated threat intelligence, unified SOC and cloud workflows, and agentic AI automation — creating a powerful platform to drive our clients’ security transformation," said Adnan Amjad, principal, U.S. cyber leader, Deloitte & Touche LLP.
Security agents and Gemini
Agentic AI is powering a fundamental shift in how security operations are conducted. Our vision is a future where intelligent agents work alongside human analysts, offloading routine tasks, augmenting their decision-making, and freeing them to focus on complex issues. Today we’re introducing the following new Gemini in Security agents:
In Google Security Operations, an alert triage agent performs dynamic investigations on behalf of users. Expected to preview for select customers in Q2 2025, this agent analyzes the context of each alert, gathers relevant information, and renders a verdict on the alert, along with a history of the agent’s evidence and decision making. This always-on investigation agent will vastly reduce the manual workload of Tier 1 and Tier 2 analysts who otherwise are triaging and investigating hundreds of alerts per day.
In Google Threat Intelligence, a malware analysis agent investigates whether code is safe or harmful. Expected to preview for select customers in Q2 2025, this agent analyzes potentially malicious code, including the ability to create and execute scripts for deobfuscation. Ultimately, the agent summarizes its work and provides a final verdict.
These agentic AI advancements aim to deliver faster detection and response, with complete visibility and streamlined workflows. They represent a catalyst for security teams to reduce toil, build true cyber-resilience, and drive strategic program transformation.
What’s new in Google Security Operations
New data pipeline management capabilities, now generally available, can help customers better manage scale, reduce costs, and satisfy compliance mandates. Expanding our partnership with Bindplane, you can now transform and prepare data for downstream use; route data to different destinations and multiple tenants to manage scale; filter data to control volume; and redact sensitive data for compliance.
The new Mandiant Threat Defense service for Google Security Operations, now generally available, provides comprehensive active threat detection, hunting, and response. Mandiant experts work alongside customer security teams, using AI-assisted threat hunting techniques to identify and respond to threats, conduct investigations, and scale response through security operations SOAR playbooks, effectively extending customer security teams.
What’s new in Security Command Center
We recently announced AI Protection capabilities for managing risk across the AI lifecycle for Google Cloud customers. AI Protection helps discover AI inventory, secure AI models and data, and detect and respond to threats targeting AI systems.
Model Armor, which is generally available and part of AI Protection, allows you to apply content safety and security controls to prompts and responses for a broad range of models across multiple clouds. Model Armor is now integrated directly with Vertex AI so developers can automatically route prompts and responses for protection without any changes to applications.
New Data Security Posture Management (DSPM) capabilities, coming to preview in June, can enable discovery, security, governance, and monitoring of sensitive data including AI training data. DSPM can help discover and classify sensitive data, apply data security and compliance controls, monitor for violations, and enforce access, flow, retention, and protection directly in Google Cloud data analytics and AI products.
A new Compliance Manager, launching in preview at the end of June, will combine policy definition, control configuration, enforcement, monitoring, and audit into a unified workflow. It builds on the configuration of infrastructure controls delivered using Assured Workloads, providing Google Cloud customers with an end-to-end view of their compliance state, making it easier to monitor, report, and prove compliance to auditors with Audit Manager.
Other Security Command Center enhancements include:
Integration with Snyk’s developer security platform, in preview, to help teams find and fix software vulnerabilities faster.
New Security Risk dashboards for Google Compute Engine and Google Kubernetes Engine, generally available, which deliver insights into top security findings, vulnerabilities, and open issues directly in the product consoles.
We are also expanding our Risk Protection Program, which provides discounted cyber-insurance coverage based on cloud security posture. We’re thrilled to welcome Beazley and Chubb, two of the world’s largest cyber-insurers, as new program partners to expand customer choice and broaden international coverage.
As part of the program, our partners provide affirmative AI insurance coverage, exclusively for Google Cloud customers and workloads. Chubb will also offer coverage for risks resulting from quantum exploits, proactively helping to address the risk of quantum computing attacks.
What’s new in Chrome Enterprise
New employee phishing protections in Chrome Enterprise Premium use Google Safe Browsing data to help protect employees against lookalike sites and portals attempting to capture credentials. Organizations can now configure and add their own branding and corporate assets to help identify phishing attempts disguised on internal domains.
Organizations continue to benefit from the simple and effective data protections in Chrome. In addition to watermarking and screenshot blocking, and controls for copy, paste, upload, download, and printing, Chrome Enterprise Premium data masking is now generally available. We’re also extending key enterprise browsing protections to Android, including copy and paste controls, and URL filtering.
What’s new in Mandiant Cybersecurity Consulting
The Mandiant Retainer provides on-demand access to Mandiant experts with pre-negotiated terms and two-hour incident response times. Customers now have additional flexibility to redeem pre-paid funds for investigations, education, and intelligence to boost their expertise and resilience.
Mandiant Consulting is also partnering with Rubrik and Cohesity to create a solution to minimize downtime and recovery costs after a cyberattack. Together, Mandiant consultants and our data backup and recovery partners can help customers establish, test, and validate a cloud-isolated recovery environment (CIRE) for critical applications on Google Cloud, and deliver incident response services in the event of a compromise.
What’s new for Trusted Cloud
We continue regular delivery of new security controls and capabilities on our cloud platform to help organizations meet evolving policy, compliance, and business objectives. Today we’re announcing the following updates:
For Sovereign Cloud:
Google Cloud has brought to market the industry’s broadest portfolio of sovereign cloud solutions, providing customers with choice to meet the unique and evolving requirements for data, operational, and software sovereignty. Google Cloud offers Regional and Sovereign Controls across 32 regions in 14 countries. We also offer Google Cloud Sovereign AI services in our public cloud, sovereign cloud, and distributed clouds, as well as with Google Workspace.
We’ve partnered with Thales to launch the S3NS Trusted Cloud, now in preview, designed to meet France’s highest level of cloud certification, the SecNumCloud standard, defined by the National Cyber Agency. It is the first sovereign cloud offering based on Google Cloud platform, that is in this case operated, majority-owned and fully controlled by a European organization.
For Identity and Access Management:
Unified access policies, coming to preview in Q2, create a single definition for IAM allow and IAM deny policies, enabling you to more consistently apply fine grained access controls.
Managed Workload Identities, now available in preview, lets you provision Secure Production Identity Framework For Everyone (SPIFFE)-based identities for workload to workload authentication using mutual TLS (mTLS). Workload Identity Federation with X.509 certificates is now generally available, allowing you to further strengthen your workload authentication.
For data security:
We’re also expanding our Confidential Computing offerings. Confidential GKE Nodes with AMD SEV-SNP and Intel TDX will be generally available in Q2, requiring no code changes to secure your standard GKE workloads. Confidential GKE Nodes with NVIDIA H100 GPUs on the A3 machine series will be in preview in Q2, offering confidential GPU computing without code modifications.
Our Sensitive Data Protection discovery service for Vertex AI and Azure Storage is now generally available, enabling continuous data asset monitoring and integration with Security Command Center’s virtual red teaming and AI Protection. We’re also previewing data-in-motion scanning through Cloud Load Balancing and Secure Web Proxy, and announcing upcoming Dataplex V2 support.
Single-tenant Cloud Hardware Security Module (HSM), now in preview, provides dedicated, isolated HSM clusters managed by Google Cloud, while granting customers full administrative control.
For network security:
Network Security Integration allows enterprises to easily insert third-party network appliances and service deployments to protect Google Cloud workloads without altering routing policies or network architecture. Out-of-band integrations with ecosystem partners are generally available now, while in-band integrations are available in preview.
DNS Armor, powered by Infoblox Threat Defense, coming to preview later this year, uses multi-sourced threat intelligence and powerful AI/ML capabilities to detect DNS-based threats.
Cloud Armor Enterprise now includes hierarchical policies for centralized control and automatic protection of new projects, available in preview.
Cloud NGFW Enterprise supports L7 domain filtering capabilities to monitor and restrict egress web traffic to only approved destinations, coming to preview later this year.
Secure Web Proxy (SWP) now includes inline network data loss protection capabilities through integrations with Google’s Sensitive Data Protection and Symantec DLP using service extensions, available in preview.
Take the next step
These announcements just scratch the surface of the outcomes we can deliver when we converge our security capabilities and infuse them with AI and our frontline intelligence.
In today’s threat landscape, one of the most critical choices you need to make is who will be your strategic security partner, and Google Unified Security is the best, easiest, and fastest way to make Google part of your security team.
For more on our Next ‘25 announcements, you can watch our security spotlight, and check out the many great security breakout sessions at Next ‘25 — live and on-demand.
AI Summary and Description: Yes
Summary: This announcement highlights Google Cloud’s introduction of Google Unified Security, a comprehensive security framework that integrates AI-driven capabilities, threat intelligence, and streamlined workflows to enhance cybersecurity for enterprises. The new framework is aimed at evolving security dynamics in the face of increasing threats, providing tools for proactive threat detection and response, particularly for cloud and AI workloads.
Detailed Description:
Google Unified Security is a pivotal development by Google Cloud to address increasing complexities in enterprise security. Here are the major points of focus:
– **Integration and Convergence**:
– Google Unified Security consolidates various security solutions such as threat intelligence, cloud security, and security operations into a unified framework.
– This integration aims to reduce the fragmentation in security tools and data, promoting a holistic approach to security management.
– **AI Empowerment**:
– The solution employs agentic AI to enhance security operations. For example, alert triage and malware analysis agents are designed to offload routine tasks from human analysts, allowing them to focus on more complex security challenges.
– **Threat Intelligence and Proactive Measures**:
– The framework enriches security data with real-time threat intelligence, which enhances the detection and response capabilities across networks, endpoints, clouds, and applications.
– **Partnerships and Collaboration**:
– Google Cloud is collaborating with companies like Accenture and Deloitte to deepen the impact of its security solutions and create comprehensive cybersecurity offerings.
– **New Functionalities**:
– The introduction of capabilities for managing AI-related risks, data security management, compliance solutions, and enhancements to security hosting services shows a commitment to addressing the evolving landscape of cybersecurity threats.
– Tools like Mandiant Threat Defense and Data Security Posture Management are part of the offerings to bolster active threat detection and security governance.
– **Sovereignty and Compliance**:
– Google Cloud is establishing sovereign cloud solutions to comply with specific regulatory frameworks and customer requirements for data sovereignty.
– **Comprehensive Security Solutions**:
– Includes cutting-edge features like AI Protection, security incident response capabilities, and innovative employee phishing protections through Chrome Enterprise, emphasizing a multi-layered security architecture.
– **Resilience and Preparedness**:
– The announcement underscores the importance of building cyber resilience through integrated workflows, advanced threat intelligence, and effective incident response capabilities.
Overall, Google Unified Security promises to transform the approach to enterprise security, moving organizations toward proactive measures against the modern threat landscape while leveraging cutting-edge AI technology for enhanced risk management and compliance.