At last week’s RSA Conference in San Francisco, Google announced Threat Intelligence, combining its Mandiant frontline expertise, the reach of the VirusTotal community, and visibility based on billions of signals across devices and emails.

Google Threat Intelligence includes Gemini, its AI-powered agent that provides conversational search across its vast repository of threat intelligence, helping users gain insights and protect themselves from threats faster.

For decades, threat intelligence technology has had two main challenges: it lacks a comprehensive view of the threat landscape; and to get value from intelligence, organisations have to spend excess time, energy and money trying to collect and operationalise the data.

“While there is no shortage of threat intelligence available, the challenge for most is to contextualise and operationalise intelligence relevant to their specific organisation,” said Dave Gruber, principal analyst at Enterprise Strategy Group. “Unarguably, Google provides two of the most important pillars of threat intelligence in the industry today with VirusTotal and Mandiant. Integrating both into a single offering, enhanced with AI and Google threat insights, offers security teams a new means to operationalise actionable threat intelligence to better protect their organisations.”

Google Threat Intelligence provides visibility into the global threat landscape. It offers deep insights from Mandiant’s incident response and threat research team, and combines them with its massive user and device footprint and VirusTotal’s broad crowdsourced malware database.

Google protects four billion devices and 1.5 billion email accounts, and blocks 100 million phishing attempts per day. This provides a vast sensor array and a unique perspective on internet and email-borne threats that allows Google to connect the dots back to attack campaigns.

Mandiant’s elite incident responders and security consultants dissect attacker tactics and techniques, using their experience to help users defend against sophisticated and relentless threat actors across the globe in over 1100 investigations annually.

Mandiant’s global threat experts monitor threat actor groups for activity and changes in their behaviour to contextualise ongoing investigations and provide the insights users need to respond.

VirusTotal’s global community of over a million users continuously contributes potential threat indicators, including files and URLs, to offer real-time insight into emerging attacks.

Google uses open-source threat intelligence to enrich its knowledge base with current discoveries from the security community.

This view lets Google Threat Intelligence protect organisations in various ways, including external threat monitoring, attack surface management, digital risk protection, indicators of compromise analysis and expertise.

Traditional approaches to operationalising threat intelligence are labour-intensive and can slow down the ability to respond to evolving threats, potentially taking days or weeks to respond.

By combining Google’s comprehensive view of the threat landscape with Gemini, it has improved the threat research processes, augmented defence capabilities, and reduced the time it takes to identify and protect against novel threats. Users now have the ability to condense large data sets in seconds, quickly analyse suspicious files, and simplify challenging manual threat intelligence tasks.

Gemini 1.5 Pro is part of Google Threat Intelligence, and it has been integrated so it can more efficiently and effectively assist security professionals in combating malware. Gemini 1.5 Pro offers the world’s longest context window, with support for up to a million tokens. It can simplify the technical and labour-intensive process of reverse engineering malware. In fact, it was able to process the entire decompiled code of the malware file for WannaCry in a single pass, taking 34s to deliver its analysis and identify the kill switch.

Google also offers a Gemini-driven entity extraction tool to automate data fusion and enrichment. It can automatically crawl the web for relevant open-source intelligence and classify online industry threat reporting. It then converts this information to knowledge collections, with corresponding hunting and response packs pulled from motivations, targets, tactics, techniques and procedures, actors, toolkits, and indicators of compromise.

To learn more about Google Threat Intelligence, go to cloud.google.com/security/products/threat-intelligence.