Cloud Security Podcast by Google

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

Feb 17, 2025

Kimberly Goody, Head of Intel Analysis and Production at Google Cloud, dives into the fascinating world of threat intelligence. She shares how Google's Threat Intelligence Group uniquely combines underground forum data with incident response insights to identify cybercriminal campaigns. Goody explains the challenges of attributing attacks to specific actors and the importance of contextualizing threats. The discussion also highlights the role of AI in enhancing threat analysis and the collaborative efforts across Google's teams to strengthen security.

26:02

Creator website

Episode guests

Kimberly Goody

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Google's Threat Intelligence Group enhances cybersecurity by combining technical analysis and interpretative skills to decode complex cyber threats.

Collaboration among various teams within Google creates a coordinated response to emerging cyber threats, improving overall security for users and customers.

Deep dives

Integrating Art and Science in Threat Intelligence

Threat intelligence is characterized by a combination of arts and sciences, emphasizing that effective practice requires not only technical expertise but also interpretative skills. The discussion highlights how understanding the nuances of cyber threats demands the blending of various disciplines, much like a liberal arts education. This multifaceted approach helps practitioners assess threats in a comprehensive manner, considering both the technical characteristics of malware and the behavioral patterns of threat actors. The speakers assert that this balance enriches the field and makes threat intelligence both an art and a science, enhancing overall understanding and responsiveness.

Intro

2min

Decoding Threat Intelligence

14min

Enhancing Google Security Through Coordinated Threat Intelligence

4min

Innovative Approaches to Threat Intelligence and AI Integration

3min

Curiosity and Insight: Enhancing Threat Intelligence through Reading

4min

Guest:

Kimberly Goody, Head of Intel Analysis and Production, Google Cloud

Topics:

Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns?
Attributing cyberattacks with high confidence is important. Can you walk us through the process GTIG uses to connect an incident to specific threat actors, given the complexities of the threat landscape and the challenges of linking tools and actors?
There is a difficulty of correlating publicly known tool names with the aliases used by threat actors in underground forums. How does GTIG overcome this challenge to track the evolution and usage of malware and other tools? Can you give a specific example of how this "decoding" process works?
How does GTIG collaborate with other teams within Google, such as incident response or product security, to share threat intelligence and improve Google's overall security posture? How does this work make Google more secure?
What does Google (and specifically GTIG) do differently than other organizations focused on collecting and analyzing threat-intelligence? Is there AI involved?

Resources:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Get the app

Cloud Security Podcast by Google

EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Integrating Art and Science in Threat Intelligence

The Role of Contextualization and Prioritization

Collaborative Intelligence for Enhanced Security

Remember Everything You Learn from Podcasts