Does Google Security Operations implement nonsignature-based malicious code detection mechanisms?
Nonsignature-based detection mechanisms include, for example, the use of heuristics to detect, analyze, and describe the characteristics or behavior of malicious code and to provide safeguards against malicious code for which signatures do not yet exist or for which existing signatures may not be effective.
The reason I ask is because I know the capabilities are capable of looking up malicious file hashes, but what about behavior / characteristics of malicious code, for which signatures do not exist.
Thanks.