Google Chronicle adds ‘context-aware’ cyber threat detection

Missed a session at the Data Summit? View on demand here.

Google Cloud today announced the next batch of updates to its Chronicle security analytics service, designed to enhance security operations with enhanced threat detection.

The updates introduce “context-aware” threat detection to Chronicle, a capability that is now available as a public preview. The opportunity shows that Google is “creating efficiency in every step of a customer’s discovery and response journey, starting with making alerts more functional,” members of the Google Chronicle team said in a blog post today.

The unveiling of the new capability follows Google’s announcements of two major security acquisitions that will be linked to Chronicle. In January, Google acquired Siemplify, a provider of SOAR (Security Orchestration, Automation and Response) technologies. And earlier this month, the company announced a deal to acquire cybersecurity powerhouse Mandiant for $5.4 billion, which is poised to bring a suite of capabilities to the Google Cloud security platform, including threat intelligence, incident response and managed defense. .

Ultimately, Google Cloud aims to deliver an “end-to-end security operations suite to help businesses stay protected at every stage of the security lifecycle,” said Phil Venables, CISO at Google Cloud, at a news conference last week. .

Threat Response Improvement

With today’s announcement, Google recognizes that customers “need access to all context across their entire IT stack while simultaneously responding to malicious threats” to help shape a threat response strategy, the Chronicle team said. in the blog post.

The release also notes that “alert fatigue” has hit many security teams, with an overload of alerts coming in from security tools limiting their ability to prioritize the threats that really matter.

This is where “context aware” detections come in for Google Chronicle. With the new feature, “all supporting information from authoritative sources (e.g., CMDB, IAM, and DLP), including telemetry, context, relationships, and vulnerabilities, is available out-of-the-box as a ‘single’ detection event,” the Chronicle team said. . †

Key capabilities include the ability to use risk scoring to prioritize threats, respond more quickly to alerts and make their alerts more reliable, the post said.

The Chronicle team noted that security information and event management (SIEM) tools and other security analytics have struggled so far to provide this type of functionality to customers.

“This launch resolves a paradigm gap in legacy analytics and SIEM products, where data has historically been logically separated due to a prohibitive economy,” the team said in the blog post. “Customers can now operationalize all of their security telemetry and enriching data sources in one place, enabling them to develop flexible alerting and prioritization strategies.”

Faster response times

Overall, response and recovery times will be accelerated “by minimizing the need to wait for contextual understanding before making a decision and taking an investigative action,” the Google Chronicle team said in the post.

Google has not specifically said when context-aware threat detection in Chronicle will be generally available.

However, the Chronicle team said that “in the coming months, as we move these modules to general availability, you can expect a steady release of new discovery capabilities and integrations with other parts of Google Cloud and additional third-party providers.”

Other recent security updates from Google Cloud include the addition of discovery for cryptocurrency mining in virtual machines and the debut of Cloud IDS, a cloud-native network security offering that aims to simplify deployment and use.

Chronicle and Siemplify in particular are all about “interoperability between a lot of other technologies – [they] work with any firewall company, work with all endpoint companies, work with logs generated by various applications,” Mandiant CEO Kevin Mandia said at a news conference last week.

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post Google Chronicle adds ‘context-aware’ cyber threat detection

was original published at “https://venturebeat.com/2022/03/15/google-chronicle-adds-context-aware-cyber-threat-detection/”