Google Chronicle adds ‘context-aware’ cyber threat detection

Did you miss a session at the Data Summit? Watch On-Demand Here.

Google Cloud today announced the next series of updates to its Chronicle security analytics service, aimed at helping to enhance security operations with improved detection of threats.

The updates introduce “context-aware” threat detection to Chronicle, a capability that is available now as a public preview. The capability shows that Google is “creating efficiencies in every step of a customer’s detection and response journey, starting by making alerts more functionally enable,” members of the Google Chronicle team said in a blog post today.

The unveiling of the new capability follows Google’s announcements of two major acquisitions in security that will be tied in with Chronicle. In January, Google acquired Siemplify, a provider of security orchestration, automation and response (SOAR) technologies. And earlier this month, the company announced an agreement to acquire cybersecurity powerhouse Mandiant for $5.4 billion, which is poised to bring a range of capabilities to the Google Cloud security platform including threat intelligence, incident response and managed defense.

Google Cloud is ultimately aiming to deliver an “end-to-end security operations suite to help enterprises stay protected at every stage of the security lifecycle,” said Phil Venables, CISO at Google Cloud, during a news conference last week.

Improving threat response

With today’s announcement, Google is acknowledging that customers need “access to all context across their entire IT stack while responding to malicious threats,” in order to help with forming a strategy around threat response, the Chronicle team said in the blog post.

The post also notes that “alert fatigue” has afflicted many security teams, with an overload of alerts coming in from security tools that limit their ability to prioritize the threats that really matter most.

This is where “context-aware” detections come in for Google Chronicle. With the new feature, “all the supporting information from authoritative sources (e.g. CMDB, IAM, and DLP) including telemetry, context, relationships, and vulnerabilities are available out of the box as a ‘single’ detection event,” the Chronicle team said.

Key capabilities include the ability to use risk scoring to prioritize threats, respond to alerts more quickly and get higher-fidelity for their alerts, according to the post.

The Chronicle team noted that security information and event management (SIEM) tools and other security analytics to date have struggled to provide this sort of functionality to customers.

“This launch fixes a paradigm gap in legacy analytics and SIEM products, where data has historically been logically separated due to prohibitive economics,” the team said in the blog post. “Customers can now operationalize all their security telemetry and enriching data sources in one place, giving them the ability to develop flexible alerting and prioritization strategies.”

Faster response times

All in all, response and recovery times will be accelerated “by minimizing the need to wait for contextual understanding before making a decision and taking an investigatory action,” Google Chronicle’s team said in the post.

Google did not specifically say when context-aware threat detection in Chronicle will be generally available.

The Chronicle team did say, however, that “over the next months as we move these modules towards general availability, you can expect to see a steady release of new detection capabilities and integrations with other parts of Google Cloud and additional third party providers.”

Other recent updates from Google Cloud in security have included the addition of detection for cryptocurrency mining in virtual machines and the debut of Cloud IDS, a cloud-native network security offering that aims to provide simplified deployment and use.

Notably, Chronicle and Siemplify are all about “interoperability between a ton of other technologies — [they] work with every firewall company, work with all the endpoint companies, work with logs generated from different applications,” Mandiant CEO Kevin Mandia said in a news conference last week.

Originally appeared on: TheSpuzz