Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.
Automation is essential for security teams. With 70% of security operations center (SOC) teams reporting feeling emotionally overwhelmed by the volume of security alerts, security orchestration automation and response (SOAR) capabilities are critical for to help them keep up with the latest threats.
It’s against this backdrop that today at Google Cloud Next, Google Cloud released Chronicle Security Operations, a new family of solutions designed to enable security teams to detect, investigate and respond to cyberthreats.
Chronicle Security Operations combines Chronicle’s existing security information and event management (SIEM) capabilities and Siemplify’s SIEM technology, alongside Google Cloud’s threat intelligence to create two new products: Chronicle SOAR and Chronicle SIEM.
The new family of solutions will enable enterprises to pull together threat data from sources including VirusTotal and Google Cloud’s threat intelligence to provide more transparency into security posture and exposure to malicious actors.
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
[Follow VentureBeat’s ongoing Google Cloud Next 2022 coverage »]
Enhancing threat detection and response
The announcement comes hot on the heels of Google Cloud’s Mandiant acquisition, which has the potential to add greater incident and exposure management capabilities to the solution in the future.
At a high level, Google Cloud’s acquisitions of Siemplify and Mandiant — when combined with the organization’s own proprietary threat intelligence — have the potential to make Chronicle one of the most advanced SOAR and SIEM solution providers on the market.
“We help democratize security operations with Google Cloud’s expertise and best practices,” said Chris Corde, director of product management and security at Google Cloud. “Curated detections leverage Google Cloud’s insights and threat intelligence gathered from protecting our billions of users so that organizations can focus their scarce expert resources on the unique security challenges that they face.”
Corde added that, “Sub-second search across petabytes of information can be as easy as running a Google search. Chronicle delivers threat-entered case management for simpler investigation and can surface the most relevant context to encourage consistently good decisions, which can enable teams to speed up investigation and response.”
Features like integrated alert management between Chronicle SIEM detections and Chronicle SOAR threat-entered case management offer users a more streamlined investigation experience, while response playbooks delivered by Security Command Center decrease the time taken to resolve security incidents.
Taking a look at the SOAR market
Given that researchers anticipate the SOAR market will grow from $1.1 billion in 2022 to reach $2.3 billion by 2027, it makes sense for Google Cloud to focus on becoming the definitive provider in the space following its Siemplify acquisition.
Of course, Google Cloud isn’t the only provider to focus on the SOAR market. Earlier this year, Elastic announced the launch of Elastic Security 8.4, which included a range of new SOAR capabilities, including native remediation and response capabilities.
The provider is also competing against a range of established competitors in the space, including Rapid7. Rapid7 Insight Connect offers automated workflows to streamline tasks such as incident response and vulnerability management.
Rapid7 most recently announced raising $658 million in Annual Recurring Revenue (ARR).
Another key competitor in the sector is Swimlane, a low-code security automation and SOAR platform. It provides users with automated playbooks they can use to define processes to address cyberthreats, and implement self-documenting playbooks to provide actionable intelligence on the organization’s overall risk posture. Earlier this year, the company secured $70 million in growth funding.
At this stage, Chronicle SOAR’s key differentiator is its consolidation of Mandiant, Siemplify and Google Cloud’s threat intelligence into a single product category.