Google adds prevalence visualisation, curated threat detection to Chronicle suite
Google Cloud has announced the general availability of new curated threat detection capabilities within its Chronicle Cloud SecOps suite.
Security teams will now be able to easily turn on curated detections from within the Chronicle console, with content built by the Google Cloud Threat Intelligence (GCTI) team. The GCTI team will continue to maintain this content as part of Google Cloud’s services.
Access will also be given to detailed contextual information from authoritative sources such as the configuration management database (CMDB), and teams will be able to speed up analysis and response times to threats through visualisation of the prevalence with which anomalous assets have been detected.
In the blog post making the announcement, Google also states that detected threats can now be natively mapped to Mitre’s ATT&CK framework to provide insight into threat actor strategy. Additionally, the company highlights the vast swathes of data that it processes every day, alongside its “billions” of users, as providing a huge data set for threat analysis.
The new detection sets were built to address a plethora of potential threats, including ransomware, remote-access tools (RAT), exfiltration of data, suspicious activity, infostealers and poor configuration. GCTI will continually add to and refine these sets, with the first release covering threats targeting Windows-based threats as well as cloud-specific attacks.
Chronicle is a Google Cloud-native security information and event management (SIEM) company.
“By surfacing impactful, high-efficacy detections, Chronicle can enable analysts to spend time responding to actual threats and reduce alert fatigue,” stated.
“Our customers who used curated detections during our public preview were able to detect malicious activity and take actions to prevent threats earlier in their lifecycle.
“And there’s more to come. We will be delivering a steady release of new detection categories covering a wide variety of threats, community-driven content, and other out-of-the-box analytics.”
In April, Google revealed a new managed security service provider (MSSP) program for Chronicle, offering MSSPs greater tools and threat detection alongside more flexible margins as a result of its licensing model.
Earlier in August, Google Cloud also announced the Cloud Analytics project, in an extension of its partnership with security company MITRE. This provides companies with pre-built queries to make cloud-specific threat hunting easier to perform, as informed by common tactics used by threat actors.
Altogether, Google Cloud has made significant steps in the past few months to consolidate its position as the leading cloud provider in terms of growth. Despite this, Amazon Web Services (AWS) and Microsoft Azure are still ahead with their customer bases, the latter having taken the lead for the first time earlier this year.
Ⓒ Future Publishing
Subscribers 0
Fans 0
Followers 0
Followers