Google Chronicle adds ‘context-aware’ cyber threat detection


We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20 through August 3. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Learn more

Google Cloud today announced the next round of updates to its Chronicle security platform, aimed at helping improve security operations with better threat detection.

The updates introduce “context-aware” threat detection to Chronicle, a feature that is now available for public preview. This capability shows that Google is “creating efficiencies at every stage of a customer’s detection and response journey, starting with making alerts more functional,” Google Chronicle team members said today. in a blog post.

The unveiling of the new capability follows Google’s announcements of two major security acquisitions that will tie into Chronicle. In January, Google acquired Siemplify, a provider of security orchestration, automation, and response (SOAR) technologies. And earlier this month, the company announced a deal to acquire cybersecurity powerhouse Mandiant for $5.4 billion, which is set to bring a range of features to the Google Cloud Security Platform. , including threat intelligence, incident response, and managed defense.

Google Cloud ultimately aims to provide an “end-to-end suite of security operations to help organizations stay protected at every stage of the security lifecycle,” said Phil Venables, CISO at Google Cloud, during the talk. a press conference last week.

Improve threat response

With today’s announcement, Google recognizes that customers need “access to all contexts across their entire computing stack while responding to malicious threats,” to help build a strategy around the response to threats, the Chronicle team said in a blog post.

The post also notes that “alert fatigue” has plagued many security teams, with an overload of alerts from security tools that limit their ability to prioritize the most important threats.

This is where “context-aware” detections for Google Chronicle come in. With the new feature, “all supporting information from authoritative sources (e.g., CMDB, IAM, and DLP), including telemetry, context, relationships, and vulnerabilities, is available out-of-the-box as that “single” detection event”, the Chronicle team mentioned.

Key features include the ability to use risk scoring to prioritize threats, respond to alerts faster, and achieve higher fidelity for their alerts, according to the post.

The Chronicle team noted that to date, security information and event management (SIEM) tools and other security analytics have struggled to provide this kind of functionality to customers.

“This release fixes a paradigm gap in legacy analytics and SIEM products, where data has always been logically separated due to prohibitive cost savings,” the team said in the blog post. “Customers can now operationalize all of their security telemetry and enrich their data sources in one place, giving them the ability to develop flexible alerting and prioritization strategies.”

Faster response times

Overall, response and recovery times will be accelerated “by minimizing the need to wait for contextual understanding before making a decision and taking investigative action,” the Google Chronicle team said in the message.

Google hasn’t said when contextual threat detection in Chronicle will be generally available.

The Chronicle team however stated that “over the next few months as we move these modules to general availability, you can expect to see a steady release of new detection capabilities and integrations with other parts of Google Cloud and other third-party providers”.

Other recent Google Cloud security updates have included the addition of cryptocurrency mining detection in virtual machines and the launch of Cloud IDS, a cloud-native network security offering that aims to provide simplified deployment and use.

Notably, Chronicle and Siemplify are all focused on “interoperability between a ton of other technologies – [they] work with every firewall company, work with every endpoint company, work with logs generated from different applications,” Mandiant CEO Kevin Mandia said at a press conference last week.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more


About Author

Comments are closed.