Google adds prevalence visualisation, curated threat detection to Chronicle suite
Security teams will be given content hand-picked by Google experts, as well as greater context and tactic-mapping
Google Cloud has announced the general availability of new curated threat detection capabilities within its Chronicle Cloud SecOps suite.
Security teams will now be able to easily turn on curated detections from within the Chronicle console, with content built by the Google Cloud Threat Intelligence (GCTI) team. The GCTI team will continue to maintain this content as part of Google Cloud’s services.
Access will also be given to detailed contextual information from authoritative sources such as the configuration management database (CMDB), and teams will be able to speed up analysis and response times to threats through visualisation of the prevalence with which anomalous assets have been detected.
In the blog post making the announcement, Google also states that detected threats can now be natively mapped to MITRE’s ATT&CK framework to provide insight into threat actor strategy. Additionally, the company highlights the vast swathes of data that it processes every day, alongside its “billions” of users, as providing a huge data set for threat analysis.
The new detection sets were built to address a plethora of potential threats, including ransomware, remote-access tools (RAT), exfiltration of data, suspicious activity, infostealers and poor configuration. GCTI will continually add to and refine these sets, with the first release covering threats targeting Windows-based threats as well as cloud-specific attacks.
Chronicle is a Google Cloud-native security information and event management (SIEM) company.
“By surfacing impactful, high-efficacy detections, Chronicle can enable analysts to spend time responding to actual threats and reduce alert fatigue,” stated.
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
“Our customers who used curated detections during our public preview were able to detect malicious activity and take actions to prevent threats earlier in their lifecycle.
“And there’s more to come. We will be delivering a steady release of new detection categories covering a wide variety of threats, community-driven content, and other out-of-the-box analytics.”
In April, Google revealed a new managed security service provider (MSSP) program for Chronicle, offering MSSPs greater tools and threat detection alongside more flexible margins as a result of its licensing model.
Building for success with off-premises private cloud
Leveraging co-location facilities to execute your cloud strategy
Earlier in August, Google Cloud also announced the Cloud Analytics project, in an extension of its partnership with security company MITRE. This provides companies with pre-built queries to make cloud-specific threat hunting easier to perform, as informed by common tactics used by threat actors.
Altogether, Google Cloud has made significant steps in the past few months to consolidate its position as the leading cloud provider in terms of growth. Despite this, Amazon Web Services (AWS) and Microsoft Azure are still ahead with their customer bases, the latter having taken the lead for the first time earlier this year.
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.