Google logo seen at Googleplex, the corporate headquarters complex of Google and its parent company Alphabet Inc. Google and its subsidiary Chronicle are rolling out new automated threat detection capabilities for its Google Cloud platform. (Photo by Alex Tai/SOPA Images/LightRocket via Getty Images)Google and its subsidiary Chronicle are rolling out new automated threat detection capabilities for its Google Cloud platform to help companies scale up security monitoring for their legacy systems.The product – called Chronicle Detect – has been in the works for some time and Google unveiled some details around certain components earlier this year at RSA, like a data fusion model to create timelines, a rules engine for common events and incorporated YARA malware threat behavior language.
Often, log data or telemetry from a company’s older, off-the-shelf or internal applications aren’t set up to integrate with or port to modern threat detection and response platforms. That can make consistent, continuous security monitoring harder and create visibility gaps for huge chunks of enterprise.In a release, Sunil Potti, Google’s general manager and vice president of engineering, and Rick Caccia, head of marketing for Google’s Cloud Security team, said the new capabilities were designed to address the gap that many organizations face in setting up threat detection protocols for older or legacy systems.“In legacy security systems, it’s difficult to run many rules in parallel and at scale — so even if detection is possible, it may be too late,” Potti and Caccia said. “Most analytics tools use a data query language, making it difficult to write detection rules described in scenarios such as the Mitre ATT&CK framework. Finally, detections often require threat intelligence on attacker activity that many vendors simply don’t have.”Chronicle Detect works like this: customers will use Google’s platform to send their telemetry for a fee, and Chronicle’s automaton will map it to a data model for devices, users and threat indicators to develop new detection rules. Users can migrate their rules over from legacy systems, build new ones or use Google’s standardized version. They can also leverage threat indicators from Uppercase, Chronicle’s threat research team around the latest malware, APTs and other threats.Chronicle was first established by Google’s parent company, Alphabet, in 2018, as a quasi-independent security automation service that would combine Google’s infrastructure, analytic tools and vast oceans of data with customer-specific information to automatically ingest and crunch security data into actionable intelligence. Alphabet later scaled back those plans and the organization was eventually folded into Google’s cloud security team.
Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
