MDR, Cloud Security, Channel partners, Content, Security Program Controls/Technologies, MSSP, SOC, Threat Intelligence

Google Cloud Launches “Curated Detection” for Chronicle Security Platform

Concept. 3D render

Google Cloud has released its “curated detection” for the Chronicle security analysis platform. Chronicle is used by MDR providers, but Google Cloud is not handling the disposition of alerts and response, instead is surfacing the alerts (detections) for action by the customer using Google Cloud intelligence, the company told MSSP Alert.

Curated detections, part of the Google Chronicle SecOps Suite and built by the Google Cloud Threat Intelligence (GCTI) team, and are actively maintained to reduce the manual work of a security operations team, according to Google Cloud.

Chronicle’s curated detection feature applies the threat intelligence that Google gains from protecting its own user base into an automated detection service. The new product’s ability to integrate authoritative data sources, such as MITRE ATT&CK, will help organizations better understand potential threats. It also will constantly update threat information from Google’s own security team.

Non-Google Cloud Customers Benefit Too

Google Cloud has made two recent security updates to its own products, namely built-in DDoS protection and API security. However, while curated detection builds on the company’s in-house expertise, Chronicle is a product that can be sold to everyone, including non-Google Cloud customers.

By securing billions of users every day, the scale and depth of intelligence that Google gains gives it a unique vantage point to craft effective and targeted detections, the company said. These native detection sets cover a wide variety of threats for the cloud and beyond.

These threats include:

  • Ransomware
  • Remote-access tools (RAT)
  • Info-stealers
  • Data exfiltration
  • Suspicious activity
  • Weakened configurations

The release of the Chronicle platform, says Google Cloud, will help understaffed and overstressed security teams keep up with an ever evolving threat landscape, quickly identify threats, and drive effective investigation and response.

With this new release, security teams can:

  • Enable high quality curated detections with a single click from within the Chronicle console.
  • Operationalize data with high-fidelity threat detections, stitched with context available from authoritative sources (such as IAM and CMDB).
  • Accelerate investigation and response by finding anomalistic assets and domains with prevalence visualization for the detections triggered.
  • Map detection coverage to the MITRE ATT&CK framework to better understand adversary tactics and techniques and uncover potential gaps in defenses.

Google Cloud Adds Chronicle MSSP Partner Program

Google Cloud announced a new Chronicle MSSP Partner Program, which MSSP Alert previewed in February 2022 — responding to emerging MSSP partner programs from Amazon Web Services (AWS) and Microsoft.

In August 2022, the Australian Competition and Consumer Commission (ACCC) approved Google Cloud’s planned acquisition of Mandiant. Google’s acquisition of Mandiant and other cybersecurity companies could help the company extend its reach in the global managed security services market.

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.