Google Cloud has announced context-aware threat detections, alert prioritization and risk scoring enhancements for its Chronicle security information and event management (SIEM) platform.
The updates come as Google Cloud seeks to boost its security portfolio across multiple fronts. Key moves include acquiring cyber incident response expert Mandiant for $5.4 billion and buying Siemplify for $500 million.
R&D also continues. The latest: Chronicle's context-aware detections combine threat telemetry, relationships and vulnerabilities into a "single" event, according to Google. As such, organizations can use these detections to speed up incident investigation.
In addition, Chronicle lets security analysts and detection engineers filter out entire clusters of threats that may be expected or represent little-to-no danger, Google stated. This ensures security analysts and detection engineers can prioritize alerts and respond to threats faster than ever before.
Chronicle also makes relevant context available for heuristic-driven contextual risk scoring of detections, Google said. That way, organizations can understand the potential impact of threats and respond accordingly.
Chronicle enhancements are available for preview and are expected to be generally available in 2022. Furthermore, Google will provide new detection capabilities and integrations for Chronicle with other parts of Google Cloud and additional third-party providers.
How Can MSSPs Use Google Chronicle?
Chronicle provides MSSPs with threat detection and response and security visualizations. It allows MSSPs to unify security telemetry onto a single timeline to analyze and optimize their customers' security posture.
Meanwhile, eXtended detection and response (XDR) platform provider Cybereason in December 2021 launched the Cybereason XDR powered by Chronicle that MSSPs and other organizations can use to predict, analyze and protect against cyberattacks. Also, CrowdStrike in May 2021 integrated its Falcon endpoint protection platform with Chronicle to help security teams analyze endpoint and workload telemetry and investigate cyberattacks.