Google Cloud has released its “curated detection” for the Chronicle security analysis platform. Chronicle is used by MDR providers, but Google Cloud is not handling the disposition of alerts and response, instead is surfacing the alerts (detections) for action by the customer using Google Cloud intelligence, the company told MSSP Alert.
Curated detections, part of the Google Chronicle SecOps Suite and built by the Google Cloud Threat Intelligence (GCTI) team, and are actively maintained to reduce the manual work of a security operations team, according to Google Cloud.
Chronicle’s curated detection feature applies the threat intelligence that Google gains from protecting its own user base into an automated detection service. The new product’s ability to integrate authoritative data sources, such as MITRE ATT&CK, will help organizations better understand potential threats. It also will constantly update threat information from Google’s own security team.
Non-Google Cloud Customers Benefit Too
Google Cloud has made two recent security updates to its own products, namely built-in DDoS protection and API security. However, while curated detection builds on the company’s in-house expertise, Chronicle is a product that can be sold to everyone, including non-Google Cloud customers.
By securing billions of users every day, the scale and depth of intelligence that Google gains gives it a unique vantage point to craft effective and targeted detections, the company said. These native detection sets cover a wide variety of threats for the cloud and beyond.
These threats include:
- Remote-access tools (RAT)
- Data exfiltration
- Suspicious activity
- Weakened configurations
The release of the Chronicle platform, says Google Cloud, will help understaffed and overstressed security teams keep up with an ever evolving threat landscape, quickly identify threats, and drive effective investigation and response.
With this new release, security teams can:
- Enable high quality curated detections with a single click from within the Chronicle console.
- Operationalize data with high-fidelity threat detections, stitched with context available from authoritative sources (such as IAM and CMDB).
- Accelerate investigation and response by finding anomalistic assets and domains with prevalence visualization for the detections triggered.
- Map detection coverage to the MITRE ATT&CK framework to better understand adversary tactics and techniques and uncover potential gaps in defenses.
Google Cloud Adds Chronicle MSSP Partner Program
In August 2022, the Australian Competition and Consumer Commission (ACCC) approved Google Cloud’s planned acquisition of Mandiant. Google’s acquisition of Mandiant and other cybersecurity companies could help the company extend its reach in the global managed security services market.