Google Launches Enterprise Threat Detection Solution
Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud.
This is the first threat detection product out of the Chronicle cybersecurity platform after Chronicle became part of Google in June last year.
Launched in 2018 as a separate entity, Chronicle was established in 2016 within Google’s parent company Alphabet, aiming at delivering visibility into possible vulnerable areas, to help improve security posture. In March 2019, Chronicle launched security telemetry platform Backstory, and in June 2019 it announced joining Google Cloud.
The newly announced detection tool, Google revealed in a blog post this week, takes advantage of its large infrastructure to help organizations identify threats faster and at a higher scale than before.
Chronicle Detect, the tech giant explains, builds on products announced at the RSA Conference earlier this year: “a data fusion model that stitches events into a unified timeline, a rules engine to handle common events, and a language for describing complex threat behaviors.”
Taking advantage of a next generation rules engine from Google, Chronicle Detect is expected to boost overall threat detection, delivering improved speed, and a language designed specifically for the detailing of threat behaviors, in addition to new rules and indicators.
The tool is meant to help organizations depart from legacy security tools and adopt a modern threat detection system, Google says. Security teams are provided with the option to send telemetry to Chronicle, at a fixed cost, which results in diverse security data being leveraged for detection.
“We automatically make that security data useful by mapping it to a common data model across machines, users, and threat indicators, so that you can quickly apply powerful detection rules to a unified set of data,” Google says.
The threat detection solution also provides advanced rules out-of-the-box, while allowing security teams to build their own rules or import those used in legacy tools. Based on the YARA detection language, the rules can be leveraged for quickly building detections for MITRE ATT&CK tactics and techniques.
Furthermore, Chronicle Detect includes a Sigma-YARA converter, allowing organizations that use Sigma-based rules or ones that are converting legacy rules to Sigma, for portability, to port their rules to and from Chronicle’s platform as well.
According to Chronicle, organizations can also enjoy detection rules and threat indicators that the company’s Uppercase threat research team delivers. IOCs from the team are analyzed against telemetry data to immediately inform customers of threat indicators in their environments.
“Uppercase researchers leverage a variety of novel tools, techniques, and data sources (including Google threat intelligence and a number of industry feeds) to provide Chronicle customers with indicators spanning the latest crimeware, APTs, and unwanted malicious programs,” the company explains.