Google Cloud Adds Curated Detection to Chronicle

Organizations are increasingly relying on threat intelligence data to understand the sheer volume and complexity of security threats. On that note, Google Cloud has announced the general availability of the "curated detection" capability for its Chronicle security analysis platform to give organizations insights into the latest security threats.

The new feature, as part of the Chronicle SecOps Suite, pipes Google’s own threat intelligence data into an automated detection service that provides security teams with up-to-date insights on cloud threats -- such as attacks against cloud systems, attempts to exfiltrate data, and misconfigured systems -- and Windows-based attacks -- such as ransomware, remote-access tools, information stealers, data exfiltration, suspicious activity, and misconfigurations.

The service provides security teams with “high quality, actionable, out-of-the-box threat detection content curated, built, and maintained by the Google Cloud Threat Intelligence team," said Benjamin Chang, a Google Cloud software engineer. "By surfacing impactful, high-efficacy detections, Chronicle can enable analysts to spend time responding to actual threats and reduce alert fatigue."

The information from the detection service can be integrated with authoritative data sources, such as from the organization’s identity access management (IAM) systems and configuration management databases, to give security teams more context. Customers who used curated detections during public preview were able to detect malicious activity and take actions to prevent threats earlier in their life cycle, Chang said.

Microsoft provides similar capabilities via Microsoft Sentinel. Security teams are understaffed and overstressed, trying to keep up with an evolving threat landscape and managing the growing volume of alerts. Through these partnerships security teams have a shot at quickly identifying, investigating, and responding to threats.