By Anton Chuvakin
(Originally posted at Anton on Security)
Security continues to be a top concern for cloud customers, and therefore continues to be a driver of our business at Google Cloud. However, specific security priorities vary wildly by vertical, by organization size, and by many other factors.
In fact, many “CISO priorities lists” are floating out there online and many people claim to know “what CISOs want.” My analyst years taught me to be skeptical about such claims, if only because there are vast differences between CISOs of different organizations, in terms of security maturity, for example. …
(By Anton Chuvakin and originally posted at Anton on Security)
While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today? We can trace the “cyber” threat detection to 1986 (“Cuckoo’s Egg”) and 1987 (first IDS) and perhaps even earlier events (like viruses of the early 1980s). This means we are “celebrating” ~35 years of cyber threat detection.
Modern detection for modern threats
At Chronicle, we believe it’s time for a better way to do detection. As the IT landscape becomes more complex and attackers continue to evade current security tools, it’s clear that attempts at prevention fall short. The rapid adoption of the ATT&CK framework also highlights the expanding threat attack surface and advancement of modern threats.
Today, we’re excited to announce the availability of Chronicle’s threat detection capabilities. Since joining Google Cloud over a year ago, the Chronicle team has been innovating on our investigation and hunting platform to bring you Chronicle Detect, a set of modern detection capabilities built on Google infrastructure to help you identify threats at unparalleled speed and scale. …
By Anton Chuvakin
(Originally posted at Anton on Security)
For some reason, I just cannot leave the topic of Security Operation Center (SOC) alone. In fact, I now am participating in a very fun effort to write a series of papers on the future of SOC by Google Cloud and Deloitte (for the impatient: download it here).
My favorite quotes are below:
Today, we are announcing an expanded partnership with Tanium, which includes joint solutions between Tanium Threat Response and Chronicle for security analytics, along with BeyondCorp Remote Access, our cloud solution for the zero trust access system used to protect Google itself. The integration between Threat Response and Chronicle, sold by Tanium, is available now. We’re also furthering our integration between Tanium and BeyondCorp as a next step in our partnership. Our vision is to provide an integrated solution for securing endpoint devices and operating systems, browser-based access, and analyzing all activity for unusual behavior and threats.
A fundamental design principle of the Chronicle platform is the ability to manage massive amounts of security telemetry, easily and over long periods of time. Log volumes have grown, and legacy systems have struggled to keep up from a cost and speed perspective. More recently, the rise of Endpoint Detection and Response (EDR) solutions has accelerated this data growth. As more IT systems move from the data center to the cloud, corporate endpoints have become the central point for security and control. …
(By Anton Chuvakin, originally posted at https://medium.com/anton-on-security)
However, there are organizations that want both the breadth of a traditional SIEM product and also the modern features, such as threat hunting support (as a first-class feature), fast pivoting, scalable threat intel matching, etc. …
This morning, Telefonica’s ElevenPaths announced its collaboration with Chronicle, to begin building new managed security services. MSSPs struggle with data volumes and costs as much as any organization, and we’re excited to work on new services with the ElevenPaths team. Stay tuned for more over the coming months!
(Written by Anton Chuvakin and originally posted at medium.com/anton-on-security)
With this post, I am about to answer the question everybody wants to know the answer for …
… is Chronicle a SIEM?
However, if you are impatient and need to get the answer right now, here it is: Chronicle can address many modern security use cases that you would typically use a SIEM for.
Before I give a more nuanced answer, let’s agree on the foundations. Today’s technology and threat realities mean that there is a set of security monitoring capabilities that CISOs and their teams need.
Historically (since the late 1990s), most of such capabilities have been bundled together into a thing called “a SIEM.” Over the years, this SIEM concept has gathered more and more capabilities ranging from compliance reporting to security workflow management and machine learning algorithms for threat detection. …
It’s been one year since we announced our security analytics platform. We decided to start by doing one thing exceedingly well, and that was incident investigation against massive piles of data. Since then, a few changes have occurred…and we’ve continued to expand the platform. For example, during the past year we added support for EDR data, one of the largest sets of telemetry in many companies, and announced a new partnership with Tanium for EDR integration. We also added the ability to pivot from a device to a user, and to see normal vs. unusual user behavior quickly.
We’ve recently added several new interesting capabilities. …
(By Anton Chuvakin — Originally posted at Anton on Security)
We all know David Bianco Pyramid of Pain, a classic from 2013. The focus of this famous visual is on indicators that you “latch onto” in your detection activities. This post will reveal a related mystery connected to SIEM detection evolution and its current state. So, yeah, this is another way of saying that a very small number of people are perhaps very passionate about it …
But who am I kidding? I plan to present a dangerously long rant about the state of detection content today. So, yes, of course there will be jokes, but ultimately that is a serious thing that had been profoundly bothering me lately. …