As more organizations embrace hybrid, multi-cloud environments and a work-from-anywhere model, security teams are realizing they operate in the “age of expansion.” More technology and data assets to secure, more telemetry data to analyze, more security tools to manage, more alerts to sort, and — in turn — more threats to defend against. This compounding threat environment has security teams asking, how do we focus on the threats that matter the most?
To position security teams to better handle their security posture and make faster security decisions across multiple layers of the organization, we’re excited to announce that Google Cloud…
As enterprises look to more efficiently manage the incident response process, Security Orchestration, Automation, and Response (SOAR) platforms have steadily gained traction. These tools help SOC teams speed up security operations and create consistency when it comes to responding to security threats.
To help customers take advantage of their incident response toolkit, Chronicle now offers SOC playbook and orchestration-ready APIs and integrations with leading SOAR vendors such as D3 Security, IBM, Palo Alto Networks, ServiceNow, Splunk, and Swimlane. …
By Anton Chuvakin (originally posted at Anton on Security)
Back in August, we released our first Google/Chronicle — Deloitte Security Operations Center (SOC) paper titled “Future of the SOC: Forces shaping modern security operations” (launch blog, paper PDF) and promised a series of three more papers covering SOC people, process and technology.
Here is the next paper “Future of the SOC: SOC People — Skills, Not Tiers” (PDF) and you can easily guess it focuses on the PEOPLE aspect of the SOC. …
By Anton Chuvakin
(Originally posted at Anton on Security)
Security continues to be a top concern for cloud customers, and therefore continues to be a driver of our business at Google Cloud. However, specific security priorities vary wildly by vertical, by organization size, and by many other factors.
In fact, many “CISO priorities lists” are floating out there online and many people claim to know “what CISOs want.” My analyst years taught me to be skeptical about such claims, if only because there are vast differences between CISOs of different organizations, in terms of security maturity, for example. …
(By Anton Chuvakin and originally posted at Anton on Security)
While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today? We can trace the “cyber” threat detection to 1986 (“Cuckoo’s Egg”) and 1987 (first IDS) and perhaps even earlier events (like viruses of the early 1980s). This means we are “celebrating” ~35 years of cyber threat detection.
However, many organizations would gladly tell you today, in 2020, that “detection is hard” for them. But why? …
Modern detection for modern threats
At Chronicle, we believe it’s time for a better way to do detection. As the IT landscape becomes more complex and attackers continue to evade current security tools, it’s clear that attempts at prevention fall short. The rapid adoption of the ATT&CK framework also highlights the expanding threat attack surface and advancement of modern threats.
Today, we’re excited to announce the availability of Chronicle’s threat detection capabilities. Since joining Google Cloud over a year ago, the Chronicle team has been innovating on our investigation and hunting platform to bring you Chronicle Detect, a set of…
By Anton Chuvakin
(Originally posted at Anton on Security)
For some reason, I just cannot leave the topic of Security Operation Center (SOC) alone. In fact, I now am participating in a very fun effort to write a series of papers on the future of SOC by Google Cloud and Deloitte (for the impatient: download it here).
My favorite quotes are below:
Today, we are announcing an expanded partnership with Tanium, which includes joint solutions between Tanium Threat Response and Chronicle for security analytics, along with BeyondCorp Remote Access, our cloud solution for the zero trust access system used to protect Google itself. The integration between Threat Response and Chronicle, sold by Tanium, is available now. We’re also furthering our integration between Tanium and BeyondCorp as a next step in our partnership. Our vision is to provide an integrated solution for securing endpoint devices and operating systems, browser-based access, and analyzing all activity for unusual behavior and threats.
A fundamental design principle…
(By Anton Chuvakin, originally posted at https://medium.com/anton-on-security)
If you recall my post “So, Chronicle, Are You A SIEM?”, the conversation there focused on the top modern use cases where an organization may use a SIEM or, broader, security analytics. As you learned there, Chronicle aims at the modern SIEM sweet-spot in terms of use cases.
However, there are organizations that want both the breadth of a traditional SIEM product and also the modern features, such as threat hunting support (as a first-class feature), fast pivoting, scalable threat intel matching, etc. …
This morning, Telefonica’s ElevenPaths announced its collaboration with Chronicle, to begin building new managed security services. MSSPs struggle with data volumes and costs as much as any organization, and we’re excited to work on new services with the ElevenPaths team. Stay tuned for more over the coming months!