Google Cloud Chronicle’s new threat detection service promises speed and scale
Google Cloud’s Chronicle security service today announced Chronicle Detect, a threat detection solution that leverages Google’s infrastructure to help enterprises identify threats faster and at larger scale.
Designed to deliver threat detection to enterprises with the next generation of Google’s rules engine that “operates at the speed of search,” Detect offers a data fusion model that stitches events into a unified timeline, a rules engine to handle common events, and a language for describing complex threat behaviors.
The language referred to is support for YARA-L, a variant on the YARA language. That language provides a rule-based approach to created descriptions of malware families based on textual or binary families.
YARA-L goes further in that it can be used to express detections, not merely to query the data. In the words of security strategist Anton Chuvakin in February, “in essence, it is a threat detection language, not a data query language! It is designed by and for security analysts, admittedly with some help from malware reverse engineers.”
With support for YARA-L, users can deploy advanced rules out-of-the-box, build their own rules or migrate rules over from legacy tools. Chronicle Detect also provides support for the MITRE ATT&CK security framework as well as a Sigma-YARA converter that allows customers to port their rules to and from existing Sigma installations.
Chronicle customers can also take advantage of detection rules and threat indicators from Uppercase, Chronicle’s dedicated threat research team. The researchers, leveraging a variety of tools, techniques and data sources provide Chronicle customers with indicators spanning the latest crimeware, advance persistent threat groups and unwanted malicious programs.
The researchers can then provide indicators of compromise such as high-risk IPs, hashes, domains, registry keys that are analyzed against all security telemetry in a customer’s Chronicle setup to detect high-threat indicators.
One existing customer of Chronicle, Bob Varnadoe, chief information security officer at NCR Corp., spoke highly of the offering in the press release. “The scale and SaaS deployment model of Google Chronicle drove NCR’s initial interest and investment,” Varnadoe said. “Their speed to deliver new features and integration has kept us productive and continued to impress. By operationalizing Chronicle for threat investigations, we have significantly improved our detection metrics.”
Image: Google Chronicle
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU