Google LLC is updating its Chronicle cybersecurity platform with new features that will enable enterprises to provide more effective detection of cyberattacks targeting their infrastructure. 

The company announced the update today.

Chronicle is a SIEM, or security information and event management, platform provided by Google. A SIEM platform is a type of cybersecurity application that can collect data from a large number of systems in a company’s technology environment and analyze the collected data for signs of a breach. Enterprises also rely on Chronicle to map out the scope of hacking attempts. 

Enterprises often use SIEM platforms such as Chronicle together with detections. A detection is a piece of code that describes a specific type of cyberattack, such as an attempt to install malware on cloud instances. Google’s Chronicle platform can compare activity in a company’s network with a cyberattack described by a detection to find potential data breaches.

As part of today’s update, Google is rolling out a set of pre-packaged detentions to Chronicle. The detections were developed by the company’s Google Cloud Threat Intelligence team, which researches hacker activity.

“Our scale, and depth of intelligence, gained by securing billions of users everyday, gives us a unique vantage point to craft effective and targeted detections,” Google Cloud software engineer Benjamin Chang and engineering manager Rick Correa wrote in a blog post. “These native detection sets cover a wide variety of threats for cloud and beyond.”

According to Google, the new detections will enable Chronicle customers to more effectively spot cyberattacks targeting their Windows environments. The detections can uncover cyberattacks that attempt to steal data from a Windows-powered system. They can also identify other threats, such as ransomware and attempts by hackers to use the existing software installed on a device to gain access.

The second set of detections that Google is rolling out for Chronicle will help companies secure their public cloud environments. According to Google, the detections can be used to uncover misconfigured settings in cloud environments that could increase the risk of a cyberattack. They’re also useful for spotting data exfiltration attempts and other types of malicious activity.

Cybersecurity teams often develop the detections that they use to spot hacking attempts manually. By providing a pre-packaged set of detections, Google promises to save time for cybersecurity professionals. According to the company, early customers who tested the feature also gained the ability to spot and block malware faster than was previously possible.

Google plans to roll out additional detections for Chronicle in the future. According to the company, the upcoming additions will increase the number of cybersecurity issues that customers can detect using the feature.

The platform was originally created at the search giant’s X research lab, which develops products based on emerging technologies. Chronicle later spun out of X to become an independent Google subsidiary. In June 2019, it was folded into Google Cloud. 

Since then, the search giant has worked to expand Chronicle’s capabilities through both organic feature development and acquisitions. In January, Google reportedly paid $500 million to acquire CyArx Technologies Ltd., a startup that does business as Siemplify and provides a platform for responding to cyberattacks. Google stated at the time of the acquisition that it was planning to integrate Siemplify’s technology with Chronicle.

Image: Google