Google LLC today announced an update to its Google Cloud Chronicle security service that includes the unified Chronicle Security Operations platform, a new service that delivers advanced capabilities around threat intelligence.

The Chronicle Security Operations platform unifies security orchestration, automation and response, or SOAR for short, as well security information and event management, known as SIEM, and attack surface management technology from Mandiant, Google’s threat intelligence unit. The aim is to offer a more robust application of threat intelligence to help defenders get ahead of the latest threats.

The service has been designed to address modern threats that Google argues require modern thinking and modern solutions. The Chronicle Security Operations platform allows organizations to retain and analyze unfiltered data at large scale and high speed, allowing security teams to detect and investigate threats faster.

Chronicle Security Operations platform does not stop at collecting data, since data by itself usually takes far too long for security teams to discover what is relevant. With the new combination of both Chronicle SIEM and SOAR in the new release, security teams can gain rich context on the gathered data and can quickly pivot between alerts, cases, investigations and playbooks in a single console, according to Google.

The result is claimed to be a more streamlined and integrated threat detection and incident response experience. Every alert is grouped into a case to consolidate related alerts and provide access to relevant enrichment to help security teams make quicker decisions.

Applied threat intelligence

Google is also adding new capabilities and risk-based outcomes to Chronicle Security Operations that enable security operations teams to become more proactive and get ahead of potential threats.

The new Applied Threat Intelligence, available in preview, leverages Chronicle’s scalability to automatically enrich and contextualize every event with threat intelligence from Google Cloud, Mandiant and VirusTotal to help eliminate blindspots and detect more threats. The service uses artificial intelligence and machine learning to prioritize threats based on each unique environment.

Every relevant event in Chronicle that matches a threat indicator will be instantly enriched with threat actor, threat campaigns, or malware family associations that can be used for custom searches or detections. Breach analytics findings are also now viewable in the Chronicle console, informing customers of new and novel attacker techniques discovered by Mandiant Incident Response engagements within minutes.

Chronicle Security Operations has also had an injection of AI, with Duet AI in Chronicle now able to help transform threat detection, investigation and response for cyber defenders by simplifying search, complex data analysis and threat detection engineering.

With Duet AI, Chronicle can automatically provide a clear summary of what’s happening in cases, give context and guidance on important threats and offer recommendations for how to respond. Defenders can enter questions in natural language and Chronicle will generate the query from their statement, present a fully mapped syntax for search, and make it possible for you to refine and iterate on results quickly.

Image: Google