September 18, 2023 — Google Cloud’s mission is to help organizations transform cybersecurity with front-line intelligence, expertise, and AI-powered innovation. This is most needed in security operations (SecOps). In security operations (SecOps), understaffed and overwhelmed security teams struggle to defend against an increasingly voluminous and sophisticated threat landscape, often using tools designed in the pre-cloud era. doing.
We believe that successful defense against modern threats requires modern thinking and modern solutions. That’s why we took a fresh look at what threat detection, investigation, and response (TDIR) looks like. chronicle security operations. Following Duet AI and Threat Hunting Announcement at Google Cloud NextToday, we’re excited to announce the latest update to Chronicle. It integrates SOAR and SIEM solutions, integrates Mandiant’s attack surface management technology, and provides a more robust application of threat intelligence to help defenders stay ahead of the latest threats.
“We have advanced capabilities around threat intelligence that are highly integrated into our Chronicle SecOps platform. Our SOCs and analysts love the orchestration capabilities that can enrich their data and provide additional context to it. You can prioritize that work and give it the attention it needs.” Bashar Abseid, CISO, Charles Schwab. “We view Google as an important partner that brings us a significant advantage in the fight against a regularly growing class of threats.”
An integrated platform born in the cloud
Chronicle Security Operations is designed to help organizations retain and analyze unfiltered data at the scale and speed of Google, enabling security teams to detect and investigate threats faster. It can take security teams too much time to find what’s truly relevant, so to stay ahead of threats, organizations need to go beyond just collecting data to making the information available for search and analysis. We recognize that we may face shortages.
New integrated experience for Chronicle SIEM and Chronicle SOAR provides rich context and makes it easy to pivot between alerts, cases, investigations, and playbooks in a single console for a more streamlined and unified TDIR experience . All Chronicle SecOps alerts are grouped into one case, consolidating related alerts and providing access to related functionality for security teams to make quick decisions.
Proactive threat detection with applied threat intelligence
To defend against modern threats, a modern security operations platform must be infused with a deep understanding of modern threats and have the ability to apply this intelligence to each customer’s unique environment.
We’re adding even more powerful capabilities and risk-based results to Chronicle Security Operations, enabling SecOps teams to be more proactive and stay ahead of potential threats. New Applied Threat Intelligence, available in preview, leverages Chronicle’s scalability to automatically enrich and contextualize every event with the latest information. Market-leading threat intelligence Eliminate blind spots and ultimately detect more threats with solutions from Google Cloud, Mandiant, and VirusTotal. Use AI and machine learning to prioritize threats based on each customer’s unique environment, allowing security teams to focus on addressing the threats that matter most. Additionally, all relevant events in Chronicle SecOps that match threat indicators are instantly enriched with threat actor, threat campaign, or malware family associations that can be used for custom searches and detections.
We’ve also made it possible to view breach analysis results directly in the Chronicle SecOps console. Breach Analytics continuously analyzes a customer’s Chronicle SecOps data and notifies them within minutes of new attacker techniques discovered by Mandiant Incident Response activities. This allows organizations to take proactive action in near real-time to minimize the impact of a breach. Chronicle SecOps Breach Analysis is now available in public preview.
our integration Mandiant Attack Surface Management (ASM) is now generally available to all Chronicle SecOps customers, enabling customers to continuously identify and verify exploitable entry points into their organizations. ASM integration helps connect and enhance investigations with context and understanding of business risks, allowing SecOps teams to prioritize investigation and remediation efforts based on exposures with the highest potential impact. .
Productivity powered by AI
Chronicle Security Operations reduces the effort caused by complex and disparate tools and helps security teams usher in a new era of productivity. Leveraging Google’s continued innovation in generative AI and security-specific foundational models, Duet AI Chronicle’s SecOps transforms how cyber defenders detect, investigate, and respond to threats by simplifying search, complex data analysis, and threat detection engineering, reducing effort and increasing effectiveness for each defender. can do.
With Duet AI, Chronicle SecOps can automatically provide a clear overview of what’s happening in a case, provide context and guidance on key threats, and provide recommendations on how to respond. Duet AI also powers Chronicle’s new natural language search. Defenders can enter a question in natural language, and Chronicle SecOps generates a query from that statement and presents a fully mapped syntax for searching, allowing them to quickly narrow down and iterate on results.
While AI presents a huge opportunity to improve talent, we know that many organizations still need help when it comes to advanced skill sets.Recently announced additions Mandiant Hunt for Chronicles, we can provide you with continuous threat hunting from Mandiant’s experts. It combines the latest insights into attacker behavior from Mandiant’s front-line experts with Chronicle’s powerful capabilities to quickly analyze and search security data. Mandiant Hunt for Chronicle SecOps helps organizations close skills gaps and gain elite-level support without the burden of hiring, tools, and training.
Mandiant also offers a rich portfolio of Chronicle-enabled products. service We help you before, during, and after a cyber incident, including purple teaming and cyber defense transformation.
We are excited about the new capabilities of our unified Chronicle Security Operations platform and the outcomes it can deliver for cyber defense teams across all industries. If you would like to learn more please visit: chronicle.security or inquiry Schedule time with one of our experts.
chris code
Director of Security Operations Product Management
Nimmy Reichenberg
Head of Security Operations Product Marketing