As detection, investigation and response to cybersecurity threats becomes increasingly challenging, a modern, cloud-native, security operations suite is more vital than ever, argues Chris Corde from Google Cloud
Staying ahead of rising security threats and incidents are among the most vital discussions any organisation can have, yet too many alerts and shifting threat trends make security operations notoriously difficult. The recent mass pivot to remote and hybrid work, coupled with increasingly sophisticated threat actors, make threat detection more challenging, more data-intensive, and more important, than ever before.
The reality is that organisations are constantly under attack, business is changing rapidly, and technology continues to evolve. And past cyberthreat detection and response methods can’t rise to the challenge. SecOps teams need a different approach: a modern take on cyberthreat detection and response.
This is why we recently unveiled Chronicle Security Operations, a modern, cloud-born software suite that can better enable cybersecurity teams to detect, investigate, and respond to threats with the speed, scale, and intelligence of Google. It’s another step in our commitment to democratising security operations and providing better security outcomes for organisations of all sizes and levels of maturity.
Unifying security capabilities
Chronicle Security Operations brings together the capabilities that many security teams depend on to identify threats more quickly, and rapidly respond to them. It unifies Chronicle’s security information and event management (SIEM) technology, with the security orchestration, automation, and response (SOAR) solutions and threat intelligence from Google Cloud. The recently-completed Mandiant acquisition will add even more incident and exposure management and threat intelligence capabilities in the future.
Chronicle Security Operations can provide a more streamlined and integrated experience for security operations teams, including:
● Uniform look and feel across Chronicle’s SIEM and SOAR capabilities to deliver an integrated user experience.
● Single display that pulls together and presents the information about an entity from multiple relevant data sources, including VirusTotal and Google Cloud Threat Intelligence, to help provide context and enable faster decision making.
● Investigative pivots that enable analysts to switch between alerts and entities across Chronicle SIEM detections and Chronicle SOAR modules, which can enable faster investigations.
● Integrated alert management between Chronicle SIEM detections and Chronicle SOAR threat-centred case management, for a more streamlined investigation experience.
● Pre-packaged response playbooks to Google Cloud-based alerts surfaced by Security Command Center, which can speed up resolutions and reduce manual effort.
ABOUT THE AUTHOR
Chris Corde is Director of Product Management, Threat Detection & Response at Google Cloud.