News, news analysis, and commentary on the latest trends in cybersecurity technology.

Google Cloud Adds Curated Detection to Chronicle

The curated detection feature for Chronicle SecOps Suite provides security teams with actionable insights on cloud threats and Windows-based attacks from Google Cloud Threat Intelligence Team.

Dark Reading Staff, Dark Reading

August 18, 2022

1 Min Read
Points on a global connected by lines to show a network.
Source: Henrik5000 via iStockphoto

Organizations are increasingly relying on threat intelligence data to understand the sheer volume and complexity of security threats. On that note, Google Cloud has announced the general availability of the "curated detection" capability for its Chronicle security analysis platform to give organizations insights into the latest security threats.

The new feature, as part of the Chronicle SecOps Suite, pipes Google’s own threat intelligence data into an automated detection service that provides security teams with up-to-date insights on cloud threats -- such as attacks against cloud systems, attempts to exfiltrate data, and misconfigured systems -- and Windows-based attacks -- such as ransomware, remote-access tools, information stealers, data exfiltration, suspicious activity, and misconfigurations.

The service provides security teams with “high quality, actionable, out-of-the-box threat detection content curated, built, and maintained by the Google Cloud Threat Intelligence team," said Benjamin Chang, a Google Cloud software engineer. "By surfacing impactful, high-efficacy detections, Chronicle can enable analysts to spend time responding to actual threats and reduce alert fatigue."

The information from the detection service can be integrated with authoritative data sources, such as from the organization’s identity access management (IAM) systems and configuration management databases, to give security teams more context. Customers who used curated detections during public preview were able to detect malicious activity and take actions to prevent threats earlier in their life cycle, Chang said.

Microsoft provides similar capabilities via Microsoft Sentinel. Security teams are understaffed and overstressed, trying to keep up with an evolving threat landscape and managing the growing volume of alerts. Through these partnerships security teams have a shot at quickly identifying, investigating, and responding to threats.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights