In a bid to help healthcare organizations defend themselves from threats, Google Cloud announced it will be integrating the healthcare threat intelligence feed with its Chronicle platform.
Healthcare and life sciences organizations connect and share threat intelligence as part of the Health Information Sharing and Analysis Center (Health-ISAC). Members share threat indicators – forensic artifacts such as suspicious files, URLs, email addresses, network addresses, sampled traffic, and activity logs – through the Health-ISAC Indicator Threat Sharing (HITS) feed. The crowd-sourced approach allows other members to use the shared information to investigate whether the same threats are present in their environment and update defenses as needed.
HITS shares cyber threat intelligence through machine-to-machine automation. Google Cloud security engineers worked with Health-ISAC Threat Operations Center to develop an open sourced integration that connects HITS directly with the Chronicle Security Operations information and event management. This way, members can ingest the shared threat indicators into Chronicle and use that information to automate threat analysis decisions. There are setup instructions for STIX/TAXII feeds on GitHub.
"The integration with Chronicle can help Health-ISAC members discover threats more rapidly, and can also assist in evicting malicious actors from their infrastructure," Taylor Lehmann, director in the Office of the CISO, and Adam Licata, a product manager, said in the announcement.
The latest Chronicle integration is part of Google Cloud's investment as an Ambassador partner – a way for non-healthcare organizations to share experts (Google Cybersecurity Action Team) and resources (Threat Horizon Report) with the members of the ISAC.