Highlights:

  • The service is tailored to tackle contemporary threats, emphasizing the need for innovative thinking and solutions.
  • Duet AI empowers Chronicle to offer automated case summaries, contextual insights on critical threats, and response recommendations.

Google LLC has just made an announcement on an update to its Google Cloud Chronicle security service. This update introduces the unified Chronicle Security Operations platform, which offers enhanced functionalities related to threat intelligence.

The SOAR (security orchestration, automation, and response), SIEM (security information and event management), and attack surface management technologies from Mandiant, Google’s threat intelligence division, are all combined into the Chronicle Security Operations platform. A more robust application of threat intelligence is intended to help defenders stay ahead of the most recent threats.

According to Google, the service was created to address contemporary threats, which calls for modern thinking and solutions. The Chronicle Security Operations platform enables businesses to store and process unfiltered data at large scale and high speed, enabling security teams to identify and research threats quickly.

The Chronicle Security Operations platform does not stop at data collection because security teams usually take too long to determine what is pertinent from data alone. According to Google, security teams can now quickly switch between alerts, cases, investigations, and playbooks in a single console thanks to the new combination of Chronicle SIEM and SOAR in the latest release.

A more streamlined and integrated experience for threat detection and incident response is said to be the end result. Each alert is put into a case to consolidate related alerts and give security teams access to pertinent enrichment to aid in making decisions more quickly.

Applied Threat Intelligence

Google is also enhancing Chronicle Security Operations with new features and risk-based outcomes to help security operations teams be more proactive and stay ahead of emerging threats.

In order to reduce blind spots and increase threat detection, the new Applied Threat Intelligence, which is currently in preview, makes use of the Chronicle’s scalability to automatically enrich and contextualize each event with threat intelligence from Google Cloud, Mandiant, and VirusTotal. The service prioritizes threats based on each distinct environment using artificial intelligence and machine learning.

Threat actors, threat campaigns, or malware family associations are instantly added to every pertinent event in Chronicle that matches a threat indicator and can be used for specialized searches or detections. Customers can now view breach analytics results in the Chronicle console, alerting them to new attacker techniques that Mandiant Incident Response engagements quickly identify.

Duet AI, a component of Chronicle Security Operations, has been added to help transform threat detection, investigation, and response for cyber defenders by streamlining complex data analysis, search, and threat detection engineering.

With the aid of Duet AI, the Chronicle is able to automatically provide a concise summary of what is happening in cases, provide context and advice on significant threats, and make suggestions for how to react. Defenders can type questions into Chronicle in natural language, and the search engine will generate a query from their statement, display a fully mapped syntax, and allow you to edit and iterate on the results quickly.