Staying ahead of rising security threats and incidents are among the most vital discussions any organization can have, yet too many alerts and shifting threat trends make security operations notoriously difficult. The recent mass pivot to remote and hybrid work, coupled with increasingly sophisticated threat actors, make threat detection more challenging and more data intensive — and more important — than ever before.
This is why today at Google Cloud Next we unveiled Chronicle Security Operations, a modern, cloud-born software suite that can better enable cybersecurity teams to detect, investigate, and respond to threats with the speed, scale, and intelligence of Google. It’s another step in our commitment to democratizing security operations and providing better security outcomes for organizations of all sizes and levels of expertise.
Chronicle Security Operations brings together the capabilities that many security teams depend on to more quickly identify threats and rapidly respond to them. It unifies Chronicle’s security information and event management (SIEM) tech, with the security orchestration, automation, and response (SOAR) solutions from our Siemplify acquisition and threat intelligence from Google Cloud. The recently-completed Mandiant acquisition will add even more incident and exposure management and threat intelligence capabilities in the future.
Moving forward, all security operations software will come under the Chronicle brand. The Siemplify brand will be replaced with Chronicle SOAR, and security analytics capabilities of the suite will be named Chronicle SIEM.
Now in Preview, Chronicle Security Operations can provide a more streamlined and integrated experience for security operations teams, including:
Uniform look and feel across Chronicle’s SIEM and SOAR capabilities to deliver an integrated user experience
Single display that pulls together and presents the information about an entity from multiple relevant data sources, including VirusTotal and Google Cloud Threat Intelligence, to help provide context and enable faster decision making
Investigative pivots that enable analysts to switch between alerts and entities across Chronicle SIEM detections and Chronicle SOAR modules, which can enable faster investigations
Integrated alert management between Chronicle SIEM detections and Chronicle SOAR threat-centered case management, for a more streamlined investigation experience
Pre-packaged response playbooks to Google Cloud-based alerts surfaced by Security Command Center, which can speed up resolutions and reduce manual effort
Security operations with the power of Google Cloud
Since security operations teams are increasingly reliant on data and automation, our expertise in analyzing, searching, and finding context in data at scale uniquely positions us to help organizations transform threat and incident detection and response.
Gartner® Research stated in its Hype Cycle for Security Operations report1 from July that, “The need for more scale of compute and storage is the primary driver for most modern SIEMs to be delivered on a cloud platform as a service. SaaS SIEM solutions in the cloud transfer the platform and infrastructure maintenance to the vendor, and allow more predictable linear budgeting for growth.”
For Google Cloud customer Vertiv, Chronicle Security Operations is an essential part of their security practice. Mike Orosz, the company’s chief information security officer stated, “With Chronicle, we no longer have to make the tough decisions around which data we can afford to log and how little retention we can live with. Insufficient security event monitoring is a thing of the past, and there is no better time than now to align to best practices.”
Chronicle Security Operations can deliver the intelligence, speed, and scale that modern security teams require to succeed in today’s threat landscape, with capabilities that include:
Cloud-scale data: By leveraging Google Cloud’s hyper-scalable infrastructure, security teams can analyze security telemetry and retain that data much longer than the industry standard at a price point that’s fixed and predictable.
At your fingertips: Sub-second search across petabytes of information can be as easy as running a Google search. Chronicle delivers threat-centered case management for simpler investigation and can surface the most relevant context to encourage consistently good decisions, which can enable teams to speed up investigation and response.
With frontline intelligence: We help democratize security operations with Google Cloud’s expertise and best practices. Curated detections leverage Google Cloud’s insights and threat intelligence gathered from protecting our billions of users so that organizations can focus their scarce expert resources on the unique security challenges that they face.
Automated response: Pre-packaged playbooks guide and automate responses to common security threats such as phishing and malware. Custom playbooks which can orchestrate hundreds of tools across security and IT can be built from a simple drag and drop interface.
Chronicle Security Operation’s ease-of-use is helping organizations like financial technology company Jack Henry effectively scale security. “As we work to reduce the toil and increase the agility of our cybersecurity fusion center, Chronicle Security Operations delivers the scale, speed, and intelligence we need to improve our security on Google Cloud and beyond,” said Yonesy Nunez, chief information security officer at Jack Henry.
How to get started?
If you’re ready to take your security operations to a new level, and put Google’s speed, scale and intelligence to work in your security operations center, visit chronicle.security to learn more or contact Google Cloud sales.
1. Gartner, Hype Cycle for Security Operations, 2022, Andrew Davies, July 2022. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Cloud BlogRead More