Google Cloud adaugă la Chronicle detectarea organizată

Organizațiile sunt
increasingly relying on threat intelligence data to understand the sheer volume
and complexity of security threats. On that note, Google Cloud has announced the general availability of the “curated detection” capability for its Chronicle
security analysis platform to give organizations insights into the latest
security threats.

Noul
feature, as part of the Chronicle SecOps Suite, pipes Google’s own threat
intelligence data into an automated detection service that provides security
teams with up-to-date insights on cloud threats — such as attacks against
cloud systems, attempts to exfiltrate data, and misconfigured systems — and Windows-based
attacks — such as ransomware, remote-access tools, information stealers,
data exfiltration, suspicious activity, and misconfigurations.

The service provides security
teams with “high quality, actionable, out-of-the-box threat detection content
curated, built, and maintained by the Google Cloud Threat Intelligence team,” said Benjamin Chang, a Google Cloud software engineer. “By surfacing impactful, high-efficacy detections, Chronicle can enable analysts to spend time responding to actual threats and reduce alert fatigue.”

Informatia
from the detection service can be integrated with authoritative data sources, such as from the organization’s identity access management (IAM) systems and
configuration management databases, to give security teams more context. Customers who used curated detections
during public preview were able to detect malicious activity and take actions
to prevent threats earlier in their life cycle, Chang said.

Microsoft provides similar capabilities via Microsoft
Santinelă. Security teams are understaffed and overstressed, trying to keep
up with an evolving threat landscape and managing the growing volume of alerts. Through these partnerships security
teams have a shot at quickly identifying, investigating, and responding to threats.