Google is launching the general availability of curated detections as part of its Chronicle SecOps Suite to help organizations detect sophisticated attacks and make up for the shortage of cybersecurity talent.
According to the company, the detections are built by the Google Cloud Threat Intelligence team and are actively maintained to reduce manual toil in security teams. The detections are designed to give security teams “high quality, actionable, out-of-the-box threat detection content” that is curated, built and maintained by Google researchers.
Touting the company’s security knowledge from securing “billions of users” every day, Google says it has a unique vantage point to craft native detections that cover a wide-variety of threats for the cloud and beyond, including Windows-based attacks like ransomware, remote-access tools, infostealers, data exfiltration, suspicious activity and weak configurations.
For organizations with understaffed and overstressed security teams, this release can help them stay up to date on attack trends and identify sophisticated threats and quickly respond. In addition, Google says the curated detections in Chronicle SecOps can help operationalize security with detections and context from authoritative sources.
Organizations can also map detection coverage to the MITRE ATT&CK framework to better understand adversary tactics and techniques and uncover potential gaps in defenses, Google says in a blog.
The first release of curated detections covers two categories: Windows-based threats and cloud attacks and misconfigurations. In addition to coverage for ransomware, infostealers, remote access trojans, misused software and crypto activity, the release includes coverage for exfiltration of data and other vectors.
In a provided example, Google says analysts can use curated detections in Chronicle to learn more details around specific detections and understand how they map to the MITRE ATT&CK framework. There are also customized settings to configure deployment and alerting, and specify exceptions. Security professionals can see which rule has generated a detection against log data in Chronicle, and pivot to investigative views.
Authors of the blog, Benjamin Chang, a software engineer and Rick Correa, an engineering manager for Google Cloud Threat Intelligence, say these detections will help reduce alert fatigue and enable faster response times.
“Our customers who used curated detections during our public preview were able to detect malicious activity and take actions to prevent threats earlier in their lifecycle,” they said. “And there’s more to come. We will be delivering a steady release of new detection categories covering a wide variety of threats, community-driven content, and other out-of-the-box analytics.”
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply