Google launches threat detection tool Chronicle Detect
On September 23, 2020, Google and its subsidiary Chronicle announced the rollout of Chronicle Detect – a new automated threat detection tool. The product launched by the Internet giant aims to help companies scale up security monitoring for their legacy systems, according to SC Media. The solution is built on the Google Cloud Platform GCP infrastructure.
The Chronicle Detect came out after an increase in data storage and more sophisticated cyberattack tactics amid the spread of the Covid-19 pandemic. “2020 has introduced complex challenges for enterprise IT environments”, according to a statement published on Google Cloud blog.
Launched at the Google Cloud Security Talks 2020, the platform is considered a modern threat detection system. With its advanced capabilities, enterprises can uncover multi-event attacks in their systems such as a new email sender, according to the statement. With the support of the so-called YARA-L, a widely used detection language in the world, the platform allows users to use rules out-of-the-box or use their own rules.
“In legacy security systems, it’s difficult to run many rules in parallel and at scale — so even if detection is possible, it may be too late,” said Sunil Potti, Google’s General Manager and Vice President of Engineering, and Rick Caccia, Head of Marketing for Google’s Cloud Security team, in a joint release. Moreover, they added,” Most analytics tools use a data query language, making it difficult to write detection rules described in scenarios such as the Mitre ATT&CK framework. Finally, detections often require threat intelligence on attacker activity that many vendors simply don’t have.”
Chronicle Detect customers will have access to detection rules and indicators from the Chronicle’s threat research team – Uppercase. Google products make it easy to detect and fight cybercrime on a global scale. James Stinson, VP IT at Quanta Services, Inc. said, “As an early adopter, Quanta has benefited from Chronicle’s scale, performance and economic benefits in security investigations and threat hunting. We are excited to see Chronicle extend the Google advantage to threat detection with the launch of the Chronicle Detect backed by the Chronicle Uppercase research team”, according to the Google Cloud statement.
The platform isn’t the first threat-detection product on the market. However, being part of Google is one of its core strengths. Initially launched as part of Alphabet’s secretive X unit, the new startup company became part of Google Cloud 15 months ago. The Chronicle allows customers to analyze data stored anywhere else including on a third-party cloud provider, according to Venture Beat.