Google’s Chronicle security analytics tool has been updated to provide analysts with more context for each individual alert.
The company hopes that this update means users should be able to track potentially hazardous situations faster, more precisely, and with less alert fatigue.
Announcing the news in a blog post, Google Product Architect Mike Hom, and Engineering Lead, Travis Lanham said the product is getting “context-aware detections”, “creating efficiencies in every step of a customer’s detection and response journey, starting by making alerts more functionally enabled”.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
Currently, to analyze (and contextually de-risk) a potentially hazardous Excel macro, a security analyst needs to take five steps, including doing a host lookup, identifying the host owner, and eventually, identifying if the user is likely to use a macro in their financial spreadsheet.
With context-aware detections, Google claims all the supporting information from authoritative sources, which include “telemetry, context, relationships, and vulnerabilities”, are all joined as part of a single detection event.
The update also brings a couple of new capabilities to the battleground, including the ability to use risk scoring to prioritize threats, faster addressing of security alerts, and an enhanced fidelity of alerting.
Not only will things move faster now, but analysts will also suffer from less alert fatigue, a problem that’s exacerbated since the onslaught of the Covid-19 pandemic.
Google did not mention a specific date when the new context-aware threat detection would be generally available, but it did say that the modules will “move towards general availability” in the coming months.
Hom and Lanham added that there will also be a “steady release” of new detection capabilities, in the coming weeks and months.
Google’s new capabilities are being introduced on the heels of two acquisitions - Siemplify (security orchestration, automation, and response), and Mandiant (a cybersecurity firm offering threat intelligence, and incident response services, among other things).
- Check out the best firewalls today
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.