Google’s Chronicle security analytics tool has been updated to provide analysts with more context for each individual alert.
The company hopes that this update means users should be able to track potentially hazardous situations faster, more precisely, and with less alert fatigue.
Announcing the news in a blog post (opens in new tab), Google Product Architect Mike Hom, and Engineering Lead, Travis Lanham said the product is getting “context-aware detections”, “creating efficiencies in every step of a customer’s detection and response journey, starting by making alerts more functionally enabled”.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Currently, to analyze (and contextually de-risk) a potentially hazardous Excel macro, a security analyst needs to take five steps, including doing a host lookup, identifying the host owner, and eventually, identifying if the user is likely to use a macro in their financial spreadsheet.
With context-aware detections, Google claims all the supporting information from authoritative sources, which include “telemetry, context, relationships, and vulnerabilities”, are all joined as part of a single detection event.
The update also brings a couple of new capabilities to the battleground, including the ability to use risk scoring to prioritize threats, faster addressing of security alerts, and an enhanced fidelity of alerting.
Not only will things move faster now, but analysts will also suffer from less alert fatigue, a problem that’s exacerbated since the onslaught of the Covid-19 pandemic.
Google did not mention a specific date when the new context-aware threat detection would be generally available, but it did say that the modules will “move towards general availability” in the coming months.
> Humans don’t have to be cybersecurity’s weakest link (opens in new tab)
> Security teams are turning off alerts due to overload (opens in new tab)
> Google Alerts notifications have become a mess of scams and malware (opens in new tab)
Hom and Lanham added that there will also be a “steady release” of new detection capabilities, in the coming weeks and months.
Google’s new capabilities are being introduced on the heels of two acquisitions - Siemplify (security orchestration, automation, and response), and Mandiant (a cybersecurity firm offering threat intelligence, and incident response services, among other things).
- Check out the best firewalls (opens in new tab) today