As part of its efforts to better cater to enterprise customers, Google Cloud has announced a number of new security capabilities including a new way to utilize Chronicle's security analytics platform to detect threats.
The cybersecurity company Chronicle may have started out as part of Alphabet's moonshot X unit but last year it was folded into Google Cloud. Now customers will be able to use the company's security analytics platform to detect threats using a new rules language called YARA-L which has been built specifically for modern threats and behaviors.
YARA is a popular, open source language used for writing rules to detect malware and the Chronicle team created a new version of it to apply to security logs and other telemetry such as EDR data and network traffic.
- Google Cloud is now able to store all your secrets
- Google Cloud reveals major restructuring plans
- Also check out the best cloud computing services
YARA-L provides security analysts with the ability to write rules which are better suited for detecting modern threats and according to Google, it allows for scalable, real-time and retroactive rule execution.
New data structure
Google Cloud also revealed that Chronicle is introducing a new data structure which combines a new data model with the ability to automatically link multiple events into a single timeline. This will certainly make things easier for security analysts who will no longer have to manically collect logs following a security incident.
Palo Alto Networks Cortex XSOAR will be the first Google Cloud partner to integrate with this new structure and the firm's VP of Product Strategy, Rishi Bhargava explained how Chronicle's new detection capabilities have enhanced its response in a blog post (opens in new tab), saying:
“Cortex XSOAR offers automated enrichment, response and case management to enterprise-wide threats. The integration with Chronicle’s new detection capabilities and event timelines, across months or years of data, enhances that response and enables comprehensive threat management for our mutual customers.”
Additionally, Google is making its Web Risk API and reCAPTCHA Enterprise services generally available in an effort to help organizations protect user accounts from fraudulent activities online. The reCAPTCHA Enterprise service helps protect against scraping, credential misuse and automated account creation while the Web Risk API helps organizations identify known bad sites, warns users when they click on a bad link and prevents users from posting links to known malicious pages.
- Keep your devices protected with our top picks for the best antivirus software
Via ZDNet (opens in new tab)