Google Cloud wants to help you detect security threats

(Image credit: Shutterstock)

As part of its efforts to better cater to enterprise customers, Google Cloud has announced a number of new security capabilities including a new way to utilize Chronicle's security analytics platform to detect threats.

The cybersecurity company Chronicle may have started out as part of Alphabet's moonshot X unit but last year it was folded into Google Cloud. Now customers will be able to use the company's security analytics platform to detect threats using a new rules language called YARA-L which has been built specifically for modern threats and behaviors.

YARA is a popular, open source language used for writing rules to detect malware and the Chronicle team created a new version of it to apply to security logs and other telemetry such as EDR data and network traffic. 

YARA-L provides security analysts with the ability to write rules which are better suited for detecting modern threats and according to Google, it allows for scalable, real-time and retroactive rule execution.

New data structure

Google Cloud also revealed that Chronicle is introducing a new data structure which combines a new data model with the ability to automatically link multiple events into a single timeline. This will certainly make things easier for security analysts who will no longer have to manically collect logs following a security incident.

Palo Alto Networks Cortex XSOAR will be the first Google Cloud partner to integrate with this new structure and the firm's VP of Product Strategy, Rishi Bhargava explained how Chronicle's new detection capabilities have enhanced its response in a blog post, saying:

“Cortex XSOAR offers automated enrichment, response and case management to enterprise-wide threats. The integration with Chronicle’s new detection capabilities and event timelines, across months or years of data, enhances that response and enables comprehensive threat management for our mutual customers.”

Additionally, Google is making its Web Risk API and reCAPTCHA Enterprise services generally available in an effort to help organizations protect user accounts from fraudulent activities online. The reCAPTCHA Enterprise service helps protect against scraping, credential misuse and automated account creation while the Web Risk API helps organizations identify known bad sites, warns users when they click on a bad link and prevents users from posting links to known malicious pages.

  • Keep your devices protected with our top picks for the best antivirus software

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.