In this article

Article written by Chris Corde, Director of Security Operations Product Management & Nimmy Reichenberg, Head of Security Operations Product Marketing, Google Cloud. 

At Google Cloud, our mission is to help organizations transform cybersecurity with frontline intelligence, expertise, and AI-powered innovation. Nowhere is this needed more than in security operations (SecOps), where understaffed and overwhelmed security teams struggle to defend against a threat landscape that is growing in volume and sophistication, often with tools that were designed in the pre-cloud era. 

We believe that successfully defending against modern threats requires modern thinking and modern solutions, which is why we've taken a fresh look at what threat detection, investigation, and response (TDIR) can be with Chronicle Security Operations. Following our Duet AI and threat-hunting announcements at Google Cloud Next, today we are excited to announce Chronicle's latest update, which unifies our SOAR and SIEM solutions, integrates attack surface management technology from Mandiant, and offers more robust application of threat intelligence to help defenders get ahead of the latest threats.

"We have advanced capabilities around threat intelligence that are highly integrated into the Chronicle SecOps platform. We like the orchestration capabilities that enable us to enrich the data and provide additional context to it, so our SOC and analysts are able to prioritize that work and respond with the attention that is needed." said Bashar Abouseido, CISO, Charles Schwab. "We look at Google as a critical partner that will help us bring quite a bit of advantage in the fight that we have against the type of threats that we deal with that continue to expand on a regular basis." 



A unified cloud-born platform

Chronicle Security Operations is designed to allow organizations to retain and analyze unfiltered data at Google scale and speed, enabling security teams to more quickly detect and investigate threats faster. We recognize that for organizations to remain ahead of threats, they must go beyond just collecting data, as it can take security teams far too long to find what's truly relevant, or they face gaps in the information that's available to search and analyze. 

With our new consolidated experience for Chronicle SIEM and Chronicle SOAR, we can better provide rich context and easy pivoting between alerts, cases, investigations, and playbooks in a single console, for a more streamlined and integrated TDIR experience. Every alert in Chronicle SecOps is now grouped into a case to consolidate related alerts and provide access to relevant enrichment to help security teams make quicker decisions.

Detecting threats proactively with applied threat intelligence

To defend against modern threats, a modern security operations platform needs to be infused with a deep understanding of the latest threats, and possess the ability to apply this intelligence to each customer's unique environment. 

We are adding even more powerful capabilities and risk-based outcomes to Chronicle Security Operations, enabling SecOps teams to become more proactive and get ahead of potential threats. Our new Applied Threat Intelligence, available in preview, leverages Chronicle's scalability to automatically enrich and contextualize every event with the latest, market-leading threat intelligence from Google Cloud, Mandiant, and VirusTotal, to help eliminate blindspots and ultimately detect more threats. It uses AI and machine learning to prioritize threats based on each customer's unique environment, which can help security teams focus on addressing the most critical threats. In addition, every relevant event in Chronicle SecOps that matches a threat indicator will be instantly enriched with threat actor, threat campaign, or malware family associations that can be used for custom searches or detections.

We have also made breach analytics findings viewable directly in the Chronicle SecOps console. Breach analytics continuously analyzes customers' Chronicle SecOps data and notifies them of new and novel attacker techniques discovered by Mandiant Incident Response engagements within minutes. This enables organizations to proactively take action in near real-time and minimize the impact of a breach. Breach analytics in Chronicle SecOps is now available in public preview. 

Our integration with Mandiant Attack Surface Management (ASM), now generally available to all Chronicle SecOps customers, can enable customers to continuously identify and validate exploitable entry points into their organization. ASM integration can help correlate and enrich investigations with context and an understanding of business risk, and allows the SecOps team to prioritize investigation and remediation efforts based on the exposures that have the most potential impact.

AI-augmented productivity

Chronicle Security Operations can help usher in a new era of productivity for security teams, removing the toil created by complex, disparate tools. Leveraging Google's continuous innovations in generative AI and security-specific foundation models, Duet AI in Chronicle SecOps can help transform threat detection, investigation, and response for cyber defenders by simplifying search, complex data analysis, and threat detection engineering, to help reduce toil and elevate the effectiveness of each defender. 

With Duet AI, Chronicle SecOps can automatically provide a clear summary of what's happening in cases, give context and guidance on important threats, and offer recommendations for how to respond. Duet AI also powers Chronicle's new natural language search. Defenders can enter questions in natural language, and Chronicle SecOps will generate the query from their statement, present a fully mapped syntax for search, and make it possible for you to quickly refine and iterate on results.

AI presents a huge opportunity to elevate talent, but we understand that many organizations will still require help when it comes to advanced skill sets.  We recently announced the addition of Mandiant Hunt for Chronicle, which can provide continuous threat hunting by Mandiant experts. It integrates the latest insights into attacker behavior from Mandiant's frontline experts with Chronicle's powerful ability to quickly analyze and search security data. Mandiant Hunt for Chronicle SecOps can help organizations close the skills gap and gain elite-level support without the burden of hiring, tooling, and training. 

Mandiant also offers a rich portfolio of Chronicle-ready services to assist customers before, during, and after a cyber incident including purple teaming and cyberdefense transformation.

We're excited about the new capabilities in the unified Chronicle Security Operations platform and the outcomes they can help deliver to cyber defense teams across every industry. 


Learn more about Google Cloud & Security Operations Contact a WWT Expert