Google Cloud on Monday announced a series of new security capabilities, including a new way to detect threats with Chronicle’s security analytics platform. The new security tools line up with Google Cloud’s broader efforts to cater to enterprise customers.
Chronicle, a cybersecurity company hatched from Alphabet’s moonshot X unit, was folded into Google Cloud last year. Now, customers using Chronicle’s security analytics platform will be able to detect threats using YARA-L, a new rules language built specifically for modern threats and behaviors.
YARA is a widely used, open source language for writing rules to detect malware. The Chronicle team created this new version to apply to security logs and other telemetry, like EDR data and network traffic. YARA-L (L for logs) allows security analysts to write rules better suited for detecting the types of modern threats described in Mitre ATT&CK (a platform that organizes and categorizes the types of tactics and techniques used by bad actors). The new threat detection offering, Google says, allows for massively scalable, real-time and retroactive rule execution.
Additionally, Chronicle is introducing a new data structure that combines a new data model with the ability to automatically link multiple events into a single timeline. For example, the new data structure could automatically link seemingly disparate actions from an employee — such as receiving an email with a link, logging into a fake web page, and downloading a malware file to their machine. Typically, after a data breach, a security analyst would have to manually collect the logs from each of these three actions and determine if they were related.
Palo Alto Networks Cortex XSOAR is the first Google Cloud partner integrating with this new structure.
Google is also bringing into general availability its Web Risk API and reCAPTCHA Enterprise services, which help organizations protect user accounts from fraudulent activities on the web. The reCAPTCHA Enterprise service helps protect against activities like scraping, credential misuse, and automated account creation. Meanwhile, Web Risk API helps an organization identify known bad sites, helps to warn users before they click bad links on an organization’s site, and it helps prevent users from posting links to known malicious pages.
Google Cloud, which recently disclosed its $10 billion annual revenue run rate, has taken other steps recently to step up its security capabilities. In December, the business announced new partnerships with cybersecurity firms.