Google Cloud has revealed a significant security upgrade

Google’s Chronicle security analytics tool has been updated to provide analysts with more context for each individual alert. 

The company hopes that this update means users should be able to track potentially hazardous situations faster, more precisely, and with less alert fatigue.

Announcing the news in a blog post, Google Product Architect Mike Hom, and Engineering Lead, Travis Lanham said the product is getting “context-aware detections”, “creating efficiencies in every step of a customer’s detection and response journey, starting by making alerts more functionally enabled”.

TechRadar needs you!

We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.

>> Click here to start the survey in a new window

Google Chronicle

Currently, to analyze (and contextually de-risk) a potentially hazardous Excel macro, a security analyst needs to take five steps, including doing a host lookup, identifying the host owner, and eventually, identifying if the user is likely to use a macro in their financial spreadsheet.

With context-aware detections, Google claims all the supporting information from authoritative sources, which include “telemetry, context, relationships, and vulnerabilities”, are all joined as part of a single detection event. 

The update also brings a couple of new capabilities to the battleground, including the ability to use risk scoring to prioritize threats, faster addressing of security alerts, and an enhanced fidelity of alerting.

Not only will things move faster now, but analysts will also suffer from less alert fatigue, a problem that’s exacerbated since the onslaught of the Covid-19 pandemic. 

Google did not mention a specific date when the new context-aware threat detection would be generally available, but it did say that the modules will “move towards general availability” in the coming months. 

Hom and Lanham added that there will also be a “steady release” of new detection capabilities, in the coming weeks and months.

Google’s new capabilities are being introduced on the heels of two acquisitions – Siemplify (security orchestration, automation, and response), and Mandiant (a cybersecurity firm offering threat intelligence, and incident response services, among other things).

Go to Source