Google Cloud has revealed a significant security upgrade

Image Credit: TechRadar (Image credit: Future)

Google’s Chronicle security analytics tool has been updated to provide analysts with more context for each individual alert.

The company hopes that this update means users should be able to track potentially hazardous situations faster, more precisely, and with less alert fatigue.

Announcing the news in a blog post, Google Product Architect Mike Hom, and Engineering Lead, Travis Lanham said the product is getting “context-aware detections”, “creating efficiencies in every step of a customer’s detection and response journey, starting by making alerts more functionally enabled”.

Google Chronicle

Currently, to analyze (and contextually de-risk) a potentially hazardous Excel macro, a security analyst needs to take five steps, including doing a host lookup, identifying the host owner, and eventually, identifying if the user is likely to use a macro in their financial spreadsheet.

With context-aware detections, Google claims all the supporting information from authoritative sources, which include “telemetry, context, relationships, and vulnerabilities”, are all joined as part of a single detection event.

The update also brings a couple of new capabilities to the battleground, including the ability to use risk scoring to prioritize threats, faster addressing of security alerts, and an enhanced fidelity of alerting.

Not only will things move faster now, but analysts will also suffer from less alert fatigue, a problem that’s exacerbated since the onslaught of the Covid-19 pandemic.

Google did not mention a specific date when the new context-aware threat detection would be generally available, but it did say that the modules will “move towards general availability” in the coming months.

> Humans don’t have to be cybersecurity’s weakest link

> Security teams are turning off alerts due to overload

> Google Alerts notifications have become a mess of scams and malware

Hom and Lanham added that there will also be a “steady release” of new detection capabilities, in the coming weeks and months.

Google’s new capabilities are being introduced on the heels of two acquisitions - Siemplify (security orchestration, automation, and response), and Mandiant (a cybersecurity firm offering threat intelligence, and incident response services, among other things).

Check out the best firewalls today

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.