Did you know that around 90% of all cyber attacks occur as a result of phishing? In 2022 alone, nearly 1 billion emails were exposed, affecting 1 in 5 internet users. It’s not just individuals who can fall foul of this type of threat; More than a third of UK businesses has reported suffering a cyber attack in the past 12 month.
It’s also claimed that data breaches cost businesses an average of $4.35 million annually, but the impact a data breach can have on a single business can often go far beyond financial damage.
Download the State of Cloud Threat Detection and Response Report
In this article, you’ll learn about the newest approach to threat detection and response from Google, also known as Chronicle, which has proven to reduce the time to completion for an investigation by 50%. This post also reveals how Appsbroker and its Security team work with the expertise of Google to protect businesses and their customers both in the workplace and at home.
What is Chronicle Security?
Chronicle Security is part of Google’s Security Operation Suite which offers Google speed, scale, and threat intelligence, while automating responses, so you can detect, investigate, and neutralise threats faster. It’s made of multiple modules, including Chronicle SIEM (Security Information and Event Management) and Chronicle SOAR (Security Orchestration, Automation and Response).
Chronicle is a cloud-native security operations suite developed by Google that allows enterprises to quickly and efficiently detect, investigate, and respond to modern, large-scale threats. It offers a cost-effective approach by using the most relevant security telemetry to combat threats. With Chronicle, organisations can perform modern threat detection at unprecedented speed, helping them stay ahead of the rapidly evolving security landscape. Overall, Chronicle provides enterprises with the tools they need to protect their infrastructure and data on threats from hostile actors.
What are the main benefits of using Chronicle Security?
Chronicle is a comprehensive solution designed to streamline the security operations process. It offers advanced detection authoring, rule writing, and context-aware detections out of the box, allowing organisations to improve analyst productivity and reduce the risk of threats faster. The platform also enables risk-based prioritisation of alerts, reducing the burden on analysts and improving their efficiency.
Another key benefit of Chronicle SIEM is its 1-year security telemetry retention, which enables compliance and retroactive threat hunting. This, combined with the platform’s 10x gains in Time to Investigate (TTI) a threat and enhanced analyst productivity, it provides significant business benefits adding up to a 3-6x reduction in total cost of ownership (TCO).
Chronicle SOAR offers up to 98% automation of Security teams Tier 1 tasks, reducing the workload on analysts and freeing up their time for more strategic initiatives. The platform can reduce analyst caseload by up to 80% and speed up response time by 10x, making it a valuable asset for organisations looking to optimise their SecOps function.
How Does Chronicle Security Work?
Because the solution is cloud native, powered by the scale of Google, the infrastructure enables organisations to ingest, analyse, and retain all their data for longer periods of time. That provides better visibility for security professionals and supports the detection and investigation of attacks as complex as possible. Chronicle Security Operations provides insights to data processing, search processes, playbooks, and key parts of SecOps functions.
Chronicle Security Operations offers a disruptive cost with predictable pricing that is decoupled from capacity, compute, and log source count, eliminating the trade-offs between cost and security. The platform provides sub-second search across petabytes of information, with contextual visualisations, powered by Google’s scale on knowledge for threat intelligence, making use of its automatic detections to streamline security operations.
Looking to safeguard or review SecOps for your business?
Our security team is on hand to help.
There’s a better way to automate mundane actions and build repeatable playbooks. Chronicle Security Operations gives companies a fully-fledged security orchestration with automation, and response (SOAR) capabilities, allowing the orchestration of hundreds of tools that can respond in minutes. Google’s security prowess, together with our expert support as partners we can redefine SecOps, implementing Google’s concept of Autonomic Security Operations (ASO) which can drive up to 10x SOC improvements. As Google Premier Partners, we ensure organisations achieve their desired security posture.
How does Chronicle help protect businesses from threats?
Chronicle uses Google’s Intelligent Data Fusion capabilities for investigating and detecting threats, by normalising data, this enables efficiencies across SOC processes in terms of speed, scale, and cost. The Prevalence Graph allows for the easy detection of anomalous events and threat investigation, while modern threat detection provides context-aware detections, simplified detection authoring, and alert prioritisation with risk scoring. With the ability to hunt at Google speed, subsecond searches against petabytes of data enable faster response times.
Additionally, self-managed services provide unlimited scale-out without customer tuning, sizing, or management. Chronicle’s SOAR product empowers security teams to respond to cyber threats quickly, utilising a unique threat-centric approach, playbook automation, and context-rich investigation. The goal is to enable security teams to respond to threats in minutes, freeing up valuable time and ensuring every security team member is informed, productive, and effective.
How do you Set Up and Use Chronicle Security?
Our Chronicle implementation and onboarding approach outlines the various services offered by Appsbroker. We offer a range of services to assist organisations with the successful deployment and adoption of Chronicle in line with our security posture services.
Our Agile delivery sessions aim to ensure team alignment, remove obstacles, and ensure project progress. The use case design sessions aim to align business use cases to Chronicle use cases to derive maximum value and impact from the platform.
We run the initial setup of Chronicle, ensuring that security and permissions best practices are followed. And we develop rules and implement automated playbooks in Chronicle to respond to security incidents and events per the specifications defined in the use case design documents.
Overall, Appsbroker offers comprehensive services to ensure the successful implementation and adoption of Chronicle, thereby improving your organisation’s security posture.
What are the best practices for leveraging Chronicle on Google Cloud?
Appsbroker is one of the largest Google Cloud-only Agile Systems Integrators (ASIs) and Managed Services Providers (MSPs) in EMEA. We deliver digital transformation in weeks, not years for some of the world’s leading organisations.
We have a team of professionals specialising in Google, experienced in delivering Enterprise class security solutions for the Cloud, we work along our customer’s team by empower them to make informed decisions on Security, Risk and Compliance for the Cloud. We make use of agile delivery practices, unblocking deployment, promoting secure delivery with augmented teams and coaching to independence.
Our Security posture review reveals the implementation roadmap, we build on a foundation of Zero Trust “Trust nothing, Verify Everything”. We embed the security requirements identified, automating everywhere possible.
How can Chronicle help you get better visibility and control?
Chronicle alleviates the concerns about security operations, cost and scale of SecOps and threat detection coverage. Chronicle will provide sufficient visibility into the threat environment. In terms of how long organisations retain their security telemetry, Chronicle provides the value of retaining data for one year at no additional cost, from multiple endpoints.
A single pane of glass visibility into Cloud security is a major feature, making it easier to implement SOC practices. Multi-cloud is also a covered scenario, allowing for the same security approach across all estates. The reporting functionality uses advanced dashboarding that sifts through petabytes of information, providing powerful contextual visualisations for faster and better decision-making.
How do you manage your data and keep it secure with Chronicle Security?
Google allows Chronicle to processe customer data security by receiving it through an internal data forwarding service or secure protocol, encrypting it while in transit, and storing it in a cloud service in an encrypted form. The data is logically segregated and accessed by the customer only, as well as a limited number of Google personnel as needed. The data is then parsed, validated, indexed, and checked against third-party feeds and internal threat analytics tools.
The parsed and indexed data is stored in an encrypted form within each account, and customers can log in to search and review their security data. Chronicle also searches for matches between the security data and the VirusTotal malware database and displays information in the event view.
Further reading: The Appsbroker Security Case Studies
Summary: Why Should You Use Chronicle Security on Google Cloud?
It’s interesting to note that Chronicle SIEM offers a unified view of security threats by consolidating and enriching security telemetry onto a single timeline. It provides actionable threat information quickly by combining data with Google threat intelligence and flexible rules. Context-aware detections help to write better detections, prioritise existing alerts, and drive investigations faster. It only escalates critical threats with scoring based on contextual vulnerability and business risk.
It offers security for Google Cloud workloads by integrating Security Command Center findings, BeyondCorp smart access decisions, queries in BigQuery, Looker dashboards, reCAPTCHA end-user phishing and fraud alerts, and Google Workspace logs. The automated, continuous, retroactive IoC matching allows instant correlation of indicators of compromise against a full year of security telemetry. Chronicle is FedRAMP Moderate ATO compliant.
Chronicle SOAR combines playbook automation, case management, and integrated threat intelligence to enable modern, fast, and effective response to cyber threats. It unites context with a threat-centric approach, empowering analysts to quickly focus on what’s important. It is designed for fast initial time-to-value and ease of scaling, with pre-packaged use cases, an intuitive playbook builder, and powerful playbook lifecycle management. Chronicle SOAR captures security operations insights consistently, enabling security teams to consolidate and easily see the scope of activities, generate insights that drive improvement, and measure progress over time.