In this post, we will share how customers can detect and respond to Log4j 2, and discuss solutions available to Chronicle customers to manage the risk of the Apache “Log4j 2” vulnerability (CVE-2021–44228 and CVE-2021–45046).
Sort: [object Object]
Google Chronicle and EMEA-based MSSP Hunt & Hackett have partnered to deliver advanced managed detection and response services.
This is a primer on how to effectively connect people, process and technology to minimize MTTD and MTTR.
What if your SOC were able to regulate and improve itself like your nervous system does? That's the goal of Autonomic Security Operations and its continuous detection and response loop, explains our Steve Meckl in the latest "Fastest Two Minutes in SecOps" episode.
In this episode of "Fastest Two Minutes in SecOps," Chronicle Security Specialist Rishalin Pillay breaks down the role of the SOC practitioner during an unfolding incident.
With today’s rapidly escalating threat landscape, it is important that our customers have access to all context across their entire IT stack while responding to malicious threats.
How can you succeed in the cloud’s new detection (and response) context, architect a more resilient cloud, keep SOC teams less frustrated and more upbeat, and most of all leverage the cloud to kickstart your security operations transformation? In this video, Herald boils down a very big conversation—cloud security—into something salient and actionable. Enjoy!
As you canvas the growing pool of MDR options, here are some worthy questions you can ask to see how they stack up in their ability address cloud threats, summarized from a recent episode of the Cloud Security Podcast from Google.
Today we’re excited to announce a brand new integration between Chronicle and Security Command Center, Google Cloud’s security and risk management platform.
Introducing a new paper conveying the value of Google Chronicle augmentation, designed for organizations experiencing detection and response blind spots, namely limited visibility into security telemetry, scalability challenges, and inconsistent response capabilities.
Since this is our first step in functions in Chronicle SIEM, we will provide a brief overview of them in general, with a focus on matching using regular expression functions.
Moving from manual to automated workflows within the context of detection and response is a naturally desired transition for SOC teams. But before you streamline, there are a few things to consider.
A brand-new Google Cloud Security video series launches, coverings all things security operations. The premier episode of "Fastest Two Minutes in SecOps" addresses top SOC challenges.
Ingesting and searching data is important, but if you cannot generate detection events, analysts are left with petabytes of data to search through without a specific focus or prioritization. John Stoner introduce you to Chronicle’s rules engine and explore the capabilities it provides.
Within the detailed 39-session "Secure" track, you can choose your own learning adventure. Three Google Next '22 talks, though, stand out as being especially pertinent to security operations professionals, the specialists tasked with detecting and responding to cyber threats across on-premises and cloud environments.
The "New to Chronicle" series recently introduced you to regular expressions to identify matches in events through the use of the re.regex function as well as using the forward slash notation around a string to compare it to a field. Now we show you how to build on top of those concepts.
Learn about everything related to threat detection, investigation and response in our Q1 2022 Google Cloud Security Talks.
In Part Two of our "threat hunting" episode, Google Cloud Principal Security Strategist John Stoner offers three approaches you can consider when jumping into a hunt and why having a strategy—including the day you start the hunt—matters.
Cloud applications and infrastructure are different to defend than on-premises environments. This new whitepaper will guide security operations teams through the distinctions, nuances, and opportunities presented by the cloud.
In this episode of “Fastest Two Minutes in SecOps,” Google Cloud Principal Security Strategist John Stoner introduces you to the benefits of hunting, and also offers words of caution for teams who may rush into the practice before other competencies of their detection and response are sufficiently built out.
In the latest episode of "Fastest Two Minutes in SecOps," Diaz tells security operations professionals everything they need to know about how ransomware is evolving and key pointers to consider in a detection and response strategy.
Security operations center roles and responsibilities are fairly straightforward, but distinct in their requirements.
This morning, Telefonica’s ElevenPaths announced its collaboration with Chronicle, to begin building new managed security services. MSSPs…
Many cybersecurity technologies and disciplines have maturity models, but there are limited frameworks for security operations teams assessing the growth of their SOAR deployment. Now we have one for you to use.
While remote work offers many benefits to companies, it presents special security challenges that are not present in traditional office environments. This post identifies those challenges, explains how they change the nature of cybersecurity requirements and offers tips on how to secure remote access.
Google Cloud Security’s OEM Partner Program accelerates technology partner innovation with Chronicle and VirusTotal capabilities.
Dear diary, it's all about location, location, location. And Chronicle's GeoIP functionality delivers a simple and powerful use case to drive context-rich alarms within the SOC and detect login compromises.
Today, we’re excited to announce that we’re bringing more industry-leading Google technology to security teams by integrating Chronicle with Looker and BigQuery.
We are excited to announce our new Chronicle MSSP Program, which will offer MSSPs around the world the ability to provide scalable, differentiated, and effective detection and response capabilities with our cloud-native SIEM product, Chronicle.
Google Cloud Security Summit happens Tuesday. Here is a look at what you can expect at the big virtual event for information security professionals.
Integrating SOAR into your SOC can increase efficiency and effectiveness by correlating alerts from disparate security devices, automating tasks, and providing playbooks for incident handling.
We compiled a cheat sheet of go-to Windows and Linux logs and and mapped them to key tactics and techniques of the MITRE ATT&CK framework.
It is with much excitement that we release a new paper about transforming your security operations, published under the Office of the CISO at Google Cloud.
This slick Google Cloud infographic illustrates how modern security operations centers are forging new and symbiotic connections within and outside the organization.
If you make the wise decision to augment your SIEM with Chronicle, here are three compelling use cases illustrated that will help you achieve affordability, scalability and better response.
One thing I did not expect to see in 2021 is a lot of people complaining about how difficult their SIEM is to operate. Let’s explore this topic for the (n+1)-th time.
In the cloud, are these new threats, or old and familiar threats against relatively new assets? What does the future potential hold for your adversaries? And what can your security operations team do to get ahead of this fast-moving landscape?
In this post, we will, however, attempt to provide insights on what a magic quadrant might look like for SOAR and what basis could be used for rating SOAR platforms.
Prevalence has been a core feature of the Chronicle Security Operations suite since its inception. It provides the capability to build a unique baseline of network accesses commonality, and is used by security analysts to quickly determine unusual or beaconing activity.
The Chronicle team is excited to release new SOC Prime detection rules, now available to use in the Chronicle Detect rules engine.
Charged with leading Google's internal Security Surveillance Team, Tim Nguyen oversees a massive throng of entry points and attack surface. He presents a rare look into how an internal security operations group prioritizes its mission.
The latest release of Siemplify SOAR sets you up with the building blocks you need—cloud infrastructure, automation, collaboration, and analytics—to take your response to the next level.
Introducing the Siemplify (now part of Google Cloud) MSSP SecOps Program, which is uniquely poised to offer customers a new way to think about the SOC—from insights to risk reduction to help with the maturity lifecycle for the enterprise.
Security information and event management (SIEM) tools are used to help enable just that—gathering critical machine-generated data, measuring threats, generating alerts and supporting IT security personnel with aggregations, charts and dashboards to highlight and prioritize events or deficiencies.
We’ve got more to talk about with rules, but today, we are going to take a break from rules and talk about search.
For our first diary entry we wanted to highlight key feature favorites this particular customer loved...
Modern detection for modern threats...
Everything is replaceable...well except for Chronicle's replace function, a critical capability that takes a string, matches some or all of the string using a regular expression, and then replaces it with some other value. Let's dive in!
SOC training is an important way to not only make analysts better prepared to battle adversaries, but also to make them know leaders are investing in their skills and giving them an opportunity to grow. Here is how to get it right.
Discover how Chronicle provides native integrations for Google Workspace, a modern productivity and collaboration suite.
As part of the "New to Chronicle" series, our John Stoner walks you through Chronicle's unified data model schema and how it empowers your analysis and decision-making.
The "New to Chronicle" series carries on with another primer into rules, this one focusing on building multi-event rules to enhance your SIEM coverage.