Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Contact us Visit the contact us page
Chronicle Return to the Chronicle homepage
Security Operations Platform arrow_forward expand_more
Security Operations Platform

Explore the Security Operations Platform for the modern SOC.

Security Operations Platform
Overview Detect, investigate, and respond to cyber threats with speed, scale, and precision.
Detect Detect threats with confidence by storing and analyzing all your security telemetry at Google scale.
Investigate Get faster insights with context and depth of investigation to stay ahead of the latest breaches.
Respond Orchestrate tools, build automation, and collaborate with ease to respond in minutes.
Solutions arrow_forward expand_more
Solutions

Reimagine your security operations with affordable solutions.

Solutions
Mandiant Hunt for Chronicle Uncover hidden attacks with elite threat hunters by your side.
SOC Modernization Protect your organization against modern-day threats.
Cloud detection & response Improve investigation and response to cloud-based threats.
Service providers Attract new customers and keep existing ones coming back.
Chronicle CyberShield Helping Governments Defend Against Modern Threats
Why Chronicle arrow_forward expand_more
Why Chronicle

Rely on a modern approach to threat detection and response.

Why Chronicle
How we’re different Add Google speed, scale and intelligence to your SOC.
Our customers Discover how modern security teams use Chronicle.
Partners arrow_forward expand_more
Partners

We work together with our partners to help our customers protect themselves.

Partners
Overview Through product integrations and security expertise, together we bring more effective solutions to market.
Solutions for Small to Mid-Sized Business Expert resources for organizations with up to 2000 employees
Resources arrow_forward expand_more
Resources

Get to know us better. Find out what we’ve learned, what’s new, and what’s next.

Resources
Blog Get an inside view of the digital security landscape.
Knowledge Base Sortable whitepapers, datasheets, videos, and more.
Community Join security pros sharing SecOps content and best practices
Mandiant Incident Response Visit the Mandiant Incident Response page
Support Visit the Google Cloud Support hub
Careers Browse open positions at Chronicle
IDC Study: Customers cite 407% ROI with Google Chronicle. Learn More IDC Study: Customers cite 407% ROI with Google Chronicle. .
How threat detection and incident response compare and contrast between cloud and on-premises
Dan Kaplan
Content Marketing, Google Cloud Security
December 7, 2022
Try Chronicle
Detect, investigate and respond to cyber threats with Google's cloud-native Security Operations Suite.
Contact us Contact us

While science still needs to progress and significant hurdles must be overcome, humans are undeniably closer than ever before to colonizing space, potentially only years away if you believe the most ambitious milestones for moon settlements.

If you were to join a lunar base tomorrow, you’d experience firsthand just how different the moon is than Earth —climate, size, and lifelessness to name a few. But if you can look past the moon’s low-gravity, dusty surface and its underground lava tubes (the latter are actually good for human colonization as they protect against harmful radiation … and those pesky space rocks), you might find a lot of things that remind you of home.

For example, the moon has a comparable axial tilt to Earth, and a landscape and day-night cycle that are not too dissimilar. Eventually, if enough people settled, society would take on a familiar look and feel as well. Homes and economies would emerge, and relationships would prosper.

When your organization enters the cloud, it may feel like the security team is on a rocky spacecraft to some alien planet, never to again experience life as they once knew it. (And why wouldn’t they feel this way? As more organizations take the cloud plunge, more attackers have become interested. According to a recent report, more than 80% of organizations have experienced a cloud security incident in the past year, from publicly exposed buckets to cryptocurrency mining.)

But, as you’ll find, the cloud doesn’t have to be some strange, uncomfortable place.

Differences

Yes, incidents will happen in the cloud. And many things about the experience will be different than you remember from on-premises detection and response, including:

The amount and types of telemetry that will be present

Cloud environments produce a boundless array of logs, including logs related to application and servers, APIs, and just about anything else running in the environment.

Your methods for collecting logs

Due to this high data volume, system logging requires specific methods and skills to extract insights. Plus, the assets that live there are often short-lived, making basic log collection more difficult.

You won’t be able to do everything yourself

The cloud introduces a “shared responsibility” model (which we believe is better served as a “shared fate” arrangement). This means you will need to lean on your cloud service provider during an investigation to acquire certain data.

Similarities

But before all the differences between cloud and on prem make you want to blast yourself into the cosmos, never to be seen or heard from again, let’s keep you grounded with some reasons how cloud security is similar to doing it the traditional way, including:

Your data still needs to be retained

Just because your logs or container images are living in the cloud doesn’t free them from legal scrutiny. This means your cloud data still needs to be preserved (keeping in mind the ephemeral nature of the cloud) so it can be normalized, correlated, and analyzed during an investigation.

The basics still pay off

From collecting evidence to drawing conclusions, your investigative techniques don’t change much in the cloud, and sound processes still rule the day. Of course, it’s difficult to probe what you don’t understand, so—like you do for your on-premises environment—understand how cloud technology works, how systems communicate, how code is pushed, and arguably most important of all, where critical data flows and the crown jewels live.

Every incident is still different

Lean into the fact that every security episode, no matter which environment it occurs in, whether on Earth or the moon—or on premises or in the cloud—will be different. And that’s OK. The key is how you have prepared for the inevitable event and how you react when it happens.

What can you do today to detect and respond more effectively in the cloud?

Your migration to the cloud is inevitable, if not already fully in progress or place. Here are some quick-hit reminders for how your security operations team can succeed in this new paradigm.

  • Baseline your environment and understand your security profile

  • Prepare logs and telemetry so you’re not caught unprepared

  • Conduct realistic red and blue team exercises to advance your skills

  • Make sure your security profile evolves to match your cloud environment

  • Get help from Google Cloud, including Chronicle and Mandiant

To learn more about how to detect and respond in the cloud, watch on demand this Google Cloud Next Session, featuring Anton Chuvakin of Google’s Office of the CISO and Mandiant CTO Marshall Heilman.

Let’s work together

Ready for Google-speed threat detection and response?

Contact us Visit the contact us page