Google Cloud on Wednesday announced the general availability of curated detections as part of Google’s Chronicle SecOps Suite.
In a blog post, Google Cloud said these detections are built by the company’s threat intelligence team and are actively maintained to reduce the manual toll on a customer’s security team.
This was viewed in the industry as a significant move because a critical component of any security operations team’s job is to deliver high-fidelity detections of potential threats across the breadth of adversary tactics.
But couple a growing, more sophisticated attack surface with the cybersecurity talent shortage and the task of managing detections has become more challenging for security teams. Some may lack the funds to staff a full security team, while others simply can’t find enough good people.
Threat detection for the cloud has become complicated, added Melinda Marks, a senior analyst at the Enterprise Strategy Group, because there’s a rapidly changing attack surface as a result of the ephemeral nature of resources being spun up and spun down on-demand across assets.
“Google is known for its ability to search through huge amounts of data to find meaningful results, and they can use their vantage point as a cloud provider to tie information together on the latest threats along customer exposure, aka whether valuable data is exposed and accessible, to help organizations accelerate investigation and response,” Marks said.
Davis McCarthy, principal security researcher at Valtix, added that alert fatigue impacts the effectiveness of security teams, both large and small. McCarthy said a suite of actionable detections helps create the layered defenses so many organizations fail to maintain.
“Because the detections come from Google, users benefit from having an experienced threat intelligence team working in their environment,” McCarthy said. “This kind of proactive security is normally only achieved by mature organizations with a mature budget.”
Frank Dickson, who covers security and trust at IDC, said the staffing crisis has become the most significant problem that we are trying to address in the security industry. Dickson said we cannot find enough qualified cybersecurity professionals and cannot retain them. "It is brutal," he said.
“Google’s announcement of curated detections is exactly appropriate for cybersecurity today,” Dickson said. “The goal is to get from alert to accurate detection to remediation as fast as possible. By proactively enhancing alerts with context and analytics, Google accelerates the rate at which security professionals can create secure outcomes. Secure outcomes, after all, is the goal.”