Google Chronicle is a cloud-based SIEM that can work as a standalone product or as an extension to current on-prem architectures.
The same infrastructure for their global search engine, email, photo and enterprise services like G Suite and Cloud Platform also power the Chronicle security platform.
It also leverages Uppercase, their proprietary threat signal platform and provides access to VirusTotal, their high-speed malware detection and intelligence tool.
Datashield provides a cloud-native managed detection and response service utilizing Chronicle.
Scalability
From small to mid-market size to enterprise, Chronicle can handle an organization’s storage and processing needs. Its platform can scale to 100+ petabytes. Built on an unparalleled data infrastructure, Chronicle auto-scales storage, memory, I/O and more.
Built from the same core components that power their search engine, Chronicle gives the benefits of massive scaling at unbelievable speed.
Datashield Advantage: Security Engineers
Harnessing the power of Chronicle requires the expertise of experienced security engineers. Datashield has successfully helped existing and new clients move to hybrid and all-cloud security infrastructures.
Our comprehensive consultation process allows us to fully understand an organization’s operational needs and future scaling requirements.
Analytics
Leading security teams use Chronicle to ingest, index, correlate and utilize new telemetry—in seconds.
Forward data from any syslog source like a log aggregator, SIEM or by packet capture to Chronicle where you can start analyzing immediately.
Additionally, the platform allows for third-party cloud APIs like Office 365 and Azure AD.
All analytics are served to security teams via a simple browser-based application. Chronicle’s lighting speeds give analysts the ability to work with the most up-to-date data and activity within your organization at any given time.
Datashield Advantage: Full Packet Capture
Datashield can integrate multiple log and packet capture sources into Chronicle. Our cloud-native MDR solution works with ExtraHop for full packet capture to provide granular data needed for forensic investigation and network detection and response.
As a fully outsourced SOC or co-manager, our clients have the backing of our brightest security analysts and cutting-edge threat content team.
Integrations and Solutions
Google has its own proprietary tools that integrate seamlessly with the Chronicle platform.
VirusTotal
It makes sense that one of the world’s largest data collectors would also house one of the most advanced malware database and visualization tools. VirusTotal provides instant assessments from over 70 antivirus sources.
Search for malware in a google-like method with keywords or structured YARA queries to find samples relevant to an environment. Organizations also receive instant alerts when malware samples match criteria.
Enterprise Solution
VirusTotal offers premium services to enterprises using Chronicle. The enterprise solution features:
- VT Intelligence: A web platform with advanced elastic search features that provide a detailed contextual profile.
- VT Hunting: Use YARA with VirusTotal’s live samples as well as historical data to track evolution of threat actors or malware families.
- VT Graph: Explore VirusTotal visually to better understand connections between files, URLs, domains, IP addresses and other items in a forensic investigation. Synthesize the findings into a graph that can be shared with your security team or vendor.
- VT Monitor: Scan files regularly with the latest antivirus signature sets.
- VT Premium API: Get access to some restricted premium API not available on the free version. The premium interface has more endpoints (similarity search, clustering, behavioral information) and can return more rich information in searches.
Uppercase
Google’s Uppercase is a team of threat experts that enrich the Chronicle platform with global-scale threat intelligence.
With Uppercase, latent infections such as malware and other phishing attacks that have flown under the radar for years can be discovered. Uppercase also provides cover for emerging threats to enterprise infrastructure. This means the solution analyzes both historical security telemetry and emerging patterns to provide proactive solutions for dealing with threats.
Datashield Advantage: SHIELDVision
Datashield adds another layer of threat intelligence through our proprietary orchestration tool, SHIELDVision. All of our clients’ environments are used to correlate malicious activity and prevent attacks.
There is strength in numbers, so if one threat is found in a client environment, we are able to find and help patch the same vulnerability in other clients’ networks.
Google Chronicle + Datashield
Datashield has been providing best-in-class managed detection and response services for over a decade. Our newest cloud-native solution with Chronicle is a continuation of our dedication to providing white glove consultative services with world-class results.
We have assisted our clients in using cloud-native solutions for a hybrid or complete cloud architecture. Choosing an MSSP with a consultative approach will ensure your organization picks the solution that best fits your business operations and future goals.
Partnering with Google gives our talented team of security engineers and analysts access to unparalleled threat intelligence and forensic abilities within our clients’ networks. Queries are speedy and increase efficiency. Chronicle and Datashield are also aligned with the MITRE ATT&CK framework.
If your organization is considering Google Chronicle, contact us for a no-cost consultation to see if Datashield is right for you.
We have experience migrating, building from scratch and hybridizing cloud security as well as serving as a complete outsourced SOC or co-managed environment.