Google Chronicle is a next-gen cloud SIEM solution, built from Google search engine infrastructure. Chronicle is able to normalize, index, correlate, and analyze data against itself and against third-party information to provide instant analysis and context in record speeds.
Datashield has partnered with Google to provide a cloud-native managed detection and response service. Learn more about our innovative solution here.
Today's blog focuses on Chronicle's recent SANS webcast titled: Rethinking Security Detection in an XDR World. You can watch the entire hour-long webinar on-demand here.
What is XDR?
You may have heard of XDR in passing, but this buzzword is certainly buzz-worthy. XDR stands for Extended Detection and Response.
XDR is the expansion, and extension of Endpoint Detection and Response (EDR). It is defined as a cloud-based approach to security that looks at threats and vulnerabilities outside the endpoint and log data.
As businesses expand their networks, cloud operations, and add IoT and OT technologies, XDR will be more important than ever.
Anton Chuvakin, Security Solutions at Google Cloud Security, explained that his original definition of EDR is based on SIEM and log ingestion, but has evolved into XDR.
While a traditional SIEM approach is still appropriate for many organizations, Chuvakin emphasized the improvement in endpoint agent data.
And this doesn't mean that log ingestion is unnecessary. Chuvakin explained that logs are still essential to the security triad.
Modern XDR vs Classic SIEM Approach
To further explain the XDR security approach versus the classic SIEM strategy, Chuvakin compared the two methodologies:
Modern XDR | Classic SIEM |
Deeper visibility | Too voluminous |
Higher quality data | Mixed quality data |
Improved detection | Too expensive to scale and run |
Response automation | Too manual |
Modern Security Analytics: Key Expectations
When considering a next generation XDR security strategy, make sure your platform can provide the following:
- High quality, enriched data: Data collected should not only be complete and historical, but enriched with threat intelligence, visualization, and timelines.
- Deeper threat intel matching: Continuous, retrospective analysis of telemetry vs threat intelligence
- Modern threat detection: Using updated approaches to threat detection language like YARA-L
- Hunt at lightning speed: Subsecond speeds to search incredible amounts of data
- Self-manageable: Unlimited scale out capabilities
- Disruptive economics: Full security telemetry retention and analysis at a fixed, predictable cost.
Chronicle for XDR
Google Chronicle is able to work within the new XDR approach. Chronicle's ability to take endpoint and log data and provide deep contextualization and the latest threat intelligence mean looking beyond the endpoint. Associating files, links and other assets to a indicator of compromise can cut down on response time and aid in vulnerability management.
Additionally, Chronicle's ability to use modern YARA-L language, search petabytes in less than a second, visualize data, and mapped to the MITRE ATT&CK framework makes it a leading cloud security solution.
The Datashield Advantage
Datashield has been providing best-in-class managed detection and response services for over a decade. Our newest cloud-native solution with Chronicle is a continuation of our dedication to providing white glove consultative services with world-class results.
We have assisted our clients in using cloud-native solutions for a hybrid or complete cloud architecture. Choosing an MSSP with a consultative approach will ensure your organization picks the solution that best fits your business operations and future goals.
Partnering with Google gives our talented team of security engineers and analysts access to unparalleled threat intelligence and forensic abilities within our clients’ networks. Queries are speedy and increase efficiency. Chronicle and Datashield are also aligned with the MITRE ATT&CK framework.
If your organization is considering Google Chronicle, contact us for a no-cost consultation to see if Datashield is right for you.
We have experience migrating, building from scratch and hybridizing cloud security as well as serving as a complete outsourced SOC or co-managed environment.