Google Cloud’s Chronicle security announced that it’s releasing a new threat detection system named Chronicle Detect. It is a solution that will use Google’s existing infrastructure to enable enterprises to detect and identify threats rapidly on a larger scale.
The tech behind this operates on the next generation of Google’s rules engine, which is as fast as the speed of search.
Detect will give users data fusion that finds the events and puts them together to create a unified timeline, a rules engine that handles everyday events, and a language that describes the complicated threat behaviors.
The language of threat detection
The language in question is support for a variant of the YARA language, called YARA-L. That language gives users a rule-based approach to the created description of related malware bases on binary or textual families.
YARA-L takes threat detection a step further by enabling the expression of detections and not just querying data.
Anton Chuvakin, a security strategist, said that it is essentially a threat detection language and not a data query language. The design is by and for security analysts, with contributions from malware reverse engineers.
Speed and integration
Users who support YARA-L can deploy complex rules out-of-the-box, build their own rules or migrate pre-created rules from legacy security tools. Chronicle Detect also has support for a Sigma-YARA converter and MITRE ATT&CK that will allow users to port their custom rules to and from existing Sigma installations.
Chronicle customers can also use detection rules and threat indicators from Uppercase (Chronicle’s research team).