2 min

New pre-built queries will make it easier for companies to manage their cloud security.

Google Cloud announced an extension of its partnership with security company MITRE to further its efforts in making cloud security easier to deploy for every organization.

The Cloud Analytics project is a community-driven initiative to provide security analytics resources to the wider community and builds on the existing work the two companies have done with the Community Security Analytics (CSA) project.

Ivan Ninichuck, Google Solutions Architect, and Iman Ghanizada, Global Head of Autonomic Security Operations, announced the new mappings in a blog post this week. “The adoption of Autonomic Security Operations (ASO) requires the ability to use threat-informed decision making throughout the continuous detection and continuous response (CD/CR) workflow”, they explain. “We are excited to facilitate this process by mapping native security capabilities of Google Cloud to MITRE ATT&CK through our research partnership with the MITRE Engenuity Center for Threat-Informed Defense.”

Co-developed in 2021 by Google Cloud, MITRE Engenuity Center, and other industry partners, the CSA is similar to Cloud Analytics in that it provides a set of open-sourced queries to improve threat hunting, but does so for different technologies.

Companies should still decide what is best for them

Although the queries are already provided, Google Cloud said organizations are expected to adopt a do-it-yourself approach and finely tune them specifically for each organization’s environment.

To get started with the open-source project, all the files are hosted on GitHub, including the complete set of Sigma rules, the associated adversary emulation plan required to trigger the rules, and a development blueprint to help inform users on how to create bespoke Sigma rules to further increase cloud security.

“The Google Cloud ATT&CK Mappings can be a key foundation for your application of ASO and can empower defenders to understand their impact on adversary behaviours and make threat-informed decisions”, Ninichuck and Ghanizada write. “It is recommended that organizations take the time to assess each phase of the CD/CR pipeline, establish OKRs across core areas, and identify where they can improve the operationalization of ATT&CK mappings across their organizations.”

Tip: How do you interpret the results of MITRE ATT&CK evaluations?