Google Chronicle has received new functionality for detecting cyber attacks.
The update should improve the effectiveness of the SIEM platform. Chronicle helps companies collect data from large numbers of systems and analyze it for possible breaches. Companies can also use Chronicle for mapping the scope of possible hacking attacks.
The new features focuses on pieces of code that describe a specific cyber attack (detections), such as installing malware on cloud instances. Companies use the detection in conjunction with a SIEM platform. Chronicle already has detection that can compare normal activities on a network with a cyber attack. The platform thus looks for potential breaches.
The updates add pre-packaged detections to Chronicle that Google developed based on research into hacker activity. These new detections allow users to more effectively spot cyber attacks on Windows environments. Among other things, they can detect attacks that focus on stealing data from a Windows system. They also identify other threats such as ransomware and attempts by hackers to exploit software installed on systems to gain access.
A second set of detections should help companies better protect public cloud environments. This is by detecting misconfigured settings in cloud environments that may give rise to an attack. The functions can also be used to detect attempts to siphon off data or other malicious activities.
With the new features, companies can save time and manual work, it is thought. Tests showed that users were able to detect and block malware faster than ever before, than users had more manual.
Google indicates that it will be releasing even more detections in the near future. With this, the tech giant wants customers to discover more security problems.