Highlights:
- The new set of solutions will enable organizations to gather threat data from sources like VirusTotal and Google Cloud’s threat intelligence to provide more transparency into security posture and exposure to criminal actors.
- The announcement comes close to a time when Google acquired Mandiant, which could provide more incident and exposure management features to the solution in the future.
Automation is vital for security teams. About 70% of security operations center (SOC) teams report feeling overwhelmed by the frequency of security alerts. Security orchestration automation and response (SOAR) skills are crucial to assist them in keeping up with the latest threats.
It is here that at the Google Cloud Next event, Google Cloud introduced Chronicle Security Operations, a new set of technologies that can help security teams identify, investigate, and respond to cyber threats.
Chronicle Security Operations integrates its existing security information and event management (SIEM) capabilities with Siemplify’s SIEM technology and Google Cloud’s threat intelligence to develop two new products: Chronicle SOAR and Chronicle SIEM.
The new set of solutions will enable organizations to gather threat data from sources like VirusTotal and Google Cloud’s threat intelligence to provide more transparency into security posture and exposure to criminal actors.
Getting better at spotting and dealing with threats
The announcement comes close to a time when Google acquired Mandiant, which could provide more incident and exposure management features to the solution in the future.
The tech giant’s purchase of Siemplify and Mandiant – when combined with Google Cloud’s proprietary threat intelligence – could make Chronicle one of the most advanced SOAR and SIEM solution providers on the market.
Chris Corde, director of product management and security at Google Cloud, said, “We help democratize security operations with Google Cloud’s expertise and best practices.” He added, “Curated detections leverage Google Cloud’s insights and threat intelligence gathered from protecting our billions of users so that organizations can focus their scarce expert resources on the unique security challenges that they face.”
He added, “Sub-second search across petabytes of information can be as easy as running a Google search. Chronicle delivers threat-entered case management for simpler investigation and can surface the most relevant context to encourage consistently good decisions, which can enable teams to speed up investigation and response.”
With features like integrated alert management between Chronicle SIEM detections and Chronicle SOAR threat-entered case management, users can enjoy a streamlined investigation experience. The response playbooks delivered by Security Command Center also reduce the time it takes to fix security incidents.
Having a look at the SOAR market
Researchers predict that the SOAR market will grow from USD 1.1 billion in 2022 to USD 2.3 billion in 2027. Keeping this in mind, it makes sense for Google Cloud to focus on becoming the best provider in this space following its acquisition of Siemplify.
Google Cloud isn’t the only provider that focuses on the SOAR market. Elastic announced the release of Elastic Security 8.4 earlier this year. It had several new SOAR features, such as fixing and responding to problems immediately.
The provider is also in competition with several well-known companies in the same field, such as Rapid7. Rapid7 Insight Connect provides automated workflows that make it easier to respond to incidents and manage security holes.
Rapid7 announced that it had raised USD 658 million in recurring annual revenue (ARR).
Swimlane, low-code security automation and SOAR platforms are other significant competitors in the market. It gives users automated playbooks that they can use to define processes to deal with cyber threats and implement self-documenting playbooks to get actionable intelligence on the organization’s overall risk posture. The company got USD 70 million to help it grow earlier this year.
At this point, the most important thing that sets Chronicle SOAR apart is the coupling of Mandiant, Siemplify, and Google Cloud’s threat intelligence into a single product category.