Google announced the public preview of context-aware threat detections, alert prioritization, and risk scoring on Google Chronicle, which is a solution for threat detection.
The new capability aims to help security professionals create efficiencies in customers’ threat detection and response.
“An alert in isolation does not provide sufficient information, and associated metadata, context, and asset information is fundamental to an effective threat response strategy. Additionally, with prevalent alert fatigue, security teams lack the ability to prioritize which critical threats to address first,” Mike Hom, product architect at Google Chronicle and Travis Lanham, engineering lead at Google Chronicle wrote in a blog post.
With the new context-aware detections, all of the supporting material from authoritative sources such as telemetry, context, relationships, and vulnerabilities can be detected as a “single” detection event.
Additional capabilities include the ability to prioritize threats with risk scoring at detection execution time rather than at the human triage stage, a graph view that depicts immediate entity relationships to provide useful data that customers may want to pivot their investigation to, and more.
“This launch fixes a paradigm gap in legacy analytics and SIEM products, where data has historically been logically separated due to prohibitive economics. Customers can now operationalize all their security telemetry and enriching data sources in one place, giving them the ability to develop flexible alerting and prioritization strategies,” Hom and Lanham added.