Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Google Launches Enterprise Threat Detection Solution

Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud.

This is the first threat detection product out of the Chronicle cybersecurity platform after Chronicle became part of Google in June last year.

Google this week announced the availability of Chronicle Detect, a threat detection solution for enterprises from Google Cloud.

This is the first threat detection product out of the Chronicle cybersecurity platform after Chronicle became part of Google in June last year.

Launched in 2018 as a separate entity, Chronicle was established in 2016 within Google’s parent company Alphabet, aiming at delivering visibility into possible vulnerable areas, to help improve security posture. In March 2019, Chronicle launched security telemetry platform Backstory, and in June 2019 it announced joining Google Cloud.

The newly announced detection tool, Google revealed in a blog post this week, takes advantage of its large infrastructure to help organizations identify threats faster and at a higher scale than before.

Chronicle Detect, the tech giant explains, builds on products announced at the RSA Conference earlier this year: “a data fusion model that stitches events into a unified timeline, a rules engine to handle common events, and a language for describing complex threat behaviors.”

Taking advantage of a next generation rules engine from Google, Chronicle Detect is expected to boost overall threat detection, delivering improved speed, and a language designed specifically for the detailing of threat behaviors, in addition to new rules and indicators.

The tool is meant to help organizations depart from legacy security tools and adopt a modern threat detection system, Google says. Security teams are provided with the option to send telemetry to Chronicle, at a fixed cost, which results in diverse security data being leveraged for detection.

“We automatically make that security data useful by mapping it to a common data model across machines, users, and threat indicators, so that you can quickly apply powerful detection rules to a unified set of data,” Google says.

The threat detection solution also provides advanced rules out-of-the-box, while allowing security teams to build their own rules or import those used in legacy tools. Based on the YARA detection language, the rules can be leveraged for quickly building detections for MITRE ATT&CK tactics and techniques.

Furthermore, Chronicle Detect includes a Sigma-YARA converter, allowing organizations that use Sigma-based rules or ones that are converting legacy rules to Sigma, for portability, to port their rules to and from Chronicle’s platform as well.

According to Chronicle, organizations can also enjoy detection rules and threat indicators that the company’s Uppercase threat research team delivers. IOCs from the team are analyzed against telemetry data to immediately inform customers of threat indicators in their environments.

“Uppercase researchers leverage a variety of novel tools, techniques, and data sources (including Google threat intelligence and a number of industry feeds) to provide Chronicle customers with indicators spanning the latest crimeware, APTs, and unwanted malicious programs,” the company explains.

Related: Google Ups Malware Protection for ‘Advanced Protection’ Users

Related: Microsoft Extending Threat Protection Portfolio, Unifying Security Solutions

Related: Google Boosts Detection of Malicious Documents in Gmail

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet