In the ever evolving world of security, Google always aims to keep being a forerunner and to offer avant-garde services. In this issue, we go deeper into the latest developments that Google implements in its offering.
Google completes its security stack
Early 2022, Google showcased how important security had become to them through acquiring Siemplify. It fits Google’s striving for invisible security to a T, along with their wish to democratise surveillance operations for every organisation. To put it differently: security analysts should be able to solve more, and more complex incidents with minimum effort and specific knowledge.
Siemplify can help, being a prominent supplier of security orchestration, automation and respons (SOAR). After all, the Siemplify-platform is an intuitive workbench with which security teams can manage both the risks and costs of handling threats better. Siemplify is enabling analysts of the Security Operation Centre to administer their activities from the start, to react quickly and efficiently to cyber threats, and to become smarter through every interaction with other analysts. The technology also helps improve SOC-performances by decreasing the caseload, increasing the productivity of the analysts, and creating improved visibility of the workflows.
In combination with Chronicle’s innovative approach to security analyses, Google is taking an important step forward through their acquisition of Siemplify to build a complete security stack.
Continue reading: Raising the bar in Security Operations: Google Acquires Siemplify
Mandiant to strengthen GC’s Security Stack
In a similar idea, Google announced on the 8th of March that they would be adopting Mandiant, leader in dynamic Cyber Defence and Response. After completing that acquisition, Mandiant will be integrated in Google’s Cloud Security stack.
Taking over Mandiant can be perceived as a strong supplement to Google’s already substantial offering when it comes to cloud security. Think of BeyondCorp Enterprise to build a Zero Trust policy, of VirusTotal to track harmful content and software vulnerabilities, and of Chronicles for security analysis and automation. In addition, Google offers services such as Security Command Centre to help organisations detect cyber threats and protect themselves. Finally, you can count on the Cybersecurity Action Team for extra security expertise. By acquiring Mandiant, GC is building an end-to-end security operations suite. The procurement is still dependent on financial controls and governmental approval. If all goes well, though, it should be finalised later this year.
Advanced protection for your VM environments on GCP
Architectures based on Virtual Machines continue to be a big part of compute-centric workloads, even in a cloud environment. To guarantee strong protection for those implementations, Google announced the Virtual Machine Threat Detection (VMTD) in preview: Google’s latest layer of threat detection in their Security Command Centre (SCC). VMTD is the first-to-market detection option by a big cloud provider that offers agentless memory scanning in order to help detect threats such as crypto mining-malware that is happening in your VMs on Google Cloud.
Continue reading and sign up: Protecting customers against cryptomining threats with VM Threat Detection in Security Command Center
The next step to a European Cloud
We’ve known for a while now that Google is creating a specific environment for the European market and its own particular demands (such as GDPR) and concerns (Europe’s sovereignty). It ranges from concrete measures to keep data in Europe, or in the EU, under all circumstances, to the most extreme form of a cloud environment which will be managed by European companies.
One of the most important suggested measures, “Assured Workloads”, has been operational since February. Clients who activate it:
- Receive the guarantee of their workloads residing in a EU Google Cloud region of their own choosing;
- Are offered the certainty of their maintenance and support being carried out by EU-based staff;
- Retain cryptographical control over data access, exclusively for client managed coding keys.
It’s important to consider the fact that this service has not yet been proposed for all Google environments (though it has been offered to Compute, Storage and BigQuery). Based on the roadmaps, we assume that missing platforms will be added during 2022 and 2023.
Google increases the safety of website activity
reCAPTCHA Enterprise is Google’s online fraud detection service, by using their more than ten years’ experience of defending the internet. reCAPTCHA Enterprise can be used to prevent fraud and attacks by scripts, bot software (or people). When installed on a webpage on the moment of action – think of behaviour like logins, buying something or creating an account – reCAPTCHA Enterprise offers a hassle-free user experience that enables legitimate users to continue, while fake users and bots are being blocked.
To further increase the level of security, Google is adding Account Defender to reCAPTCHA Enterprise in preview. It is a new function, built in reCAPTCHA Enterprise, with which you can determine whether actions correspond to or deviate from typical account owner behaviour. That analysis is realised by using a site-specific model, observing typical behavioural patterns on a website. That way, it can detect and evaluate suspicious actions or changes in activity.
Context will help prioritising threats while detecting
In a world where the amount of attacks is permanently increasing, quick response actions are immensely important but so is determining the right priorities. Google believes that isolated warnings don’t offer sufficient information to guarantee correctly estimated risks. Corresponding metadata, context and asset information are fundamental for an effective strategy to handle threats. Furthermore, security teams are still confronted with the challenge of prioritising tasks correctly, even with the available data. Which critical threats should be handled first?
To withstand those trials, Google offers context-aware detection in Google Chronicle in preview since March. Thereby, all supporting information (including telemetry, context, relations and vulnerabilities) from authoritative sources (such as CMDB, IAM and DCLP) is made available and ready-to-use in Google Chronicle as a ‘single’ detection occurrence. Clients can use that context to write better detections, prioritise existing warnings, and conduct faster research.
That’s how far we’re taking you into the world of security this time. We continue to follow up on Google’s developments and we’re eager to see when we can keep you posted on more news