News

Google Spotlights Cloud Security at RSA

• By John K. Waters
• February 27, 2020

Google's cloud group made a number of product announcements this week at the annual RSA Security Conference in San Francisco, including upgrades to the Chronicle security analytics platform and the general availability of its reCAPTCHA Enterprise and Web Risk API tools.

Chronicle was originally launched by Google's parent company, Alphabet, in 2018 as an independent cybersecurity startup. The new enterprise focused on providing an analytics platform and a malware intelligence service that incorporated machine learning and advanced search capabilities. The company launched a security platform called Backstory at last year's RSA event.

But in June of last year, Alphabet announced that Chronicle would merge with Google Cloud Platform because of their "converging trajectories." This is the first major update since that announcement.

The re-assimilated Chronicle platform is getting several upgrades, including new threat detection and timeline capabilities, online fraud prevention services, and threat response integration between Chronicle and Palo Alto Networks' Cortex XSOAR.

Cortex XSOAR is an extended security orchestration automation and response platform with native threat intelligence management capabilities. Chronicle's new "intelligent data fusion" capability combines a new data model with the ability to link multiple events automatically into a single timeline. Palo Alto Networks will be the first to integrate with this new data, Google said.

"Cortex XSOAR offers automated enrichment, response and case management to enterprise-wide threats," said Rishi Bhargava, VP of Product Strategy at Palo Alto Networks, in a statement. "The integration with Chronicle's new detection capabilities and event timelines, across months or years of data, enhances that response and enables comprehensive threat management for our mutual customers."

Google also announced the general availability of reCAPTCHA Enterprise and the Web Risk API. reCAPTCHA is a decade-old free service familiar to anyone who ever signed on to a secure Web site. It uses a Turing test to separate humans from bots. The Enterprise version builds on that technology to provide additional protection against such fraudulent activity as scraping, credential stuffing and automated account creation. "Google Nest is using reCAPTCHA Enterprise to help prevent automated attacks by actors seeking to obtain unauthorized access to accounts and devices," the company said.

The Web Risk API is a Google service that lets client applications check URLs against Google's constantly updated lists of unsafe Web resources to prevent access to, or inclusion of, malicious content. The Web Risk API alerts provide information about more than a million unsafe URLs that Google keeps up-to-date by examining billions of URLs each day via the Google Safe Browsing service.

Google's cloud group also plans to show RSA conference attendees how customers can detect threats using YARA-L, a new rules language built specifically for modern threats and behaviors, including types described in Mitre ATT&CK, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

"When it comes to security, our work will never be finished," said Sunil Potti, VP of Google Cloud Security, in a blog post. "In addition to the capabilities announced today, we'll continue to empower our customers with products that help organizations modernize their security capabilities in the cloud or in-place."