Jump to Content
Security & Identity

How Chronicle can help advance security product development and overcome data lake challenges

April 19, 2023
https://storage.googleapis.com/gweb-cloudblog-publish/images/SecurityBuildingBlockMulticloud_DG_Hero_16.max-2600x2600.png
Stacey King

Security OEM Partners Program, Google Cloud

Building your cybersecurity product’s data platform to automatically process massive volumes of data and deliver high-speed search, rich contextual insight, threat detection, and context-aware response automation can be difficult, even with modern day data lakes. 

One option to avoid the challenges of data lakes and enable your engineers to focus more on addressing security use cases is to consider a pre-built security-focused data platform that combines the best of SIEM, SOAR, data lake and data warehouse into one. This is exactly what Google Cloud Chronicle can help you with.

Introduction to Chronicle as a data platform for security product builders

Chronicle is the main component of Google Cloud’s security operations suite, which helps security teams detect, investigate, and respond to threats with the speed, scale and intelligence of Google. At its core, Chronicle is a hyperscale cloud data platform purpose-built for security use cases that security product builders can take advantage of through our Google Cloud Security OEM Partner Program.  

We recently hosted a roundtable discussion to demonstrate how Chronicle can be used as a security data platform and also help security product builders avoid data platform pitfalls (and management headaches). The roundtable participants–including Chronicle cofounder Shapor Naghibzadeh, Google Cloud Office of the CISO Security Solution Strategy expert Dr. Anton Chuvakin, and Head of Google Cloud Security OEM Alliances Josh Karp–noted that while new advancements definitely help, security data lakes can still fail

Evaluating security data platforms 

As you embark on a new approach for your products’ data platform, there’s much to consider for security use cases — especially if your engineering team does not have the bandwidth or expertise to build and manage a complete data platform stack optimized for security. Questions your team might like to consider include:

  • Do you want to shift from piecing together a security data platform to a more all inclusive approach? 

  • Can you avoid performance impacts and unpredictable costs when scaling to and searching through continually growing data volumes? 

  • Does the data platform have a ready-to-use security data model to automatically ingest, normalize and correlate a vast variety of security data sources to maximize contextual intelligence? 

  • Is data enrichment with threat and other valuable intelligence such as geographical and event timeline creation included? 

  • Are there plenty of APIs with unlimited API calls to extract the information you need for your security application?

  • Will threat detection, investigation, alerts and response automation be effectively managed with your data platform?  

  • Are other complimentary security capabilities also available from the data platform provider to further enhance your product portfolio and customer growth?

Chronicle as a security data platform is a good alternative to your typical data lake and can help you create and extract more value from the data your product generates and collects. 

Chronicle can help you more rapidly:

  • Unify your security product portfolio’s data into one dynamically scalable platform that enables you (and your customers) to capitalize on the data you collect with enhanced insight, detection and response workflows.

  • Overcome engineering resource constraints to build and manage a security data platform that does more than simply ingest and search raw log data.

  • Turn your extended detection and response (XDR) product vision into reality.

https://storage.googleapis.com/gweb-cloudblog-publish/images/image1_Kp8iGgD.max-700x700.png

What other capabilities compliment this new data platform approach?

Google Cloud and our Security OEM Partner Program can also help you:

  • Use curated threat intelligence and detection rules from Google Cloud (included with Chronicle), VirusTotal, and Mandiant to boost your product’s level of threat insight and detections.

  • Embed Chronicle SOAR to automate and orchestrate incident response, case management, and other security workflows as part of your product.

  • Display VirusTotal’s threat detection ratios and intelligence within your product’s user interface for deeper investigations using crowdsourced intelligence about threats detected in your customer’s environment.  

  • Embed Web Risk to detect unsafe URLs in real-time, display the results, and block access to them.

  • Utilize reCAPTCHA to prevent external threat actors and bots from engaging in fraudulent activities on your customers’ sites while allowing valid users in. 

  • Use Looker to build custom analytics, dashboards, and user interfaces if needed for your security data platform.

  • Apply Machine Learning (ML) to uncover new security intelligence and detections. Chronicle accelerates the ML process with its automatic output of normalized, correlated data into Google Cloud BigQuery making it ready for you to also apply comprehensive ML and SQL based analytics as part of your product.

Get started accelerating your security product innovation 

You can learn more about our Google Cloud Security OEM Partner Program by visiting goo.gle/cloud-security-oem or contacting us at GCS-OEM@google.com.

As a security product builder going to the RSA Conference 2023, we invite you to visit with our OEM team and security product experts. We’d love to see you and strategize on tech synergy.  

Posted in