Cybersecurity is a top priority for every organization. At least, it should be. The challenge is that the attack surface is expanding, and the threat landscape is adapting so quickly that it is increasingly difficult to keep up with the sheer volume of threats—never mind effectively defend against them. At the Google Cloud Security Summit today, Google Cloud revealed plans for a “SOC of the Future” to help companies address these security challenges.
Focus on Security
Google Cloud is a leading cloud platform, but it is also increasingly focused on cybersecurity as well. Google Cloud offers Chronicle—a cloud service that enables customers to privately retain, analyze, and search massive amounts of security and network telemetry. Google’s very DNA is built around the ability to comprehensively index and accurately search essentially all of the information available online. Chronicle takes that model and applies it specifically to security.
Google Cloud has also been busy investing to extend and enhance its security portfolio. Google Cloud partnered with Cybereason—marrying Chronicle with the Cybereason Defense Platform to deliver Cybereason XDR powered by Google Cloud. The combination of Chronicle to normalize, index, correlate, and analyze data at scale, with the artificial intelligence and MalOp engine of Cybereason yields a powerful tool for defending against attacks.
Chronicle is not the only trick up Google Cloud’s sleeve, though. Google Cloud also includes VirusTotal, and the recently acquired SOAR (Security Orchestration Automation and Response) solution Siemplify. This arsenal of tools gives Google Cloud a powerful portfolio for cybersecurity.
SOC of the Future
That is where the “SOC of the Future” comes in. SOC, for those who don’t know, is an acronym for Security Operations Center—the heart cybersecurity for most organizations.
I had a chance to speak with Jess Leroy, Google Cloud’s Director of Product Management, about the vision for this initiative. Jess explained, “The problem biggest problem in the industry when it comes to SOCs themselves is really that people have been doing things in a way for a long time now that is really no longer sustainable. The old model just doesn’t work.”
Why? Two reasons. Volume and speed. Jess shared a few stats—like a 600% year-over-year growth in crimeware, and the fact that there is over 100 zettabytes of data out there. Meanwhile, threat actors are increasingly using automation to streamline attacks.
Combine that with more pressure for accountability in the C-suite. Jess noted a Gartner statistic that 75% of CEOs will be personally liable for cybersecurity incidents by 2025. He shared that he speaks to CISOs every week and that he sees growing concern over this.
The “SOC of the Future” will combine the elements of the Google Cloud security portfolio to help security teams evolve from the traditional SOC model to more modern and more agile security operations. Google Cloud’s goal is to enable more transparent collaboration between service providers and end customers—and ensure every role receives relevant data to ensure fast response.
Part of that is based on telemetry. Jess said that most organizations are only using 30% or 40% of their telemetry. They are not correlating and analyzing all of the data—because they simply don’t have a framework capable of doing it. They are making educated guesses based on partial snapshots. Chronicle allows Google Cloud to analyze 100% of the available telemetry.
Siemplify is another key element. The SOAR platform provides the ability to act on the analysis. Customized playbooks automate triage and response, which is crucial for keeping up with the volume of threats organizations face.
The “SOC of the Future” will do for the current SOC what the DevOps revolution did for the NOC [Network Operations Center],” declared Sam Curry, CSO of Cybereason. “The focus will be on the mission, and the metrics will reflect that—closing pathways early and often, getting ahead of bad guys, and getting predictive.”
Curry added that with this approach, tactical decisions will be based on risk, and that the “SOC of the Future” will be extremely efficient in the use of people’s time—which is the most valuable commodity.”
Svetla Yankova, Google Cloud’s Global Head of Customer Experience Engineering, walked me through a demonstration of the offering to show me how it analyzes and triages threats. Not only does it use 100% of the telemetry, but once a threat is detected it also has the ability to go back in time to identify and triage other potential instances of the same threat.
Of course, you can only go back as far as the data you’ve retained, but Google Cloud retains all of your data for a year by default. Hopefully 12 months is far enough to go back to find the first instance of a threat. If not, you probably have bigger issues.