Google Cloud has announced the launch of Chronicle CyberShield to help government agencies integrate threat intelligence, detection, and response to tackle cyber threats. The solution enables governments to raise threat and situational awareness, build cybersecurity skills and capabilities, and facilitate knowledge sharing and collaboration to increase security at a national level, Google Cloud said.
Governments typically face a diverse set of cybersecurity challenges and threats. They collect and store huge amounts of data, including information about individual citizens that can be sold on the dark web. There is also a risk that national security and military data can be used by terrorist organizations, and even governments with mature cybersecurity postures are a prime target of advanced persistent threat actors who constantly evolve their techniques. The number of attacks targeting the government sector increased by 95% worldwide in the second half of 2022 compared to the same period in 2021, according to a report by AI-based cybersecurity company CloudSek.
Chronicle CyberShield establishes a modern government SOC
A primary component of Chronicle CyberShield is establishing a modern government security operations center (SOC), comprising a network of interconnected SOCs to scale and aggregate security threats, Google Cloud said in a press release. Chronicle CyberShield enables governments to leverage cyber threat intelligence from Google and Mandiant, now part of Google Cloud, to build a scalable and centralized threat intelligence and analysis capability, according to the firm. This is integrated operationally into the government SOC to identify suspicious indicators and enrich the context for known vulnerabilities.
The solution also allows governments to build a coordinated monitoring capability with Chronicle SIEM to simplify threat detection, investigation, and hunting with the intelligence, speed, and scale of Google. By implementing Chronicle across a network of SOCs, attack patterns and correlated threat activity across multiple entities are available for investigation and analysis.
Automated playbooks address root causes, reduce impact of threats/attacks
Once threats are identified in Chronicle SIEM, automated playbooks can be developed in Chronicle SOAR to address root causes and reduce the impact of threats and cyberattacks, Google Cloud said. Integration with third party solutions enables Chronicle SOAR to enrich data with threat intelligence and additional context to get faster insights. Analysts in the government SOC can focus on resolving cases faster and reducing dwell time by uncovering threats faster and containing them more rapidly.
When major cyberattacks take place, governments need additional support to augment their in-house capabilities to respond to the full lifecycle of any incident. With Chronicle CyberShield, governments can agree on pre-established terms and conditions for incident management and response support from Mandiant, Google Cloud stated. Additionally, Chronicle CyberShield includes continuous red teaming and penetration testing services delivered by Mandiant to test security controls and protect critical assets by identifying and mitigating security gaps and vulnerabilities.