Google Cloud Launches SOC Of The Future – Forbes

Posted: May 23, 2022 at 11:47 am

Google Cloud unveiled its "SOC of the Future" today at the Google Cloud Security Summit. (Photo ... [+] Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images)

Cybersecurity is a top priority for every organization. At least, it should be. The challenge is that the attack surface is expanding, and the threat landscape is adapting so quickly that it is increasingly difficult to keep up with the sheer volume of threatsnever mind effectively defend against them. At the Google Cloud Security Summit today, Google Cloud revealed plans for a SOC of the Future to help companies address these security challenges.

Google Cloud is a leading cloud platform, but it is also increasingly focused on cybersecurity as well. Google Cloud offers Chroniclea cloud service that enables customers to privately retain, analyze, and search massive amounts of security and network telemetry. Googles very DNA is built around the ability to comprehensively index and accurately search essentially all of the information available online. Chronicle takes that model and applies it specifically to security.

Google Cloud has also been busy investing to extend and enhance its security portfolio. Google Cloud partnered with Cybereasonmarrying Chronicle with the Cybereason Defense Platform to deliver Cybereason XDR powered by Google Cloud. The combination of Chronicle to normalize, index, correlate, and analyze data at scale, with the artificial intelligence and MalOp engine of Cybereason yields a powerful tool for defending against attacks.

Chronicle is not the only trick up Google Clouds sleeve, though. Google Cloud also includes VirusTotal, and the recently acquired SOAR (Security Orchestration Automation and Response) solution Siemplify. This arsenal of tools gives Google Cloud a powerful portfolio for cybersecurity.

That is where the SOC of the Future comes in. SOC, for those who dont know, is an acronym for Security Operations Centerthe heart cybersecurity for most organizations.

The core of this initiative is built around Googles Autonomic Security Operations (ASO). ASO is a collection of products, integrations, blueprints, technical content, and an accelerator program to enable customers to take advantage of Googles security operations expertise. The goal is to transform how people approach security challenges, how workflows are engineered to achieve secure outcomes, and how technologies can be leveraged to maximize their value.

I had a chance to speak with Jess Leroy, Google Cloud's Director of Product Management, about the vision for this initiative. Jess explained, The biggest problem in the industry when it comes to SOCs themselves is really that people have been doing things in a way for a long time now that is really no longer sustainable. The old model just doesn't work.

Why? Two reasons. Volume and speed. Jess shared a few statslike a 600% year-over-year growth in crimeware, and the fact that there is over 100 zettabytes of data out there. Meanwhile, threat actors are increasingly using automation to streamline attacks.

Combine that with more pressure for accountability in the C-suite. Jess noted a Gartner statistic that 75% of CEOs will be personally liable for cybersecurity incidents by 2025. He shared that he speaks to CISOs every week and that he sees growing concern over this.

The SOC of the Future will combine the elements of the Google Cloud security portfolio to help security teams evolve from the traditional SOC model to more modern and more agile security operations. Google Clouds goal is to enable more transparent collaboration between service providers and end customersand ensure every role receives relevant data to ensure fast response.

Part of that is based on telemetry. Jess said that most organizations are only using 30% or 40% of their telemetry. They are not correlating and analyzing all of the databecause they simply dont have a framework capable of doing it. They are making educated guesses based on partial snapshots. Chronicle allows Google Cloud to analyze 100% of the available telemetry.

Siemplify is another key element. The SOAR platform provides the ability to act on the analysis. Customized playbooks automate triage and response, which is crucial for keeping up with the volume of threats organizations face.

The SOC of the Future will do for the current SOC what the DevOps revolution did for the NOC [Network Operations Center], declared Sam Curry, CSO of Cybereason. The focus will be on the mission, and the metrics will reflect thatclosing pathways early and often, getting ahead of bad guys, and getting predictive.

Curry added that with this approach, tactical decisions will be based on risk, and that, The SOC of the Future will be extremely efficient in the use of peoples timewhich is the most valuable commodity.

Svetla Yankova, Google Cloud's Global Head of Customer Experience Engineering, walked me through a demonstration of the offering to show me how it analyzes and triages threats. Not only does it use 100% of the telemetry, but once a threat is detected it also has the ability to go back in time to identify and triage other potential instances of the same threat.

Of course, you can only go back as far as the data youve retained, but Google Cloud retains all of your data for a year by default. Hopefully 12 months is far enough to go back to find the first instance of a threat. If not, you probably have bigger issues.

The rest is here:

Google Cloud Launches SOC Of The Future - Forbes

Related Posts