Threat Detection at Google Cloud Security Summit

No guests. We interviewed each other!

Topics:

• What would you say are the most things that Chronicle is trying to address today?
• What are the good ways to use threat intel to detect threats that do not ruin your SOC?
• What does “autonomic” security mean, anyway? Is this a fancy way of saying “automatic” or something more?
• For sure, “the Cloud is not JUST someone else’s computer“ - but how does this apply to threat detection?
• What makes threat detection “cloud-native”?
• What kinds of ML magic does your mini UEBA inside SCC use?
• Can you really do automated remediation in the cloud?

Resources:

• Google Cloud Security Summit
• “Making Invisible Security a Reality with Google” keynote
• “Security Analytics at Google Speed and Scale” presentation by Anton
• “Managing Your Security Posture on Google Cloud” presentation by Tim
• “Stop Trying to Take Humans Out of SOC … Except … Wait… Wait… Wait…” blog
• Chronicle main site
• Threat Detection in Logs in Google Cloud SCC video
• “Modern Threat Detection at Google” (episode 17) 
• “Automate and/or Die?” (episode 3)