Google X
So Google (or Alphabet as the parent is now called) has announced today that they are joining the SOC market with proactive security defence based on capture and analysis of events.This has come out of their X projects division which aims to rapidly develop new breakthrough products.
What's Google Planning?
Presumably Google aims to provide Machine Learning based measures capitalising on the scale of its services and analysis across customer environments hosted on its GCS platforms. This should give it certain predictive advantages, enabling it to home in on certain types of attack.
What would be good to know is how will Google differentiate between poorly configured devices, failing devices and real attacks. As many APT style in infiltrations will mimick poor configuration and failures to disguise their intents. Also what will they be doing around major incident management, remediation and forensics to provide a complete service?
Details are thin on the ground so far and this is bound to spur me too imitations from AWS and Azure.
SOC Fundamentals still Apply
However, as ever the fundamentals for a working SOC will remain:- You need to know what assets you are managing and keep CMS/CMDB accurate, complete and up to date;
- As far as is practicable, ensure that all assets are implemented with standard configurations, to avoid mis-configuration and creating the noise in which APT infiltration can hide;
- Use automation and software as infrastructure to implement standardised asset configurations and maintain patching up to date;
- Then deploy logging, automated monitoring and analysis;
- Invest in remediation and incident management capability;
- Use scenario planning and practice exercises to ensure that there are no gaps and you are prepared for problems.
What Else is Google Doing?
The SOC services are only part of the offering. The new business unit called Chronicle will also be offering threat intelligence and products from its VirusTotal acquisition.
No comments:
Post a Comment