Chronicle Security Operations is an essential security suite for any organization that wants to stay on top of the threats that they face. As part of our security announcements today at Google Cloud Next, Google introducing our always-on AI collaborator Duet AI in Chronicle. Available in preview and expected to be generally available later this year, Duet AI in Chronicle provides generative AI-powered assistance to cloud defenders where and when they need it. It can help transform threat detection, investigation, and response for cyber defenders by simplifying search, complex data analysis, and threat detection engineering, to reduce toil and elevate the effectiveness of each defender.

Today, Google also introducing Mandiant Hunt for Chronicle Security Operations to better help defenders protect their digital assets from persistent threats. Available now in preview, this new managed threat hunting service integrates Mandiant’s frontline intelligence and expertise with Google Cloud technology to proactively search for undetected attacks. 

Mandiant Hunt can find threats missed by traditional detection mechanisms. Mandiant experts build hypotheses using a robust and adaptable collection and analysis strategy, alongside traditional automated hunting that searches for indicators of compromise. This approach focuses on patterns of behavior against techniques and procedures seen in the wild. We offer customers help with:

  • A means to close the skills gap by gaining elite-level, speciality security skills without the burden of hiring, tooling, and training;
  • Confidence that they can defend against the latest threats with the help they need to find novel or hidden attacks, as well as the insight they needed to improve their security controls;   
  • And the context they need to make informed decisions with the necessary tools in Chronicle Security Operations to quickly respond.

“Security can be stressful and knowing that you’re watching for everything, that you’re aware of everything that could possibly happen within your organization. We’ve got this peace of mind that Mandiant is watching that for us, taking care of that for us,” said Alex Hammond, senior security architect, Ascendium Education Group.

Unlike other security operations platforms, Chronicle allows customers to ingest their security data and store it for 12 months by default. This cache of data can help security teams uncover newly-discovered threat actor behaviors in older security telemetry, a valuable tool for tracking down previously-unknown malicious activity. Chronicle’s powerful ability to quickly analyze and search growing amounts of security telemetry for anomalies boosts the hunt teams’ ability to test and refine threat hunting hypotheses.

Mandiant Hunt is guided by Google Cloud’s vast knowledge of threat actors and defense experience. Hunting activity is informed by real-time threat intelligence from Mandiant, as well as signals from the devices and users protected by Google Cloud and VirusTotal’s intelligence of more than 9 billion files and URLs. Customers receive findings that explain what our expert hunters looked for, how and where they looked, and what they found — mapped to the MITRE ATT&CK framework so customers can take decisive action.

How Mandiant Hunt can help security teams make faster, better decisions

Threat actors are becoming increasingly sophisticated, and they often alter their techniques to blend in with the noise of routine IT operations. Over the past six months, Mandiant has been tracking state-based threat actors, steadily evolving their tactics to become more agile, stealthier, and complex. Organizations were notified of breaches by external entities in 63% of incidents, an increase from previous years, according to this year’s annual M-Trends security report from Mandiant. 

The threat hunting and advanced analysis teams from Mandiant who support managed hunt maintain a deep understanding of the ever-evolving cyber landscape and threat actor tactics, techniques, and procedures (TTPs). In the past year alone, they protected customers from significant security events, including attacks from nation-state threat actors and financially-motivated attackers.