Security Operations at the Speed and Scale of Google
Chronicle is a cloud-based SIEM and SOAR solution for enterprises, leveraging Google’s robust infrastructure, aimed at securely storing and analyzing large amounts of security and network telemetry data. With Chronicle, you get fast and insightful analysis of risky activity through data normalization, indexing, correlation, and analysis. The beauty of Chronicle lays in its subscription model, which is asset-based, meaning that you could ingest Petabytes of data without seeing your costs increase.
Empower your security team with the ability to retrospectively examine months or even years of security information for your enterprise with ease. Search all domains within your organization, or zoom in on specific assets, domains, or IPs to detect any potential security breaches.
Chronicle ingests security telemetry through methods such as a forwarder, ingestion APIs, and third-party integrations. It provides a browser-based application and programmatic Read APIs for security analysis. Chronicle is built on Google’s infrastructure, inheriting its security design and capabilities.
The Power of Google Chronicle
Google Chronicle is a powerful tool because it provides a comprehensive solution for security analysis and incident response. The platform ingests a variety of security telemetry data and presents it in an easy-to-use interface. Some of Chronicle’s capabilities include:
- Vast Search Capabilities with Raw Logs and Regular Expressions
- In-Depth Investigative Views of Users / Assets / IPs / Domains / Hashes
- Advanced Correlation and Pattern Recognition
- Aggregated Enterprise Insights
- Automated Search for Security Issues with the Chronicle Detection Engine
- Threat Intelligence Context with the integration of VirusTotal
- Prioritized Investigations via the Asset Insight Blocks
- Custom Alert Creation in the Yara-L 2.0 language
- Customizable Dashboards and Organized Security Information
- Launch from Anywhere with Google Chrome Chronicle Extension
Chronicle platform overview
Why Custodian?
- Custodian’s expertise lays in providing comprehensive security services, such as Professional Security Services and Managed Security Services. Our Managed Security Services are based on industry-leading technology, including Google Chronicle, and know-how that would help you secure your information assets in no time at a fraction of the cost of in-house security operations staff and other resources.
- Custodian’s Managed Security Service Practice protects your organization from cybercrime threats, which have become more frequent, more sophisticated, and targeted. We work day-to-day to improve your security posture and defend your infrastructure by monitoring your network, assets, and data, 24 hours per day, 7 days a week, 365 days per year.
- We add value by providing context and enriching the security telemetry you receive, optimizing your organization’s IT security monitoring (SIEM and UEBA), incident detection and response time. As security is not purely technology-based, we combine technical and human intelligence to provide our customers with the most accurate security information. In doing so, we ensure an optimal balance between security, workability and continuity.
- Regarding Chronicle, we are one of the first partners in Europe that got the opportunity to test it at full capacity. This enabled us to get familiar with the product and provide expertise to our clients. Among our services we provide:
- Managing your entire Chronicle tenant
- Setting up the tenant and guiding you through the Chronicle interface
- Analyzing your logs, filtering the most important UDM fields and correlating various log sources with each other
- Setting up appropriate rules, threat intelligence lists, alerts, and dashboards
- Instructing you how to use Chronicle at its maximum potential