2020 introduced complex challenges for enterprise IT environments. Data volumes have grown, attacker techniques have become complex yet more subtle, and existing detection and analytics tools struggle to keep up. The Chronicle platform is designed for security analysts to store and analyze petabytes of security data in one place and perform investigations in seconds.

This Google Cloud and Carahsoft webinar demonstrated how to detect everything: Google scale threat detection to your SOC and Chronicle in action with a live demo.

Attendees learned:

• How to detect multi-event attack sequences such as a new email sender followed by an HTTP post to a rare domain; a suspiciously long power shell script accessing a low prevalence domain; or a low prevalence process accessing a low prevalence domain
• How telemetry data in Chronicle’s UDM is enriched with context (e.g., asset, user, threat intelligence, and vulnerabilities) and correlation (e.g., IP to host), creating a platform that is broader than SIEM and builds toward the vision of XDR
• How Chronicle orchestrates and integrates with leading vendors such as Palo Alto Cortex XSOAR, D3 SOAR, SIEMplify, and Splunk Phantom