Google today shared a bunch of security news at RSA Conference 2020, which kicks off this week in San Francisco. The company’s Google Cloud division introduced threat detection and timeline capabilities in Chronicle. Google Cloud also launched reCAPTCHA Enterprise and Web Risk API in general availability.
In January 2018, Google parent Alphabet formed an enterprise security company named Chronicle. This was largely a bid to use machine learning to analyze massive amounts of data, detecting cyberthreats more quickly and precisely than with traditional methods. But in June 2019, Google Cloud swallowed Chronicle. (See our piece on How Chronicle is fitting into Google Cloud.) Google is hoping to use Chronicle to woo enterprise customers over to its cloud services, away from market leaders Amazon Web Services and Microsoft Azure. This is the first major update to Chronicle since the “merger” closed on October 1.
Chronicle: Advanced threat detection and timelines
Chronicle launched its security analytics platform last year to help businesses investigate alerts and threats. The platform is now getting YARA-L, a new rules language built specifically for real-time and retroactive rule execution, including modern threat types described in Mitre ATT&CK. YARA-L is a callback to YARA, a language created by VirusTotal engineers to classify malware samples. (Google acquired VirusTotal in September 2012.)
Chronicle has also gained intelligent data fusion, a combination of a new data model and the ability to automatically link multiple events into a single timeline. Google will be partnering with other companies here to integrate with this new data structure for an “even more powerful threat response.” So far, the company only has one partner, security operations platform Demisto.
reCaptcha Enterprise and Web Risk API
The general availability of reCaptcha Enterprise and Web Risk API signals they are production-ready and can be purchased separately. Both are based on Google security technologies “that have been protecting users on the web for more than a decade.”
Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a series of challenge-response questions designed to prevent bots from bombarding web sign-up forms with spam. Google’s freely available service — reCaptcha — displays as many as 100 million tests every day via its application programming interface (API). Building on reCaptcha, reCaptcha Enterprise arrived as a beta in April 2019 to defend websites against fraudulent activity like scraping, credential stuffing, and automated account creation. reCaptcha Enterprise recently gained commercial-grade bot defense capabilities to help ensure that a login attempt is being made by a legitimate user and not a bot. (Google Nest uses reCaptcha Enterprise to help prevent automated attacks by actors seeking to obtain unauthorized access to accounts and devices.)
Google’s Safe Browsing service protects over 4 billion devices by providing lists of URLs that contain malware or phishing content to Chrome, Firefox, and Safari browsers, as well as to internet service providers (ISPs). The Web Risk API lets businesses have their client applications check URLs against these lists of unsafe web resources. Google says the API has information on more than a million unsafe URLs, based on examining billions of URLs each day in Google Safe Browsing.