kras99 - stock.adobe.com
Cybereason has partnered with Google Cloud for a cloud-native extended detection and response service that's combined with Google Chronicle.
The endpoint detection and response vendor officially released the new service Tuesday in conjunction with the commencement of Google Cloud Next '21. Cybereason XDR powered by Chronicle is designed to give enterprises one platform for detecting, preventing and responding to security threats. It aims to secure and unify data from several areas including endpoint identities, network and software-as-a service solutions (SAAS) and from Cloud.
While Cybereason has been a Google Cloud customer, Cybereason CTO and co-founder Yonatan Striem-Amit said this is the first time the company has partnered with Google to build something of this scale. In the announcement Tuesday, Google Cloud CEO Thomas Kurian said the company is excited to partner with Cybereason to help customers quickly secure their hybrid and cloud environments.
"Google Cloud is dedicated to delivering the industry's most trusted cloud to accelerate customers' digital transformation efforts with security products that meet them wherever they are," Kurian said in the release. "Cybereason continues to disrupt the market and deliver on their vision for a future-ready extended detection and response defense platform."
Striem-Amit told SearchSecurity it's the "world's first truly open XDR solution."
Extended detection and response (XDR) security has grown in popularity as attack surfaces expand beyond the endpoint. Eric Parizo, principal analyst of cybersecurity operations at analyst firm Omdia, told SearchSecurity that just about every SecOps vendor today is trying to push toward XDR.
Eric ParizoPrincipal analyst of cybersecurity operations, Omdia
"Despite being largely unproven, there is skyrocketing industry hype over the emerging threat detection, investigation and response technology as an alternative to expensive, hard-to-manage security information and event management (SIEM)/security orchestration automation and response-based security operation center architectures," Parizo said in an email to SearchSecurity.
Cybereason is one of the few remaining independent EDR vendors, and recognizes the need to move toward XDR, but it has a long way to go to get there, he said. Though the vendor recently acquired Empow to bolster its security analytics capabilities, Parizo said it needed to level up its data retention and querying capabilities, among others, and quickly. "So, combining Cybereason's endpoint capabilities with Google's back end for a combined XDR offering makes sense," he said.
One way the platform will improve Cybereason's capabilities is by allowing Cybereason to take data from any source.
"Whether it's the endpoints that we've been protecting for multiple years now or other solutions that can integrate their logs from the Google Chronicle platform, bring everything into one place and create a truly expansive, end-to-end security product, that's something that does not exist," he said.
By partnering with Google, Cybereason hopes to expand the scale and speed of its threat hunting and incident response services. Those services also provide research on ransomware attacks and threat groups like the Iranian hackers dubbed "MalKamak," which Cybereason recently published about regarding a campaign that uses cloud storage service Dropbox.
Striem-Amit emphasized the large-scale analysis capabilities that can result from the combination of Google Cloud securities, Chronicle and Cybereason's threat hunting and detection engine. It's really a new category on how to secure the modern IT landscape, he said, and was developed after examining the needs of future security concerns.
Part of that problem involved securing all areas where work is happening, which has drastically In the past, Striem-Amit said the focus was inside or outside the network, but the pandemic accelerated a change and new challenges.
"If there's any company known to organize data globally, this is Google. And they brought this security around with the creation of Google's Chronicle products, but we brought that with the analytics engine, and that is the kind of ability to really shift and adjust to modern threats," Striem-Amit said.
As for modern threats, he said it's very easy for threat actors to attack one class of things and then move to the others. One example would be if an attacker accessed someone's email, then sent an email based on that person to other people in the business. It would be a more dangerous version of phishing, Striem-Amit said, because it comes from a very legitimate employee of the company and therefore may have a higher success rate. Another example he provided was if a threat actor stole credentials from the browser on an endpoint to then log into Salesforce and steal customer data from there.
"So, modern attackers really cross asset types, and work across the seams of all these things all the time," he said. "Cybereason XDR powered by Google Chronicle can give you an ability to see across the board, end-to-end, the entire attack scope, and respond with one click, regardless of which class of technologies are involved here."
According to Parizo, Google Cloud and Cybereason make for a good technological duo. He described Google Cloud's Chronicle solution as a SIEM-like data warehouse in the cloud. "It excels at data storage and fast querying for threat hunting, but it lacks telemetry sources from which to acquire threat data, particularly on the endpoint," he said.
Parizo said he also believes this partnership could end up being a prelude to an acquisition, though there has been no indication as of now. However, Parizo said Google is one of the few vendors that could afford to acquire Cybereason.
"The EDR vendor is already on the hook for more than $600 million in private equity funding," he said. "Should the partnership gain traction in the marketplace, an acquisition would be the next move to watch for."