What I Like About Google Chronicle
As a company, Datashield has always been extremely selective in whom we partner with. We have been in the managed SIEM space for over 12 years and have seen a real technology evolution specific to this industry. As we continued to listen to our customers and prospects, a few key issues seemed to be present in most conversations. These issues are cloud-based, expanded data storage/retention, and pricing model. The partnership that we formed with the team at Google Chronicle has helped Datashield transform our service offerings and strategically position both of our companies with a much-needed offering in the marketplace.
Here are a few things that I really like about Google Chronicle and the value that combining the technology with our service has brought to our customer base.
Cloud-based - Let’s call it, the SIEM space has moved to the cloud. Previously, it seemed like the security conversation was more focused on the heavy infrastructure and data center requirements and tech refreshes than considering if this is the right toolset for my organization.
Today’s security stack must be agile and accessible. Chronicle is unique in its approach in that it does not necessarily identify as a SIEM (although truthfully it checks the majority of those boxes), but as a security data aggregation tool with the power and speed of Google. Leveraging the Google Cloud Platform (GCP), Chronicle is 100% cloud-based and allows users both customers and Datashield unlimited access to the console and security data while providing all the hardening and protection that Google naturally brings.
Data Storage & Retention - One of the absolute worst feelings as a Managed Service Provider is telling a customer, “I’m sorry we didn’t detect the threat because those logs are not feeding into the SIEM, or we don’t have visibility into the threat that happened two weeks ago because you only have 7 days of retention.” Not good for either side. I really feel for our customers because oftentimes the decision to not send data or have sufficient retention is a purely financial decision. In this case, budget dictates security.
Google Chronicle very quickly takes these huge problems off the table with unlimited data ingest (security data), and a baseline of 12 months retention (can be expanded). Datashield has recommended log sources and now we work with our customers to ensure good visibility for our analysts, not working around budget and retention constraints. The immediate result is increased protection and detection capabilities. No more sacrificing security for the budget.
Pricing Model - How many employees do you have? Done. It’s the only factor. No throughput calculations (hope it’s right!!), data ingestion rates, or server counts. Scoping is simply based on employee counts. At Datashield we have leveraged this model to provide enterprise-level security down market into a space where companies need security have not been able to previously justify the expenditure while comfortably onboarding large clients who appreciate a simplified pricing model that is easy to understand.
These are just a few of the things that I like about Google Chronicle. At Datashield, we see them as an absolute leader in the space. We have built a strong offering around the technology and are positioned with them through our partnership to provide the things that Datashield is best known for: white-glove service, prolific detection through our rules and alerts, and a reduction in time to detect and respond through our proprietary tool ShieldVision.
Have questions about Google Chronicle or for us here at Datashield?