Resolution Intelligence Cloud is a new way to manage risk to business impact and optimize overall digital ops for maximum efficiency and security. It's a cloud-native data analytics platform for security and digital ops data at scale that uses an open architecture, so it plays well with other security and ops tools you have.
And it has the scale and speed of Google Chronicle SIEM built in. Furthermore, it integrates with Google Chronicle SOAR (formerly Siemplify) as well as other SOARs and ITSMs like ServiceNow and Jira.
Extended Detection and Response (XDR) is a category with a variety of definitions. It's often viewed as the next generation of Endpoint Detection and Response (EDR), offering integrations and analytics on top of EDR alerts. Resolution Intelligence Cloud can ingest XRD and EDR data.
Resolution Intelligence Cloud takes a different approach, boosting both SOC and NOC effectiveness. It ingests all security and digital operations telemetry without extra cost, runs advanced data analytics to correlate data points, and detects patterns over time, in real time. It provides situational awareness and context beyond what EDRs or XDRs capture, and it automates Level-1 and Level-2 tasks.
Resolution Intelligence Cloud uses Google Chronicle as its infinitely scalable, super-fast security data lake. You get all the functionality of Chronicle plus Resolution Intelligence Cloud adds important features for enterprises and service providers: multi-level multitenancy, rule and parser packs, rule and parser management, real-time dashboards, data analytics, machine learning, automation, situational awareness, ActOns, collaboration war rooms, and more. For more info, see the Resolution Intelligence Cloud platform page.
Resolution Intelligence Cloud ingests operations data as well and correlates it with your security data, so security and digital ops teams have a common operational view as well as a single place to collaborate.
Resolution Intelligence Cloud collects data through Google Chronicle data forwarders and APIs. This covers almost 98% of security detection tools and telemetry. If you need another integration, Netenrich can help with custom parsers.
An ActOn is like an incident. It's a situation that may cause or has already caused negative impact on confidentiality, integrity, and/or availability PLUS the situational awareness needed to quickly determine appropriate response.
ActOns gather, prioritize, and present curated, contextual data – like related alerts, events, asset, and user data, evidence, and more. Each ActOn has a quantified risk score (based on likelihood, impact, and confidence), so analysts know where to focus first.
ActOns increase efficiency and effectiveness with the contextual information that analysts need at their fingertips.
For each ActOn, Resolution Intelligence Cloud quantifies a single risk score by determining Likelihood (connects what happened with how), Impact (measures potential impact on customers, business, and information), and Confidence (measures the prevalence of a signal in the context of the environment: is this a true positive?). The platform combines these values into a single risk score and presents the evidence as part of the ActOn.
Risk scores are based on extensive correlation and data across security and operations.
The Resolution Intelligence Cloud possesses the capability to ingest and seamlessly integrate with a multitude of threat intelligence sources, which encompass Netenrich Knowledge Now threat intelligence and Google Cloud Threat Intelligence.
Actionable insights are conclusions drawn from data that can be turned directly into an action or a response. Resolution Intelligence Cloud generates actionable insights from big data – your security and ops data – and presents them as ActOns.
Data can paint a picture of what happened. But it’s the related data — situational awareness — that explains why it happened, which is often what makes an insight actionable and accelerates appropriate response.