In
a
bid
to
help
healthcare
organizations
defend
themselves
from
threats,
Google
Cloud
announced
it
will
be
integrating
the
healthcare
threat
intelligence
feed
with
its
Chronicle
platform.
Healthcare
and
life
sciences
organizations
connect
and
share
threat
intelligence
as
part
of
the
Health
Information
Sharing
and
Analysis
Center
(Health-ISAC).
Members
share
threat
indicators
–
forensic
artifacts
such
as
suspicious
files,
URLs,
email
addresses,
network
addresses,
sampled
traffic,
and
activity
logs
–
through
the
Health-ISAC
Indicator
Threat
Sharing
(HITS)
feed.
The
crowd-sourced
approach
allows
other
members
to
use
the
shared
information
to
investigate
whether
the
same
threats
are
present
in
their
environment
and
update
defenses
as
needed.
HITS
shares
cyber
threat
intelligence
through
machine-to-machine
automation.
Google
Cloud
security
engineers
worked
with
Health-ISAC
Threat
Operations
Center
to
develop
an
open
sourced
integration
that
connects
HITS
directly
with
the
Chronicle
Security
Operations
information
and
event
management.
This
way,
members
can
ingest
the
shared
threat
indicators
into
Chronicle
and
use
that
information
to
automate
threat
analysis
decisions.
There
are
setup
instructions
for
STIX/TAXII
feeds
on
GitHub.
“The
integration
with
Chronicle
can
help
Health-ISAC
members
discover
threats
more
rapidly,
and
can
also
assist
in
evicting
malicious
actors
from
their
infrastructure,”
Taylor
Lehmann,
director
in
the
Office
of
the
CISO,
and
Adam
Licata,
a
product
manager,
said
in
the
announcement.
The
latest
Chronicle
integration
is
part
of
Google
Cloud’s
investment
as
an
Ambassador
partner
–
a
way
for
non-healthcare
organizations
to
share
experts
(Google
Cybersecurity
Action
Team)
and
resources
(Threat
Horizon
Report)
with
the
members
of
the
ISAC.