Google’s one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats.Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that can be helpful to figure out exactly what happened when a security incident occurs.
However, unfortunately, most companies either don’t collect the right telemetry or even when they do, it’s practically impossible for them to retain that telemetry for more than a week or two, making analysts blind if any security incident happens before that.
Backstory solves this problem by allowing organizations to privately upload and store their petabytes of “internal security telemetry” on Google cloud platform and leverage machine learning and data analytics technologies to monitor and analyze it efficiently to detect and investigate any potential threat from a unified dashboard.
“Backstory normalizes, indexes, and correlates the data, against itself and against third party and curated threat signals, to provide instant analysis and context regarding risky activity,” Alphabet subsidiary Chronicle said in a blog post.”With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever.”
Just like SIEM solutions, Backstory converts log data—such as DNS traffic, NetFlow, endpoint logs, proxy logs—into meaningful, quickly searchable and actionable information to help companies gain insights into digital threats and attacks on their networks, but at scale to offer a more complete picture of the threat landscape.
Backstory also compares data against “threat intelligence” signals collected from a variety of partners and other sources, including the Alphabet-owned VirusTotal, Avast, Proofpoint and Carbon Black.
“Backstory compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly,” Chronicle said.
“It also continuously compares any new piece of information against your company’s historical activity, to notify you of any historical access to known-bad web domains, malware-infected files, and other threats.”
Since Chronicle wants customers to collect and upload as much data as possible, Backstory will not be priced based on the volume of customer’s data, but rather Chronicle will sell licenses based on the size of the company.
“Building a system that can analyze large amounts of telemetry for you won’t be useful if you are penalized for actually loading all of that information. Too often, vendors charge customers based on the amount of information they process,” Chronicle explained.
“Since most organizations generate more data every year, their security bills keep rising, but they aren’t more secure.”
Microsoft has also recently announced similar security analytics services, called Threat Hunter and Azure Sentinel, which Microsoft is pitching as the “first native SIEM within a major cloud platform” to help companies detect, prevent, and respond to threats across their networks.
Splunk, a company that offers a similar product, saw its stock down 5% at the time of close on Monday following the announcement of the Backstory service.