Early last year, Chronicle was spun out of X to be its own independent Alphabet company focussed on cybersecurity. The first new product from the group is a global security telemetry platform called Backstory.
Announced at RSA 2019, Backstory continues to leverage the scale afforded to them by Google’s vast compute and storage infrastructure. This new cloud service allows companies to privately upload, store, and analyze “internal security telemetry” to detect and investigate potential threats from a unified dashboard.
This includes DNS traffic, netflow, endpoint logs, proxy logs, and other “high-volume data.” Chronicle’s analytics engines will index and automatically analyze this information for threats, like known-bad web domains and malware-infected files. Indexing allows analysts to search through years’ worth of data instantly.
Backstory normalizes, indexes, and correlates the data, against itself and against third party and curated threat signals, to provide instant analysis and context regarding risky activity.
Chronicle is inviting third-party partners to integrate their threat detection systems into Backstory for a unified security experience. Inaugural partners include Avast and Proofpoint.
Backstory is a “first” because enterprise customers can store petabytes of data in a more affordable manner. Chronicle is taking advantage of Google’s vast infrastructure and a different licensing model that doesn’t charge based on data volume.
Building a system that can analyze large amounts of telemetry for you won’t be useful if you are penalized for actually loading all of that information. Too often, vendors charge customers based on the amount of information they process.
The new product also comes as it is increasingly a challenge for human analysts to sift through all this generated data alone. Chronicle notes that data uploaded to Backstory remains private and isn’t shared with other parties, while the service can scale across organizations ranging in size from 500 to 500,000 employees.