Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/4/2019
09:40 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Chronicle Releases Chapter One: Backstory

Google spin-off Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.

RSA CONFERENCE 2019 – San Francisco – Chronicle, the division that spun out of Alphabet's X, rocked the cybersecurity industry today with a new security data platform that ultimately could whittle down the number of security tools organizations run today to monitor and manage incidents.

The new Backstory cloud-based service works with Chronicle's VirusTotal malware intelligence platform and lets organizations view previous security data over time and more quickly spot and pinpoint details on malicious activity. "It gives security teams insight into what's happening in the enterprise right now, with the same level of visibility into what happened yesterday, a month ago, even a year ago," for example, Stephen Gillett, Chronicle's CEO and co-founder said today in a media event for the rollout. 

What makes Backstory unique among other security offerings, not surprisingly, is its Google-esque approach to drilling down into activity on the network and devices and its ability to store, index, and search mass amounts of data. Most enterprises are constrained by the amount of data they can store and manage over a long period of time.

Backstory, however, could prompt some housecleaning for security teams and security operations centers that for years have been amassing multiple, and sometimes redundant, security tools and threat intelligence feeds. The platform is Chronicle's first commercially developed product.

Rick Caccia, chief marketing officer at Chronicle, told Dark Reading that among the tools that Backstory ultimately could replace or streamline are network monitoring, network traffic analysis, log monitoring, security information event management (SIEM) tools, and even threat intelligence feeds. Tool overload has become a chronic problem for organizations: The average company runs dozens of security tools and often doesn't have the people power to properly employ or even stay on top of the tools and the data they generate.

Several companies already are using Backstory, including manufacturing firm Paccar, Quanta Services, and Oscar Health, and several security vendors today announced partnerships to integrate with Backstory — Carbon Black, Avast, CriticalSTART, and others.

Chuck Markarian, CISO at Paccar, which builds trucks, said his company expects Backstory to replace anywhere from three to six of its existing security tools in the next year.

"In general, managing our costs is huge, [and] managing our spend in security, and figuring out how we can use less feeds," he said during a customer panel during the media event. Managing multiple security tools is challenging, he said, so whittling down the number of tools is key. 

"I can't find the people to manage it, and I keep going back to our board and saying 'I need another tool, I need another tool,'" Markarian said. "I want to get that number [of tools] dramatically down."

Backstory initially provides a tool for threat hunting and security investigations, said Jon Oltsik, senior principal analyst for Enterprise Security Group. "In its current iteration, I think Chronicle [Backstory] assumes a role for threat hunting and security investigations. Its pricing, data capacity, and query speed are built for this," he said.

Oltsik also predicted that Backstory will streamline and also eliminate the need for some point security tools.

"In the future, I could see Chronicle becoming an aggregation hub for other security analytics tools [such as endpoint detection and response, network traffic analysis, and threat intelligence, for example] and then subsuming some of these standalone technologies over time," depending on Chronicle's road map for the platform, he told Dark Reading.

Many large companies already have multiple security products for the same function, Chronicle's Caccia said. "They have three network monitoring tools and multiple SIEMs," for example, he said. Chronicle is pricing Backstory by customer, he said, hoping to target the pricing below its potential competitors. Some companies already spend a half-million dollars per year on tools, including subscribing to cloud-based capacity for storage and computing power for cloud services like that of Amazon, he said.

"Operation Aurora" Roots
Backstory grew out of the Google's firsthand experience in 2009 when the company was hacked by Chinese nation-state actors, during the so-called Operation Aurora. Former Google security engineers who used big data analytics to build internal security tools for the search engine giant in the wake of the attacks. That work influenced Chronicle's development of Backstory, led by former Google engineers and Chronicle co-founders Gillett and Mike Wiaceck, CSO at Chronicle.

During a demonstration of Backstory at the media event today, Wiaceck said the more data you add to Backstory, the more detailed a picture and story it provides of a threat or attack. "Attackers can't hide" in Backstory, he said.

Meanwhile, ICS/SCADA vendor Siemens, plans to offer Backstory as part of its managed security service for ICS customers, according to Leo Simonovich, global head of industrial cyber and digital security at Siemens, which partnered with Chronicle on Backstory.

"For us, it's providing our customers the understanding of what's happening in their environment," Simonovich said in an interview. "We're hoping one day [Backstory] will become the backbone of [our] managed security service."

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
marcos260
100%
0%
marcos260,
User Rank: Apprentice
4/9/2019 | 1:18:23 AM
Chronicle Releases Chapter One: Histria Anterior
Muito interessante essa nova plataforma do Google, sem dúvidas vai ajuda e muito para guarda os dados sem nenhum receio com a certeza de que tudo estará certo, e o bom é que as ferramentas do Google é muito intuitiva ajuda muito, assim poderei guardar meus projetos  no novo sofwet...

 
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16123
PUBLISHED: 2020-12-04
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by...
CVE-2018-21270
PUBLISHED: 2020-12-03
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
CVE-2020-26248
PUBLISHED: 2020-12-03
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
CVE-2020-29529
PUBLISHED: 2020-12-03
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
CVE-2020-29534
PUBLISHED: 2020-12-03
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.