Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/4/2019
09:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Chronicle Releases Chapter One: Backstory

Google spin-off Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.

RSA CONFERENCE 2019 – San Francisco – Chronicle, the division that spun out of Alphabet's X, rocked the cybersecurity industry today with a new security data platform that ultimately could whittle down the number of security tools organizations run today to monitor and manage incidents.

The new Backstory cloud-based service works with Chronicle's VirusTotal malware intelligence platform and lets organizations view previous security data over time and more quickly spot and pinpoint details on malicious activity. "It gives security teams insight into what's happening in the enterprise right now, with the same level of visibility into what happened yesterday, a month ago, even a year ago," for example, Stephen Gillett, Chronicle's CEO and co-founder said today in a media event for the rollout. 

What makes Backstory unique among other security offerings, not surprisingly, is its Google-esque approach to drilling down into activity on the network and devices and its ability to store, index, and search mass amounts of data. Most enterprises are constrained by the amount of data they can store and manage over a long period of time.

Backstory, however, could prompt some housecleaning for security teams and security operations centers that for years have been amassing multiple, and sometimes redundant, security tools and threat intelligence feeds. The platform is Chronicle's first commercially developed product.

Rick Caccia, chief marketing officer at Chronicle, told Dark Reading that among the tools that Backstory ultimately could replace or streamline are network monitoring, network traffic analysis, log monitoring, security information event management (SIEM) tools, and even threat intelligence feeds. Tool overload has become a chronic problem for organizations: The average company runs dozens of security tools and often doesn't have the people power to properly employ or even stay on top of the tools and the data they generate.

Several companies already are using Backstory, including manufacturing firm Paccar, Quanta Services, and Oscar Health, and several security vendors today announced partnerships to integrate with Backstory — Carbon Black, Avast, CriticalSTART, and others.

Chuck Markarian, CISO at Paccar, which builds trucks, said his company expects Backstory to replace anywhere from three to six of its existing security tools in the next year.

"In general, managing our costs is huge, [and] managing our spend in security, and figuring out how we can use less feeds," he said during a customer panel during the media event. Managing multiple security tools is challenging, he said, so whittling down the number of tools is key. 

"I can't find the people to manage it, and I keep going back to our board and saying 'I need another tool, I need another tool,'" Markarian said. "I want to get that number [of tools] dramatically down."

Backstory initially provides a tool for threat hunting and security investigations, said Jon Oltsik, senior principal analyst for Enterprise Security Group. "In its current iteration, I think Chronicle [Backstory] assumes a role for threat hunting and security investigations. Its pricing, data capacity, and query speed are built for this," he said.

Oltsik also predicted that Backstory will streamline and also eliminate the need for some point security tools.

"In the future, I could see Chronicle becoming an aggregation hub for other security analytics tools [such as endpoint detection and response, network traffic analysis, and threat intelligence, for example] and then subsuming some of these standalone technologies over time," depending on Chronicle's road map for the platform, he told Dark Reading.

Many large companies already have multiple security products for the same function, Chronicle's Caccia said. "They have three network monitoring tools and multiple SIEMs," for example, he said. Chronicle is pricing Backstory by customer, he said, hoping to target the pricing below its potential competitors. Some companies already spend a half-million dollars per year on tools, including subscribing to cloud-based capacity for storage and computing power for cloud services like that of Amazon, he said.

"Operation Aurora" Roots
Backstory grew out of the Google's firsthand experience in 2009 when the company was hacked by Chinese nation-state actors, during the so-called Operation Aurora. Former Google security engineers who used big data analytics to build internal security tools for the search engine giant in the wake of the attacks. That work influenced Chronicle's development of Backstory, led by former Google engineers and Chronicle co-founders Gillett and Mike Wiaceck, CSO at Chronicle.

During a demonstration of Backstory at the media event today, Wiaceck said the more data you add to Backstory, the more detailed a picture and story it provides of a threat or attack. "Attackers can't hide" in Backstory, he said.

Meanwhile, ICS/SCADA vendor Siemens, plans to offer Backstory as part of its managed security service for ICS customers, according to Leo Simonovich, global head of industrial cyber and digital security at Siemens, which partnered with Chronicle on Backstory.

"For us, it's providing our customers the understanding of what's happening in their environment," Simonovich said in an interview. "We're hoping one day [Backstory] will become the backbone of [our] managed security service."

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
marcos260
100%
0%
marcos260,
User Rank: Apprentice
4/9/2019 | 1:18:23 AM
Chronicle Releases Chapter One: Histria Anterior
Muito interessante essa nova plataforma do Google, sem dúvidas vai ajuda e muito para guarda os dados sem nenhum receio com a certeza de que tudo estará certo, e o bom é que as ferramentas do Google é muito intuitiva ajuda muito, assim poderei guardar meus projetos  no novo sofwet...

 
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3654
PUBLISHED: 2019-11-22
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be gener...
CVE-2014-2214
PUBLISHED: 2019-11-22
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2014-6310
PUBLISHED: 2019-11-22
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-6311
PUBLISHED: 2019-11-22
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2019-16763
PUBLISHED: 2019-11-22
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs (or vbscript:), allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if ...