Google’s cybersecurity venture Chronicle announced its first commercial product, called Backstory which is a cloud-based enterprise-level threat analytics platform designed to help companies quickly investigate incidents, pinpoint vulnerabilities and check for potential threats.
The network infrastructures in most companies generate large quantity of network data and logs regularly on a daily basis that can be used to find exactly what happened when a security incident occurs.
But there are several companies who does not collect the right telemetry or even if they collect it is practically impossible for them to retain that telemetry for more than a maximum of two weeks. This will not be helpful for the analysts in case of an occurrence of any security incident.
This problem can be solved by Backstory by permitting the companies to privately upload and store their petabytes of “internal security telemetry” on Google cloud platform and leverage machine learning and data analytics technologies to monitor and analyze it efficiently to detect and investigate any potential threat from a unified dashboard.
Backstory normalizes, indexes, and correlates the data, against itself and the third party and curated threat signals, to provide instant analysis and context regarding risky activity. With the help of Backstory the analysts will be able to know instantly all the device in the company that communicated with any of these domains or IP addresses, ever.
Backstory converts log data—such as DNS traffic, NetFlow, endpoint logs, proxy logs—into meaningful, quickly searchable information to help companies have an idea of the digital threats and attacks on their networks.
It also compares data against “threat intelligence” signals collected from various other sources, including the VirusTotal, Avast, Proofpoint and Carbon Black. Any information against your company’s historical activity will also be compared to notify about any historical access to known-bad web domains, malware-infected files, and other threats.
Chronicle wants its customers to collect and upload as much data as possible and so Backstory will not be priced based on the volume of customer’s data. Instead Chronicle will sell licenses based on the size of the company.
Splunk which is a company that offers a similar product, saw its stock down 5% at the time of close on Monday following the announcement of the Backstory service.