Pierluigi Paganini March 05, 2019

Google Chronicle launched Backstory, the first global security telemetry platform designed to allow companies monitoring cyber threats.

Google Chronicle announced Backstory, a cloud-based enterprise-level threat analytics platform that allows companies quickly investigate incidents, discover vulnerabilities and hunt for cyber threats.

Google aims at analyzing network data and logs generated by enterprises on a daily basis and investigate potential malicious activities. In most of the cases, companies fail to analyze this data or simply don’t collect for technical reasons.

Backstory is the first commercial solution proposed by Chronicle to address this need.

Organizations will store their petabytes of “internal security telemetry” on Google cloud platform and use Google machine learning and data analytics technologies to analyze it and scan for malicious activities.

“Backstory normalizes, indexes, and correlates the data, against itself and against third party and curated threat signals, to provide instant analysis and context regarding risky activity,” Alphabet subsidiary Chronicle said in a blog post.

“With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever.”

Backstory analyzes log data, including DNS traffic, NetFlow, endpoint logs, proxy logs and elaborates this huge trove of information into meaningful, and quickly searchable manner. Companies could use this data to quickly detect malicious activities.

Backstory aims at detecting patterns of malicious activities, it also compares data against “threat intelligence” data collected from other sources and partners (i.e. VirusTotal, Avast, Proofpoint and Carbon Black).

“Chronicle built a new layer over core Google infrastructure where you can upload your security telemetry, including high-volume data such as DNS traffic, netflow, endpoint logs, proxy logs, etc., so that it can be indexed and automatically analyzed by our analytics engine. Your data remains private — it isn’t scanned by or available to anyone for other purposes.” continues the blog post.

“Backstory compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly, It also continuously compares any new piece of information against your company’s historical activity, to notify you of any historical access to known-bad web domains, malware-infected files, and other threats.”

It is interesting the market approach adopted by Chronicle that will sell licenses based on the size of the company to monitor. The intent is clear, Google wants to collect as much data as possible from its customers, and a price model based on the volume of traffic to analyze could obstacle it.

“Building a system that can analyze large amounts of telemetry for you won’t be useful if you are penalized for actually loading all of that information. Too often, vendors charge customers based on the amount of information they process,” Chronicle explained.

“Since most organizations generate more data every year, their security bills keep rising, but they aren’t more secure.”

Pierluigi Paganini

(SecurityAffairs – Backstory , hacking)

[adrotate banner="5"]

[adrotate banner=”13″]