Content, Security Operations

Chronicle, Google Sister Company, Launches Backstory Cloud SIEM (Sort Of)

Chronicle, owned by Google parent Alphabet, has launched a global security analytics platform called Backstory. The offering sounds similar to a SIEM (security information and event management) platform and may also complete with data-oriented security tools like Splunk.

It's the latest sign that cloud computing giants are stepping into the security market because no single tool or technology has effectively defended businesses from the evolving threat landscape. For instance, Microsoft launched its own SIEM called Azure Sentinel last week. And Amazon launched GuardDuty, a fully managed intelligent threat detection service, in  2017.

The spotlight is now on Chronicle Backstory, which is generating early buzz at the RSA Conference 2019 gathering this week in San Francisco.

Chronicle Backstory: Early MSSP and Reseller Partners

Instead of competing with the security market, Chronicle is touting more than a dozen relationships with technology companies, managed security services providers (MSSPs) and resellers.

Carbon Black is earning major buzz as an early data partner. Fortinet also is onboard.Dig a little deeper on  Chronicle's partner page, and the company mentions the need for "Managed Service and Consulting partners help customers design, deploy, and operate modern security solutions."

The company even touts such major service provider, consulting and MDR (managed detection and response) companies as Critical Start, Cyderes, eSentire, and Red Canary. Plus, Early platform resellers apparently include Critical Start and Fishtech, the company appears to be stating.

What is Chronicle Backstory?: The Answer Is...

According to a Chronicle-produced video description:

"Backstory is a global security telemetry platform for investigation and threat hunting within an enterprise network. It makes security analytics instant, easy, and cost-effective. Backstory is built on core Google infrastructure, and brings unmatched speed and scalability to analyzing massive amounts of security telemetry. As a cloud service, it requires zero customer hardware, maintenance, tuning, or ongoing management. Built for a world that thinks in petabytes, Backstory can support security analytics against the largest customer networks with ease."

Here's the video:

Video link

What Is Chronicle Backstory?: More Details...

Poke around the Chronicle web pages for Backstory, and the tool appears to focus on these three design goals:

1. Scale: Chronicle claims Backstory is:

  • Infinitely elastic because it's built on core Google infrastructure to offer an infinitely elastic container for storing enterprise security telemetry.
  • Cost effective because it leverages fixed pricing rather than data volume pricing (although actual pricing hasn't been disclosed).
  • Timeless because users can access to years of telemetry.
  • Easy to manage because Chronicle manages the scaling, backup, and performance tuning.

2. Smarter Signal Analysis: Chronicle claims Backstory offers...

  • Built-in threat signals sourced by Chronicle’s security engineering team.
  • Global data, local results based on a mix of proprietary data sources, public intelligence feeds, and other information.
  • Learning capabilities since the system gets smarter has users upload more telemetry.

3. A Way to Productivity: Chronicle claims Backstory can manage more volume and therefore deliver...

  • Faster answers since automatic analysis helps analysts understand suspicious activity in seconds, not hours.
  • Automatic threat detection since Backstory’s automated analysis engine correlates intelligence from global sources like VirusTotal with customers' own network and endpoint activity.

Admittedly, that's a lengthy list of lofty claims. Chronicle will attempt to back up those claims with a webinar on March 26.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.