Alphabet’s Chronicle launches security telemetry service Backstory

The company wants to merge “massive computational capacity” with today’s enterprise security needs.
Written by Charlie Osborne, Contributing Writer

Chronicle has debuted Backstory, a cloud-based cybersecurity telemetry service for the enterprise designed to give companies access to vast computing sources when examining their own security posture.

Owned by Google's parent company Alphabet, Chronicle is a year-old cybersecurity company which originated from the X moonshot factory.

Now established in its own right, the enterprise cybersecurity company says that its new product is "designed for a world that thinks in petabytes," and one that "will give enterprises a major leap over the current data storage and compute systems holding back their security."

In a Medium post this week, Chronicle documented how a year of releasing new features for VirusTotal -- which is also a part of the firm -- led to the challenge of finding the "backstory" which tied together malware, new threat alerts, internal network activity, and external attacks.

See also: Researchers granted server by gov officials link Sharpshooter attacks to North Korea

As a result, Backstory has been developed. The global cloud service is described as a way for the enterprise to "privately upload, store, and analyze their internal security telemetry to detect and investigate potential cyber threats."

The solution works by building a layer over Google infrastructure in which security telemetry data can be uploaded, including DNS traffic, endpoint logs, and proxy information.

This data is then indexed and analyzed, as well as compared against threat intelligence alerts and signals curated by Chronicle to detect potentially malicious activity.

CNET: Facebook, Twitter: We spot trolls based on how they act, not their posts

Chronicle says that the platform is also able to analyze historical data to notify administrators of any past access to malicious domains or malware-laden files which may indicate that a network is already at risk of compromise.

As an example, the linuxkrnl.net domain used in the Democratic National Committee (DNC) hack, believed to be the work of Russia, is connected to a vast number of IP addresses and other domains on VirusTotal.

Organizations attempting to work out whether or not they ever connected to one -- or many -- of these domains may be lacking this information as the incorrect telemetry data was collected, or was not retained beyond a few weeks. However, Chronicle claims that Backstory would hold this information, giving cybersecurity professionals access to this information within seconds.

TechRepublic: 10 enterprise network mistakes that open the door to hackers

After testing Backstory with enterprise firms ranging from 500 to 500,000 employees, the company says the licensing agreements have been tailored to avoid a model based on data usage, a concept which can often result in businesses blowing through their security budgets without any actual improvement to their security postures.

"Too often, vendors charge customers based on the amount of information they process," Chronicle says. "Since most organizations generate more data every year, their security bills keep rising, but they aren't more secure."

Facebook's worst privacy scandals and data disasters

Previous and related coverage

Editorial standards