Google Chronicle announced Backstory, a cloud-based enterprise-level threat analytics platform that allows companies quickly investigate incidents, discover vulnerabilities and hunt for cyber threats.
Google aims at analyzing network data and logs generated by enterprises on a daily basis and investigate potential malicious activities. In most of the cases, companies fail to analyze this data or simply don’t collect for technical reasons.
Organizations will store their petabytes of “internal security telemetry” on Google cloud platform and use Google machine learning and data analytics technologies to analyze it and scan for malicious activities.
“Backstory normalizes, indexes, and correlates the data, against itself and against
“With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever.”
Backstory analyzes log data, including DNS traffic, NetFlow, endpoint logs, proxy logs and elaborates this huge trove of information into meaningful, and quickly searchable manner. Companies could use this data to quickly detect malicious activities.
Backstory aims at detecting patterns of malicious activities, it also compares data against “threat intelligence” data collected from other sources and partners (i.e. VirusTotal, Avast, Proofpoint and Carbon Black).
“Chronicle built a new layer over core Google infrastructure where you can upload your security telemetry, including high-volume data such as DNS traffic,
“Backstory compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly, It also continuously compares any new piece of information against your company’s historical activity, to notify you of any historical access to known-bad web domains, malware-infected files, and other threats.”
It is interesting the market approach adopted by Chronicle that will sell licenses based on the size of the company to monitor. The intent is clear, Google wants to collect as much data as possible from its customers, and a price model based on the volume of traffic to analyze could obstacle it.
“Since most organizations generate more data every year, their security bills keep rising, but they aren’t more secure.”
(SecurityAffairs – Backstory