Google Chronicle announced Backstory, a cloud-based enterprise-level threat analytics platform that allows companies quickly investigate incidents, discover vulnerabilities and hunt for cyber threats.
Google aims at analyzing network data and logs generated by enterprises on a daily basis and investigate potential malicious activities. In most of the cases, companies fail to analyze this data or simply don’t collect for technical reasons.
Organizations will store their petabytes of “internal security telemetry” on Google cloud platform and use Google machine learning and data analytics technologies to analyze it and scan for malicious activities.
“Backstory normalizes, indexes, and correlates the data, against itself and against
“With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever.”
Backstory analyzes log data, including DNS traffic, NetFlow, endpoint logs, proxy logs and elaborates this huge trove of information into meaningful, and quickly searchable manner. Companies could use this data to quickly detect malicious activities.
Backstory aims at detecting patterns of malicious activities, it also compares data against “threat intelligence” data collected from other sources and partners (i.e. VirusTotal, Avast, Proofpoint and Carbon Black).
“Chronicle built a new layer over core Google infrastructure where you can upload your security telemetry, including high-volume data such as DNS traffic,
“Backstory compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly, It also continuously compares any new piece of information against your company’s historical activity, to notify you of any historical access to known-bad web domains, malware-infected files, and other threats.”
It is interesting the market approach adopted by Chronicle that will sell licenses based on the size of the company to monitor. The intent is clear, Google wants to collect as much data as possible from its customers, and a price model based on the volume of traffic to analyze could obstacle it.
“Since most organizations generate more data every year, their security bills keep rising, but they aren’t more secure.”
(SecurityAffairs – Backstory
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.