Chronicle creates Backstory, a cloud service for analyzing enterprises’ security data

Chronicle, the cybersecurity subsidiary of Alphabet (Google’s parent company), has announced Backstory, a cloud platform that can be used by enterprises to sift through their historic security data: DNS traffic, netflow, endpoint logs, proxy logs, and so on.

About Backstory

“Backstory is a global cloud service where companies can privately upload, store, and analyze their internal security telemetry to detect and investigate potential cyber threats,” the company explained in a blog post.

“Backstory normalizes, indexes, and correlates the data, against itself and against third party and curated threat signals, to provide instant analysis and context regarding risky activity.”

The service is meant for companies that generate massive amounts of security telemetry and have trouble hiring trained analysts to make sense of it.

Chronicle launched the service at RSA Conference and will be demonstrating it to the attendees.

“This week we are also announcing our Index Partner program, including other security companies that have committed to integrate their products with Backstory, so that our mutual customers can automatically get insights about attacks from all of their security products. We’re also introducing our special Insight Partners, who have embedded their threat intelligence into the Backstory dashboard and analytics engine to offer insights about threats to any endpoint,” the company shared.

Proofpoint and Avast are inaugural Insight Partners and Carbon Black’s telemetry is already integrated into Backstory.

Popular file and URL analyzer site VirusTotal, which is also run by Chronicle, has not been integrated into the new service, but information provided by it – malware signatures, malicious domains, etc. – can be used for search queries in Backstory.

Should you trust Chronicle with your security data?

Insights gleaned from the data of each customer could be of benefit to the other customers, but Chronicle assures that all of the uploaded data remains private, that it isn’t scanned by or available to anyone for other purposes.

Also, customers can choose whether their data will or will not be used by the company to create the “bigger picture” of the threat landscape. (Whether that’s just for now or forever, it remains to be seen.)

For those not inclined to trust the company with any of their data, Chronicle CEO Stephen Gillett pointed out that Chronicle isn’t Google. “Our privacy agreements are customer-specific,” he told Wired. Also, the platform is designed to minimize data collection, he noted.