Google’s one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats.
Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that can be helpful to figure out exactly what happened when a security incident occurs.
However, unfortunately, most companies either don’t collect the right telemetry or even when they do, it’s practically impossible for them to retain that telemetry for more than a week or two, making analysts blind if any security incident happens before that.
Backstory solves this problem by allowing organisations to privately upload and store their petabytes of “internal security telemetry” on Google cloud platform and leverage machine learning and data analytics technologies to monitor and analyse it efficiently to detect and investigate any potential threat from a unified dashboard.
“Backstory normalises, indexes, and correlates the data, against itself and against third party and curated threat signals, to provide instant analysis and context regarding risky activity,” Alphabet subsidiary Chronicle said in a blog post.
“With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever.”
Just like SIEM solutions, Backstory converts log data—such as DNS traffic, NetFlow, endpoint logs, proxy logs—into meaningful, quickly searchable and actionable information to help companies gain insights into digital threats and attacks on their networks, but at scale to offer a more complete picture of the threat landscape.
images from Hacker News