Google’s enterprise cybersecurity venture, Chronicle announced “Backstory”, a new telemetry platform for enterprises to analyze their internal security telemetry to detect potential cyber threats.
Chronicle was announced by Alphabet company last year, it focuses entirely on Enterprise Cybersecurity. The virus total which was launched in June 2004 by a Swedish company, was later acquired by Google in September 2012 and now the ownership has been switched to the Chronicle.
With Backstory, you can upload your security telemetry that includes high-volume data such as DNS traffic, NetFlow, endpoint logs, proxy logs, etc and the data gets indexed and automatically analyzed.
The service compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly.
Also, Backstory compares the newly uploaded data to the company’s previous activity, to track the historical access to known-bad web domains, malicious files, and other threats.
“Backstory was designed for a world where companies generate massive amounts of security telemetry and struggle to hire enough trained analysts to make sense of it,” reads Chronicle Blog post.
Backstory cloud service offers organizations a private and secure cloud instance to store all organizations telemetry data. It “normalizes, indexes, and correlates the data, against itself and against the third party and curated threat signals, to provide instant analysis and context regarding the risky activity.”
“With Backstory, our analyst would know, in less than a second, every device in the company that communicated with any of these domains or IP addresses, ever.”
Building a system that can analyze large amounts of telemetry for you won’t be useful if you are penalized for actually loading all of that information. Too often, vendors charge customers based on the amount of information they process reads Chronicle post.