Backstory – Alphabet’s first product: real-time security management service
When Alphabet was formed in 2015 as a parent company for Google, it wasn’t immediately clear what function it would perform. Obviously, we knew all about the Google search engine and everything that clusters around it. But there were major question marks about what other products Alphabet would develop and market to go alongside its web search services.
Now, the picture is becoming much clearer, and a group of subsidiaries are starting to create identities of their own.
From a cybersecurity perspective, Chronicle could be the most interesting of all.
Founded in 2018, Chronicle operates in the business cybersecurity realm, with a specific focus on providing tools to combat digital crime.
In early 2019, the company announced Backstory, it’s new suite of crime-busting tools. As the risk of cybercrime soars, that could be headline news. But what does Backstory have to offer, and could it be of use to your business?
Backstory: could it be a game-changer for business security?
Put simply, Backstory aims to harness the computational power commanded by Alphabet’s most famous subsidiary, and use it to analyze real-time threats for individual businesses.
From the original slogan “Don’t Be Evil,” Alphabet have transitioned to “Give Good the Advantage” and market Chronicle’s new baby as a universal tool for website managers.
The personnel behind the product mostly come from Google’s own threat mitigation team, and they have brought across a number of tools which protect the search engine’s (massive) data resources.
For instance, this includes:
- VirusTotal – Invented in Spain in 2004, VirusTotal was acquired by Google in 2012, and essentially seeks to create a holistic arsenal of antivirus tools. It aggregates data from major antivirus services, including Avast, and is thought to provide the most comprehensive insurance available against virus and malware threats. So it’s good to have in the Backstory package.
- Nirvana – A dashboard suite which provides instant insights into threats, as well as features like vaults, blacklists, etc. It should be ported over in some form to Backstory, giving users maximum awareness of the state of their security.
- Threat Analysis Group (TAG) – the core of Google’s cybersecurity apparatus, TAG is a community of experts who provide instant support when threats arise. A diluted form is likely to be available for Chronicle’s customers.
How Backstory is likely to work
According to Chronicle’s founders, their cybersecurity tools will be based in the Cloud. Each client will be assigned their own web space on Chronicle’s Cloud servers, where they will be able to upload “telemetry.” This includes things like proxy logs, DNS, endpoint logs, and netflow – everything that passes through a company’s own networks.
This stream of data will then be fed into Chronicle’s computational systems, and analyzed for current threats. The telemetry data will also be privately stored on Chronicle’s Cloud servers.
It isn’t clear exactly how this data will be used beyond that. However, it would be surprising if the data isn’t anonymized and amalgamated with other Chronicle clients, providing a massive reserve of data to be used in tracking and mitigating online threats.
In theory, this should provide a cost effective alternative to building complex cybersecurity mitigation systems, and hiring experts to maintain them. And it also enhances the security of the online business community in a wider sense. We should have more awareness of the kind of threats posed to online businesses, along with ways to counteract them.
Using history to understand ongoing threats
One important aspect of Backstory that customers might miss on first glance is the way the software analyzes historical data. According to Chronicle, it will be able to compare “any new piece of information against your company’s historical activity, to notify you of any historical access to known-bad web domains, malware-infected files, and other threats.”
The DNC hack in 2016 furnishes a good example of how this might work.
In court filings arising from the notorious information leak, it emerged that malware had been injected onto DNC servers via a domain named “linuxkrnl.net.” When this entered the public domain, it immediately raised questions about whether other organizations had interacted with that domain in any way.
Normally, security analysts would only have very recent data to work with. So they might be able to tell whether a company had connected with linuxkrnl.net in the past couple of weeks.
Chronicle claim that Backstory can do a lot better. By feeding data through VirusTotal, it might be possible to discover other domains linked to sites like linuxkrnl.net, and then to analyze whether our sample company had dealings with them.
Moreover, when corporate telemetry is fed through Backstory, the system will generate a running “history” of every connection made by the company’s servers. So, should dangerous malware sources be identified in the future, analysts will be able to tell straight away whether their company has been exposed.
This could eliminate much of the uncertainty that surrounds cybersecurity, and enable companies to stay one step ahead of cybercriminals, so it’s an encouraging development.
When will Backstory be available, and will it be expensive?
One of the positive things about Chronicle’s new cybersecurity offering is the likely business model. As the creators explain, many similar services charge clients based upon data usage. So, as your data needs increase, your cybersecurity analysis bills can surge. That’s not a good model for expanding companies, and can be prohibitive for smaller businesses, leading them to unsafe working practices.
Backstory won’t charge by data usage – which is a good sign. Chronicle says that its software is “licensed differently,” avoiding those massive spikes. But what does this mean?
It’s worth remembering the saying that “if a product is free, you’re the product.” Now, Backstory won’t be free of charge, but if it is significantly cheaper than the competition, where do the savings come from? That’s worth keeping an eye on as the roll-out develops.
And that roll-out is in full swing.
March 2019 saw the announcement of Chronicle’s “Insight Partner” program, which brings together major players from the cybersecurity world.
These partners include Avast, whose Avast Secureline VPN is one of the most reliable available. The idea is that Insight Partners will integrate their products with Backstory, providing deeper threat analysis than would otherwise be available. And with partners like Avast on board, they should make a major contribution.
Companies cannot order an installation just yet, although a full release is just around the corner. Until then, you can contact Chronicle to ask for more information, or wait to see how Chronicle’s proof of concept exercises turn out.
Either way, if you’re serious about cybersecurity, this is a set of tools that could be revolutionary. So stay in the loop.
