Chronicle on Monday announced the launch of Backstory, a security telemetry platform that allows organizations to store and quickly analyze large amounts of data.
Chronicle, a subsidiary of Google’s parent company Alphabet, was launched in January 2018 and it has been put in charge of the VirusTotal platform. The company has now launched its first own product.
When investigating potential threats, security teams may need to analyze historical data. However, in many cases, due to data storage constraints, they can only store information for up to 30 days.
Chronicle aims to address this problem by offering a new product built on core Google infrastructure, which eliminates problems associated with limited storage space and significantly increases search speed.
According to Chronicle, Backstory provides infinitely elastic containers for data storage and pricing is not based on data volume. This allows organizations to store petabytes, or years’ worth of data and quickly analyze it if needed.
Enterprises can use Backstory to store even high-volume telemetry, including web proxy traffic, endpoint activity, and DNS traffic. They can analyze machine and user activity within their network, and the data is automatically checked against threat intelligence feeds, the VirusTotal database, and proprietary Chronicle signals. The company says enterprises can use Backstory to search tens of petabytes of data in roughly one second.
As a use case example, Chronicle provided the 2016 attack on the U.S. Democratic National Committee (DNC), which is widely believed to have been carried out by Russian hackers. Last year, the U.S. charged a dozen Russian nationals believed to have been involved and the indictment contains some information that could be useful to defenders, such as domain names.
For instance, the X-Agent malware used by the threat actors communicated with the domain linuxkrnl.net.
In many cases, organizations may be unable to determine if any of their systems ever communicated with this domain given that they only store security data for just a few weeks. However, since Backstory allows them to store years’ worth of data, they can more easily investigate attacks that may have taken place years ago.
“No other platform gives companies this historical context into their security data and network exposure,” Chronicle said.
Backstory can be integrated with products from several major cybersecurity vendors, and companies such as Avast and Proofpoint have embedded their own threat intelligence into the new product’s dashboard and analytics engine.
