SAN FRANCISCO—For want of effective threat analysis, was Hillary Clinton’s presidential campaign lost? Security startup Chronicle seems to think so.
Chronicle, one of the projects from Google parent company Alphabet’s X Moonshot Factory, debuted a new threat analysis product called Backstory that aims to replicate Google’s own threat detection and analysis infrastructure for the rest of the world—and even politicians.
At a press conference unveiling of Backstory on Tuesday near the RSA Conference here, Chronicle co-founder Mike Wiacek, who serves as the company’s chief security officer, made the point that emails were stolen from the Democratic National Committee and Democratic Congressional Campaign Committee, as alleged in indictments by Special Counsel Robert Mueller, because its security provider, CrowdStrike, missed traffic from malware that had infiltrated its systems. (Mueller’s indictment even mentions which malware was used by the hackers.)
The Backstory security data platform, which is built on Google’s infrastructure, would have exposed the Internet traffic of that malware long after the initial breach, Wiacek said.
“If the DNC had Backstory on their network, they would have been able to see this activity, and they would have been able to stop it,” he said.
Because of the high cost of storing traffic data, most of Chronicle’s competitors tend to retain only a few weeks of traffic—which is often critical to detecting and stopping breaches. Backstory is built to store and surface even years-old data by default.
“Backstory ends the ability for attackers to hide behind the statute of our own technical limitations. Massive telemetry that enterprises could not afford to log, or simply didn’t, may turn into extremely valuable signals,” Wiacek said. “It’s the only solution available built to store, index, and search unlimited security telemetry.”
Chronicle CEO Stephen Gillett dismissed concerns that Google itself will have access to corporate data shared with Chronicle. “We’re a completely separate company. Google employees can’t even badge into the building,” he said.
Gillett said that unlike its competitors, Backstory charges its customers a rate based on how many employees the company has, not how much data it needs to store. That’s a critical difference when your other big selling point is that your data is searchable going back years, if need be.
Backstory indexes the telemetry data and correlates it against threat intelligence supplied by Chronicle’s VirusTotal tool (acquired by Google in 2012) and other companies, including Carbon Black, Proofpoint, and Avast. It is designed to help its users see whether they’ve been breached by known threats or are being targeted by emerging attacks. That’s hardly a hypothetical scenario, as ransomware attacks against municipalities and hospitals often use similar or identical malware.
“Health care takes the longest to contain a security incident. Chronicle will address exactly that,” said Gene Zafrin, the head of information security at Oscar Insurance, which has been “actively” using Backstory for six months. “Our vulnerability management guy says he would need to use multiple tools over days or weeks to do what Chronicle can do in a couple of clicks.”
The market may agree with Zafrin. Companies that already provide similar services, including IBM, Rapid7, and Splunk, traded down in the hours after the Chronicle announcement. Splunk shares closed down 5 percent Monday.
While investors clearly had a positive reaction to the announcement, it’s too soon to tell how Backstory will ultimately impact its competitors or consumer data security, said Jon Oltsik, senior principal analyst at the research company Enterprise Strategy Group, who also attended the Tuesday press conference.
While a lot of security tools are similar to Backstory, Oltsik said its Google-like ability to collect massive amounts of data and sort through it very quickly are unparalleled strengths. “The proof is in the pudding, and I haven’t seen the product used,” he said.
But by launching Backstory, Oltsik added, Chronicle is “throwing a hand grenade into the market.”