• United States



Senior Writer

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Mar 04, 20192 mins
GoogleNetwork SecuritySecurity

Feudal security just got even more feudal with Google's new Backstory security service.

big data / data center / server racks / storage / binary code / analytics
Credit: monsitj / Getty Images

Alphabet’s Google’s Chronicle’s Backstory–yes, the shell game is a mouthful–wants to be the mega-SIEM to end all SIEMs that lets enterprises know all the things forever and search them in less than a second.

Unlike other SIEMs that charge by data storage or usage, the new Backstory product is priced for unlimited data, Google told a press conference at its office in downtown San Francisco today. The company encourages full data retention forever–into the petabytes–thus enabling unlimited security telemetry.

However, either you pay for a product or you are the product, the old saying goes, and it’s clear that Google is hungry to consume enterprise security data for future profit-making ventures.

How big is your log?

Typical SIEMs cannot log more than a month or two of security data because of the sheer size of the data involved, limiting the insights security operations centers (SOCs) can extract from that data. As the Chronicle press release put it, “In a nutshell, [Chronicle is] the first global security data platform designed for a world that thinks in petabytes.”

Backstory is gunning for the on-premise security big data market, and the data it acquires from customers will be used to train better machine-learning models. Customers–“partners,” in Googlespeak–store their security telemetry in a “private cloud instance.” 

When CSO asked how private the cloud instances are, CEO Stephen Gillett said that Chronicle does have visibility into customers’ cloud instances but said, “We don’t share that with anybody.”

However, potential partners should be wary. Chronicle is subject to U.S. law, including subpoenas, lawful target warrants, as well as FISA warrants authorizing mass surveillance.

One price to rule them all

Enterprise SOCs are awash in data and struggle to make sense of it. There’s not enough good security talent to analyze it all. Orchestration and automation are the future of the modern SOC. Given Google’s vast resources of both cash and talent, it seems likely Backstory will gain traction quickly, and become a contender in the near future. Outsourcing your security telemetry to Chronicle, however, may be exposing your corporate secrets to the prying eyes of the U.S. government–a decision no enterprise should take lightly.

As for the prie fixe? Gillett declined to publicly say but emphasize that Chronicle “wanted to remove obstacles to data access and storage over time.”

Senior Writer

J.M. Porup got his start in security working as a Linux sysadmin in 2002. Since then he's covered national security and information security for a variety of publications, and now calls CSO Online home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent. He holds a Masters degree in Information and Cybersecurity (MICS) from UC Berkeley.

More from this author