Backstory: An Alphabet Moonshot Wants to Store the Security Industry’s Data

Credit to Author: Lily Hay Newman| Date: Mon, 04 Mar 2019 21:10:34 +0000

It's a familiar playbook for Google and Alphabet: Offer high-quality products like Gmail or Chrome, build a massive user base, and then capitalize on that reach to paternalistically promote safer practices across the tech industry. So far, this strategy has generally proved to be extremely effective. Now Chronicle, a company born last year out of X, Alphabet's "moonshot factory," is going to try it for defending corporate networks.

On Monday, Chronicle announced its first product: Backstory. The tool is a cloud platform on which companies can store their network intelligence data indefinitely, allowing them to use Google's search smarts to comb through logs and gain insight into emerging digital security threats. For example, an organization that missed a breach on its network initially will be able to use Backstory to find the origins of the incident and track what played out as a result. Crucially, Backstory customers will also benefit from the discoveries Chronicle makes by looking for patterns and anomalies in the combined data set of all its clients.

For this effort, Chronicle is courting the broader security industry, hoping to share data with other threat intelligence firms, and even contract to provide data storage services for other security companies’ clients. Chronicle already has the security firms Avast and Proofpoint signed on as Backstory “insight partners,” and is also integrating with the endpoint security firm Carbon Black.

“One of the things that we unexpectedly found in IT departments was that there were a lot of these internal efforts to do something like this,” says Stephen Gillett, CEO of Chronicle. Gillett has previously served stints as the chief information security officer at Starbucks and chief operating officer at Symantec. “People tried to tackle this themselves, but they realized quickly that they don’t scale, they break. That’s why we’re working very hard to bring the security industry with us and actually get into technical integrations with them.”

A cloud platform that analyzes historic network intelligence data sounds like a million other security products on the market right now. But Gillett says that few can come anywhere close to offering the “nearly unlimited computing, nearly unlimited storage, and networking capabilities” of an Alphabet company. Customers will pay a flat rate for Backstory based on how many employees they have, unlike other offerings that charge primarily on the amount of data a customer is storing.

"We're really trying to walk that line between trying to make sure the companies have the tools they need, but also respecting the privacy of people."

Mike Wiacek, Chronicle

This is a classic benefit for a Google-adjacent company, and depending on how it fares under scrutiny with clients, Backstory seems like it could offer powerful services for defenders. In a demo for WIRED, Chronicle chief security officer Mike Wiacek showed how Backstory's user interface wrangles massive amounts of information into understandable, easily customizable data visualizations. The platform also works in tandem with another Chronicle-owned asset, VirusTotal, an invaluable index of malware samples that the security industry already relies on. VirusTotal and Backstory aren't directly integrated, but researchers within an organization or incident responders can use information they get from VirusTotal about a threat as fodder for search queries in Backstory. This way they can check whether a particular malicious domain or malware signature has ever cropped up on their network.

As always, though, all of this also invites questions about whether such initiatives overly centralize the tech industry. Collaboration within the security community and among defenders is certainly valuable and productive. But handing yet another Alphabet-owned company a huge chunk of sensitive data has its own tradeoffs. Wiacek was one of the architects of Google's internal security schemes, which have certainly proved their resilience so far, but with infinite data comes infinite responsibility.

At least companies who use Backstory can opt out of allowing Chronicle to analyze their data as part of a bigger picture. But Gillett says that he would personally try to win over any client who didn't feel comfortable participating in the larger community effort. And he says that customers will have a lot of control over how they make deals with Backstory. "Part of being Alphabet is we’re not Google," Gillett says. "Our privacy agreements are customer-specific."

Wiacek echoes that Chronicle is trying to be intentional about individual privacy with Backstory. The product will absorb more and more network data as it grows, but the design, he says, is meant to minimize personal data collection, while maximizing data retention that can potentially aid network defense.

"I don’t actually know what your emails are or what you sent," Wiacek says. "We’re not sniffing packets. We're really trying to walk that line between trying to make sure the companies have the tools they need, but also respecting the privacy of people who are on those networks."

If Backstory takes off within the security community the way Chronicle hopes, it may find itself struggling at times to do the good work it wants to do while walking that infinitely fraught line.

https://www.wired.com/category/security/feed/