Backstory leads cybersecurity services into the cloud

Alphabet’s cybersecurity division Chronicle has just launched its first commercial product, a security data platform called Backstory.

Perhaps unsurprisingly, given the family tree, the tool is modeled like a search engine. It comprises a global cloud service where companies can privately upload their internal security telemetry data, which can then be scoured for malicious content.

The idea is to provide compute power as a service to enterprises in a “world that thinks in petabytes”; “it’s a big milestone for us and one we hope will give enterprises a major leap over the current data storage and computer systems holding back their security,” read a blog post by Chronicle.

Chronicle has built a new layer over core Google infrastructure where companies can upload security telemetry, including DNS traffic, NetFlow, endpoint logs and proxy logs for analysis.

The program then compares the company’s network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly. It can detect known-bad web domains, malware infected files and other threats. The program is designed to analyze massive amounts of security telemetry and make sense of it, highlighting potential threats or anomalies.

The benefits of cloud-based cybersecurity

As enterprises increasingly wake up to the growing threat of cybercriminals ESG cybersecurity analyst, Jon Oltsik, predicted that 2019 would be the year of cloud-based cybersecurity analytics and operations.  These would provide companies defences without necessarily needing to hire extra specialist manpower or internal security information and event management (SIEMs) tools, provided by the likes of IBM, Rapid7, and Splunk.

“Security professionals are in short supply and prefer to spend their time actually doing security work instead of managing the security data infrastructure,” said Oltsik. “This is creating a large opportunity for cloud vendors, who already own global cloud infrastructure that can handle the volumes of security information being generated today.”

“I firmly believe that by the end of 2020, even organizations with dogmatic on-premises biases in industries like financial services, government, and military equipment manufacturing will eschew on-premises SIEM in favor of cloud-based alternatives,” he said.

According to ESG research, 28 percent of organizations collect, process, and analyze substantially more security data than they did two years ago, while another 49 percent collect, process, and analyze somewhat more security data.

As a result, companies are facing mounting pressure to employ additional security layers and are struggling to stretch budgets to cover the costs. Traditional vendors are seeing an upside in having cloud-based deployments while cybersecurity startups are also embracing the cloud-based backend on a massive scale.

Apart from Chronicle, Amazon and Microsoft are also investing heavily in artificial intelligence (AI) and machine learning (ML) for new cybersecurity solutions. Amazon has already acquired Sqrll and is poised to go forward with bigger security analytics and operations. Microsoft has so far been cagey about its plans but is expected to enter the fray this year as well with its own AI and ML inspired cybersecurity solution.

The global cyber security market is projected to exceed US$177 billion by 2025, with security and vulnerability management (SVM) anticipated to capture nearly 23 percent of the overall market share.

Ultimately, security analytics and operations is a big data application that is moving towards the cloud, and the onus is on IT industry leaders to strike the balance between their on-premises solutions and the burgeoning cloud approach.

According to Chronicle, pricing of its service won’t be based on the volume of data, but on the size of the company.