Alphabet’s Google’s Chronicle’s Backstory–yes, the shell game is a mouthful–wants to be the mega-SIEM to end all SIEMs that lets enterprises know all the things forever and search them in less than a second.
Unlike other SIEMs that charge by data storage or usage, the new Backstory product is priced for unlimited data, Google told a press conference at its office in downtown San Francisco today. The company encourages full data retention forever–into the petabytes–thus enabling unlimited security telemetry.
However, either you pay for a product or you are the product, the old saying goes, and it’s clear that Google is hungry to consume enterprise security data for future profit-making ventures.
How big is your log?
Typical SIEMs cannot log more than a month or two of security data because of the sheer size of the data involved, limiting the insights security operations centers (SOCs) can extract from that data. As the Chronicle press release put it, “In a nutshell, [Chronicle is] the first global security data platform designed for a world that thinks in petabytes.”
Backstory is gunning for the on-premise security big data market, and the data it acquires from customers will be used to train better machine-learning models. Customers–“partners,” in Googlespeak–store their security telemetry in a “private cloud instance,” except they are not private at all.
When CSO asked how private the cloud instances are, CEO Stephen Gillett confirmed that Chronicle does have visibility into customers’ cloud instances but said, “We don’t share that with anybody.”
However, potential “partners” should be wary. Chronicle is subject to U.S. law, including subpoenas, lawful target warrants, as well as FISA warrants authorizing mass surveillance.
One price to rule them all
Enterprise SOCs are awash in data and struggle to make sense of it. There’s not enough good security talent to analyze it all. Orchestration and automation are the future of the modern SOC. Given Google’s vast resources of both cash and talent, it seems likely Backstory will gain traction quickly, and become a contender in the near future. Outsourcing your security telemetry to Chronicle, however, may be exposing your corporate secrets to the prying eyes of the U.S. government–a decision no enterprise should take lightly.
As for the prie fixe? Gillett declined to publicly say but emphasize that Chronicle “wanted to remove obstacles to data access and storage over time.”
This story, “Better, badder, bigger SIEM coming your way, folks, courtesy of Google” was originally published by
Share this post if you enjoyed! 🙂