RSA Google-spawned security outfit Chronicle this week unveiled a service that analyzes telemetry data from customers' networks to detect cyber-attacks lurking among the rivers of packets.
Dubbed Backstory, the tool will allow IT admins to sift through things like DNS usage, endpoint activity logs, and Cisco NetFlow data to see who was doing what and when on corporate network. Additionally, Chronicle said it will allow customers to compare their logs and telemetry information against information gathered by Google and a number of "other sources," to verify whether activities on their systems are legit or malicious, though the Alphabet-backed company says it does not sell nor share any user data.
"Backstory compares your network activity against a continuous stream of threat intelligence signals, curated from a variety of sources, to detect potential threats instantly," Alphabet-owned Chronicle said in introducing the new service.
"It also continuously compares any new piece of information against your company’s historical activity, to notify you of any historical access to known-bad web domains, malware-infected files, and other threats."
S for Security is Google owner Alphabet's new favorite letterREAD MORE
The aim of all this, says Chronicle, is to make it easier for companies to track down where attacks are coming from and potentially spot ongoing attacks when they notice that their activity logs match up with the addresses and traffic patterns used by other known hacking operations. We can only hope it's more user-friendly and less clunky than real-time web-log-parsing tool Google Analytics.
Because Chronicle wants customers to collect and upload as much data as possible – since this is when the service is most effective – the Backstory service will not be charging based on traffic or data loads, but rather licensing costs will be calculated based on the size of the customer account.
"Building a system that can analyze large amounts of telemetry for you won’t be useful if you are penalized for actually loading all of that information. Too often, vendors charge customers based on the amount of information they process," Chronicle explained.
"Since most organizations generate more data every year, their security bills keep rising, but they aren’t more secure."
The service is set to go live later this week with a launch set to take place during the RSA Conference in San Francisco. ®
Sponsored: Webcast: Ransomware has gone nuclear