Chronicle, Alphabet's Cybersecurity Moonshot, Is Coming To Google Cloud

Spun out of the secretive X division, Chronicle will merge with sister company Google, and its threat detection tools will later be directly integrated into GCP.


A "moonshot" cybersecurity company within Google parent Alphabet's portfolio will be merged with Google and its threat-detection technology integrated into Google Cloud, the Internet giant revealed on Thursday.

Chronicle was born in and spun out from the secretive X division, another Alphabet subsidiary that's essentially a factory for incubating next-generation technologies like Waymo self-driving cars and Loon balloons that provide Internet access in remote areas.

The startup's technology, which takes advantage of Google cloud infrastructure and analytics, protects enterprise systems with advanced threat detection information that helps security analysts evaluate alerts and focus on the most-serious threats.

Sponsored post

[Related: Google's Cloud Security Command Center Takes Watch At Google Cloud Next]

"This union will create a powerful and comprehensive security portfolio that will benefit all of our customers," wrote Google Cloud CEO Thomas Kurian in a company blog.

"With the trajectories of Chronicle and Google Cloud increasingly converging in response to customer needs, we want to bring these essential capabilities together for customers," Kurian said.

Chronicle's first commercial product was a data security system called Backstory.

"Chronicle’s Backstory investigation flows, added to Google Cloud’s detection, incident management and remediation capabilities, will create a comprehensive end-to-end solution that will enable customers to detect and mitigate threats faster, both within their cloud deployments and across their entire enterprise," Kurian said.

The company also offers VirusTotal, a malware intelligence service that will provide more threat data to customers running applications in Google Cloud, Kurian noted.

Third Eye Consulting, a Google partner based in San Francisco, recently built for IT services giant Merlin International an anomaly detection and correlation engine for telemetry data that delivers some capabilities similar to Chronicle.

"Such end-to-end security features are a must-have for enterprises, given the heightened state of security attacks worldwide," Third Eye founder and CEO Dj Das told CRN. "So it's a no-brainer that Google identified this early on and worked on it."

Once integrated into Google Cloud, the Chronicle solution will be deployed at cloud-scale, Das said, enhancing Chronicle’s value proposition, he said.

Chronicle on Google Cloud will impact the competitive landscape, he said.

Amazon Web Services and Microsoft will likely also build such threat intelligence capabilities going forward as the hyper-scale providers all look to eliminate concerns about security that first came up a decade earlier in the early days of public clouds.

But it's log analytics vendor Splunk that will be most-pressed to come up with a response, Das said, as Chronicle directly will compete with its enterprise big data analysis platform.

When Backstory was first released in March, Splunk's shares lost more than 7 percent of their value. (The stock didn't appear negatively impacted by Thursday's revelation that Chronicle would be absorbed into Google.)

Tej Luthra, CTO of Merlin International, an IT solutions provider based in Englewood, CO., said Chronicle presents "the best application of data, analytics, AI and contextualization that I have seen in a long time."

Most organizations are still not using adaptive security models, as urged by the National Institute of Standards and Technology's' Risk Management Framework. Instead, enterprises are adding point tools when needed that don’t work together in responding to threats, exasperating their problems, Luthra said.

"We see there are blind spots when one tool’s responsibility ends and the other's picks up. And every breach study shows a fundamental breakdown in trust, process and procedure that could’ve been avoided easily, like not exposing APIs unprotected, weak authentication, default passwords, exposed debug ports," Luthra told CRN.

Events registered at the beginning of a threat vector are typically isolated, forcing security analysts to tally up and correlate large amounts of information before taking action.

"With Backstory, the analyst is presented with not only the timeline of events in a chronological order, but data between devices, human interactions, security, network tools, file stores, documents and behavior are correlated upfront," Luthra told CRN. "This saves analysts valuable time to act on the incident.