What if you had a machine-learning SIEM bot? Google parent Alphabet is building one—to keep an eye on your logs and take autonomous action against security threats.
Known as Chronicle, it will analyze your (ahem) big data, using (ahem) AI, and (ahem) real-time intelligence. Plus the VirusTotal team are in there somewhere, adding up to an aspirational 10x improvement in … err … something.
But hang on a minute, haven’t we heard all that before—from Redmond and Armonk, to name but two? In this week’s Security Blogwatch, we experience déjà vu all over again.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Izac Less is more …
Is it soup yet?
What’s the craic? Larry Dignan incubates this eggcellent writeup—Alphabet hatches cybersecurity company:
Chronicle … is in the early stages of developing a cybersecurity intelligence and analytics platform using techniques used at Google. [It] was hatched two years ago and enhanced by the 2012 acquisition of VirusTotal, a malware intelligence service.
…
[But] the cybersecurity space is littered with vendors. … Then again, Chronicle can ultimately be bundled with Google Cloud Platform and have distribution to enterprises easily.
Do we know much more? Mike Lennon imagines, thuswise:
Few details have been provided, and many questions remain on exactly what Chronicle’s platform will bring to the table, and how it will be deployed in an enterprise. With that said, Google has been innovative with its own internal security tools and initiatives.
…
In June 2017, Google shared details on the security infrastructure that protects its data centers. Late last year, Google also shared detailed information on how it protects service-to-service communications within its infrastructure … and the system it uses for data protection. [It] also has provided technical details on how it uses a “Tiered Access” model to secure devices for its global workforce.
Not much to go on, is it? Chronicle CEO Stephen Gillett shaves the day: [You’re fired—Ed.]
I’d like to introduce you to Chronicle, a new independent business within Alphabet that’s dedicated to helping companies find and stop cyber attacks. [It] will have two parts: a new cybersecurity intelligence and analytics platform that we hope can help enterprises better manage and understand their own security-related data; and VirusTotal … which will continue to operate as it has.
…
Security threats are growing faster than security teams and budgets can keep up, and there’s already a huge talent shortage. … At large companies, it’s not uncommon for IT systems to generate tens of thousands of security alerts a day. … As a result, it’s pretty common for hackers to go undetected for months.
…
We believe there’s a better way. … We are building our intelligence and analytics platform to solve this problem. … None of us have to settle for cybercrime being a fact of life, or for a reactive, expensive existence of cleanup and damage control.
Errm, clear as mud, amirite? Astro Teller Ph.D. tries a different metaphorical track:
Cybercrime is the latest problem that’s slipping into the “yeah, yeah” zone. … As in, “yeah, yeah, a lot of people have diabetes, there are things to manage it.”
…
Solving this problem isn’t simply a question of time. … We have to start fresh.
…
The digital world needs an “immune system.” … Hackers aren’t invisible; they leave tiny clues like a virus or bacteria in the bloodstream while they quietly harm the host.
…
Your body solves this problem … by building antibodies. … What if we could find a way to do the same kind of real-time adaptation … to keep companies safe?
I don’t know about you, but I can’t help thinking we’ve heard this tune sung before. So does EmJay:
[Microsoft] already does this for Office 365 customers. Google is probably the only other company with the scale to be able to use the AI to do this across an enormous dataset.
…
We are about 2/3 of the way through it and the insights we are seeing are eye opening.
And Duncan Riley drives the point home:
Stephen Gillett, chief executive of Chronicle [was] former chief operating officer at security giant Symantec. … There’s no shortage of security companies pitching machine learning artificial intelligence early detection services.
…
No doubt Chronicle will provide more information in the future as to how it’s really any different.
“No doubt”? Not when they can rely on Brian Krebs to recycle the story:
Countless organizations rely on a hodgepodge of security software, hardware and services to find and detect cybersecurity intrusions. … The problem is that the sheer volume of data produced by these tools is staggering.
…
It’s not terribly clear from [the] blog post[s] how exactly Chronicle will differentiate itself. … But it’s worth considering the impact that VirusTotal has had. [It] handles approximately one million submissions each day.
Isn’t it about time someone mentioned “Big Data”? Martijn “@martijn_grooten” Grooten obliges:
Big data generates good threat intel, and Google's data is bigger than everyone else's, but I do wonder how much of their own data they're legally and ethically able to mine.
And DyslexicAtheist wanders around the park, whistling hopefully:
[It] doesn't really look like Chronicle provides anything that [isn't] already covered by Elasticbeam (which compared to Chronicle has been on the market since 3+ years and works exceptionally well). [I] wonder why Google/Alphabet would be that late to the party and offer nothing that isn't already out there.
Yawn.
Hey hey, g’day, Patrick “@riskybusiness” Gray:
Google has so much data and so many amazing internal resources that my gut reaction is to think this new company could be a meteor aimed at planet Threat Intel™. … Definitely interesting.
…
Imagine if other companies spin out their tools... Netflix, Amazon, Facebook etc. That could be a fundamentally reshaped industry.
…
Looking forward to finding out more.
But wait. Where have I seen that logo before? Thus asks Joel_W:
It seems they're almost making a joke out of Bing over this, as they've clearly made their logo a "c" in the same style that Bing made their logo a "b". Same typeface almost too.
Meanwhile, this Anonymous Coward isn’t exactly holding their breath:
Google has ZERO clue how to sell, you know, to people: The ones who'd care about stuff like this.
So unless their tech is just amazing stuff - and it sounds undifferentiated - I'm skeptical at best.
The moral of the story? Bold claims deserve more detail. The Google knows it should be forthcoming Real Soon Now.
And finally …
Isaac Moores has been working on this “for almost a year” with Glenn Patton
You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
