Last Week Microsoft Announced Microsoft Azure Sentinel, a cloud based Security Information and Event Management System (SIEM) and a Threat Hunting and Analysis Service called Microsoft Threat Experts.
As Ray and I discussed on a recent video, available on Youtube, the best outcome of that announcement is if Google and Amazon make a similar announcement.
Well guess what?
One of those two made an announcement this week at RSA.
Google’s Chronicle Backstory is a direct competitor to Azure Sentinel. Chronicle is Google’s security arm.
Chronicle says that they have tested Backstory on organizations up to 500,000 users. For a year, THAT is big data.
Based on work that Google’s Threat Analysis Group used internally, this system is designed to allow a company to store petabytes of data in the Google cloud,analyze it and detect threat patterns.
The tools leverage Google’s Virus Total, which analyzes millions of malware samples, probably every day, and includes a dashboard called Nirvana.
Google says that you can upload your data – DNS traffic, Netflow data from your firewalls, endpoint logs, proxy data, etc. and it will be indexed and analyzed. Google SAYS that your data will remain private, but Google doesn’t have a great track record in that department. Of course, this is a different Alphabet company, Chronicle, and they will not be ad supported.
One thing that Google did at launch that Microsoft has not done, except vaguely, is announce what they call an Index Partner program – companies that have agreed to integrate with Backstory. They are demonstrating Carbon Black (an endpoint security product) and their integration with Backstory. They will be demoing Backstory at booth 2251 at RSA this week.
CAVEAT: Both of these technologies are young; neither has announced pricing.
Still this is nothing short of wonderful for the user community.
Maybe Amazon will be next. Surely, even with Mr. Bezos’ current personal distractions, he didn’t miss this one-two punch.
Stay tuned – closely tuned. This is good for you and me.