Alphabet 'moonshot' cybersecurity firm Chronicle goes home to Google

Chronicle, the security-focussed sibling of Google’s parent company Alphabet, will become part of Google Cloud. It means the VirusTotal malware information service will be part of Google's cloud infrastructure rival to Microsoft Azure and Amazon Web Services (AWS).

Google announced the sideways move on Thursday, proclaiming the “union will create a powerful and comprehensive security portfolio” for Google Cloud  customers.

Platform rivals Google and Microsoft have been bolstering integrated cybersecurity offerings. The two tech titans launched similar cloud-based security information and event management (SIEM) services within days of each other in March. Microsoft’s service is called Sentinel while Alphabet’s is called “Backstory”, both of which offered generous storage capacities for analyzing historical security data.  

Google is now shifting Chronicle and Backstory to Google Cloud, which has a smaller market share than leader Amazon Web Services (AWS) and Microsoft’s Azure cloud. Google had about 10 percent of the global cloud computing market in Q4 2018, according to analyst firm Canalys

Google Cloud, which provides services to enterprise customers, gave up on the Pentagon’s $10 billion JEDI contract last year because it lacked the security credentials to perform the task. It also underwent a leadership change in November after staff protests over its involvement in the Pentagon’s AI-inspired Project Maven drone initiative, which could have seen its software being used by the US military to kill people. 

The move back to Google is a curious one. Google acquired Spanish malware intelligence firm VirusTotal in 2012, which later became a key part of Chronicle after Google put itself under parent Alphabet in August 2015. 

Chronicle came on board under Alphabet in January 2018, emerging from the company’s “moonshot factory”, according to the story Google told at the time. 

The change makes sense, according to the explanation from current Google Cloud CEO, Thomas Kurian, who joined Google Cloud from Oracle in November. 

“At Google Cloud, our customers’ need to securely store data and defend against threats—either in the cloud or on premise—is a top priority,” said Kurian in a blogpost.  

“We approach security holistically, from the chip to the datacenter, with a continuously growing set of security capabilities that work in concert to deliver defense-in-depth at scale: from hardware infrastructure, service deployment and user identity, to storage, internet communication and security operations. With the trajectories of Chronicle and Google Cloud increasingly converging in response to customer needs, we want to bring these essential capabilities together for customers.”

Chronicle will become part of Google Cloud in the coming weeks and its full systems integration is expected to be complete by around October or fall in the northern hemisphere. 

“Chronicle’s VirusTotal malware intelligence services will be a powerful addition to the pool of threat data informing Google Cloud offerings, and will continue to support applications running on our platforms,” said Kurian. 

“Chronicle’s Backstory investigation flows, added to Google Cloud’s detection, incident management and remediation capabilities, will create a comprehensive end-to-end solution that will enable customers to detect and mitigate threats faster, both within their cloud deployments and across their entire enterprise.”

Read more: Researchers probe shady, dangerous stalkerware app industry

Tags SIEMGoogleVirusTotalAlphabetchronicle

Show Comments