Security news that informs and inspires

Google Cloud Takes Chronicle, Future of VirusTotal Murky


Eighteen months after Alphabet’s “X” moonshot factory officially launched Chronicle as a separate enterprise security company, the startup is being folded into Google Cloud and its products are becoming part of Google’s security portfolio.

“Chronicle’s products and engineering team complement what Google Cloud offers,” said Google Cloud CEO Thomas Kurian. Chronicle’s security tools will be fully integrated into Google Cloud by the fall.

Bringing Chronicle and its security intelligence and analytics capabilities—in the form of malware and virus scanning service VirusTotal and Backstory, the SIEM-on-steroids platform launched in April—into Google Cloud makes a lot of sense, but enterprises should pay careful attention to the upcoming integration and the future of Chronicle products.

As enterprises move more of their workloads into cloud infrastructure, they are looking for tools to secure them. VirusTotal will be a “powerful addition to the pool of threat data informing Google Cloud offerings,” Kurian said, and will be used to support applications running on the platform. Backstory, the cloud service that lets enterprises upload and analyze internal security telemetry data, helps customers detect and mitigate threats. Backstory’s investigation features combined with Google Cloud’s detection, incident management and remediation capabilities, will help customers protect both their cloud and on-premises environments.

“At Google Cloud, our customers’ need to securely store data and defend against threats—either in the cloud or on premise—is a top priority,” Kurian wrote.

VirusTotal's Next Act?

What’s not known is the future of VirusTotal as a stand-alone service. VirusTotal was already an important resource for malware researchers as well as for enterprise defenders when Google acquired the service in 2012. Since then VirusTotal has kept to its mission of being the “source of truth for malware.” It is unclear from current public statements whether VirusTotal will become one of the back-end tools available for Google Cloud customers, or if the service will continue to be maintained and used as a stand-alone service.

Many companies offer cloud and private-hosted versions of their tools, so there is plenty of precedent. Kubernetes is a good example of a product that can be used as part of a larger service or as a stand-alone platform. Google declined to comment and just pointed to the two blog posts from Kurian and Chronicle CEO Stephen Gillett.

It’s quite possible Google hasn’t figured out how the integration would look yet, but defenders and researchers will be watching. Losing VirusTotal and its repository of hash information would be a big loss for malware research.

What's Up Backstory?

Backstory raises its own set of concerns. When Chronicle launched Backstory back in April, Chronicle executives were careful to emphasize that while Backstory used Google’s search technology, cloud infrastructure, storage, and compute tools, the two companies were distinct. Chronicle had separate partnership and privacy agreements with customers that forbade it from sharing data with any outside entities, including Google. Chronicle’s IT infrastructure was firewalled off from the rest of Google, and Google couldn’t see the data that enterprise customers loaded into Backstory’s private clouds.

We are firewalled off. We have a separate building, separate companies, separate entity structures, separate privacy agreements with customers," Chronicle’s Gillett said during a Q&A with journalists at RSA Conference. "Google people can't even badge into our building.

At the time, Gillett said that Chronicle was just like any other Google Cloud customer—just as Google didn’t look at what data customers stored in Google Cloud, the search giant wouldn’t look at what was being stored within Backstory. This integration revives the initial concerns about Google potentially mining the data uploaded by the enterprises, since there is now no wall between Google Cloud and Backstory.

Tech companies, and Google especially, have faced a lot of criticism for voracious data collection. Google has been accused repeatedly of violating individual privacy, from tracking user location via cellular signals and letting third-party entities scan user emails. Existing Backstory customers will also be watching the integration closely.

That, of course, is assuming Backstory will continue in its current form. It’s more likely that Backstory will just become one of the many security features and tools available to Google Cloud customers.

Growing Google Cloud

Google has been moving aggressively to expand Google Cloud over the past few months. Google’s acquisition of Cask Data led to the Google Cloud Data Fusion data pipelining tool, and the $2.6 billion acquisition of Looker will expand Google Cloud’s business intelligence capabilities. Google also recently acquired Alooma to tackle cloud migration.

Bringing Chronicle back under the Google umbrella fits with its overall cloud strategy, but it will be an unsettling period for customers.

“We approach security holistically, from the chip to the datacenter, with a continuously growing set of security capabilities that work in concert to deliver defense-in-depth at scale: from hardware infrastructure, service deployment and user identity, to storage, internet communication and security operations,” Kurian wrote.