I read about Alphabet's announcement of Backstory from its cyber security company, Chronicle. It addresses a key pain-point in the security marketplace: The increasingly impossible tasks of organizations to mine the explosion of security-related event data generated by the growing portfolio of tools in use to secure the enterprise.
This isn't a new issue. I remember facing this when I first started working with ObjectVideo, which was applying AI to automated monitoring of live video feeds for security events. The interesting fact I learned was that a security guard with 6 or more live monitors becomes essentially ineffective after only 20 minutes - they suffer from information overload.
The cyber security world suffers from the same issue, magnified by a volume of information that is many orders of magnitude larger. The information problem has only gotten worse, and we add more detection agents, network monitoring tools, etc... Part of it is volume related, part is because we always face the Type 1 / Type 2 error issue (false positives and false negatives) with security events. Our world of detection is never as black or white as we want it to be.
The world needs a solution that normalizes security events generated by tools supplied by multiple vendors, is able to aggregate and analyze vast amounts of event data in real-time, is workflow-enabled to support investigation and escalation, and is coupled with a "smart" layer of analysis that minimizes the need for manual lower-level analysis.
Microsoft Sentinel Dashboard
The large cloud players like Google and Microsoft know that they need to offer a hybrid and multi-cloud solution to win. Customers want a single complete solution here - not more point solutions. Google now has Backstory. Microsoft has Sentinel. It will be interesting to see whether the market will gravitate to a GCP/AWS/MSFT solution here, or want a true agnostic provider. Regardless, this is a great space that I want to stay close to.
