
Chronicle, Alphabet’s cybersecurity defense company moonshot - lawrenceyan
https://www.engadget.com/2018/11/30/chronicle-cybersecurity-alphabet-moonshot-x/
======
motohagiography
Worked in the space of using ML for security analysis. My experience of it was
that it was a race for novel applications for now-standard toolkits.

The kinds of problems I encountered require you have an org where you can lose
a top shelf researcher/architect for 4-5 months while they train up on new
tools and then use them to run down rabbit holes. This requires both vision
and direction, and a moonshot culture to support it.

Chronicle's focus on their customers' problem in the article is sound, the
next step is that each customer, or class of customer is going to be defined
by their own specific ROC curve, relative to their business. Some just want
raw data, others the world ends over a missed alert (false negative), still
others have costs associated with false positives.

When you are doing a deterministic rules based system, it's straight forward,
but when you get into dynamic and scoring based systems like ML, the responses
to it are going to be polarized between customers, and you need top a level
vision to tie the whole product narrative together. It's not a thing you stand
up that everyone uses, and few people want to buy a framework with a bunch of
gigo based trade-offs.

Something I discovered in my own work was that the threat model is the
business model, both for products and surprisingly for customers as well. I'm
really interested in what Chronicle comes up with, as these are truly Hard
problems.

------
zenexer
We use ELK (Elasticsearch, Logstash, Kibana) quite heavily for this at my
company. It works, and it works well. We feed massive amounts of data into it
--it's not unusual for our indices to grow by 50 GiB in a single day, which is
quite a bit for a small company running a niche website.

It's expensive. Very expensive. Not just in terms of money, but also time: the
countless hours spent maintaining it, upgrading it, expanding it, securing it,
and actually using it.

And then, of course, there's the cost of actually knowing what's going on
within your infrastructure. It's stressful: attacks are happening constantly.
Most of them aren't worth investigating; the firewalls do their job and the
attacks fail. But which ones are worth worrying about? Which bugs are actually
worth patching? Is it really an issue if a small part of our site goes down
for a few minutes--especially when it might cost us 80 hours of work to patch?

I doubt these problems can be solved by collecting and analyzing more data.
Lack of data isn't a problem--there are already plenty of systems for
collecting, analyzing, and storing data. The trouble is using that data in a
cost-effective manner. Similarly, I have zero faith in anyone's ability to
solve these problems by simply throwing more computing power at them, for much
the same reason.

I really hope that's not what they're planning to do, but this is Google we're
talking about, so I'm not holding my breath.

Edit: Clarification, wording

------
tschwimmer
The article is very light on product details. Reading between the lines, it
sounds like the tool plugs into a bunch of existing tools (firewall, AV, etc)
and then watches for certain heuristic patterns.

A clever approach, but I wonder how noisy it will be at the start.

~~~
txcwpalpha
That's exactly what existing SIEM tools like Splunk [1] have been doing for
years. I've been following Chronicle since I heard about their initial project
at X and I'm eager to see what their actual product is, but I'll be pretty
disappointed if it's just yet another SIEM with yet another "powered by
machine learning™" label slapped on.

1: [https://www.splunk.com/en_us/cyber-security/advanced-
persist...](https://www.splunk.com/en_us/cyber-security/advanced-persistent-
threat.html)

------
partingshots
This is an extremely interesting product they’re providing. My company would
definitely be able to utilize this to great effect. Is this currently
available to anyone for use?

~~~
lawrenceyan
I’m not sure how the exact details currently work, but if you go on to their
website, they do have a contact form [1] which I assume you can use to make
any interested inquiries!

[1] [https://chronicle.security/contact-
us/](https://chronicle.security/contact-us/)

------
tomc1985
What is with these horrible company names now? "Alphabet". "Chronicle".
"Oath". Fuck. None of these names mean anything within the context of their
business. Epitomizing mediocrity, this new generation of names waft aimlessly
by and inspire exactly nothing.

~~~
dragonwriter
Alphabet, at least, is a holding company that has no central competence (it
has a subsidiary that dwarfs all the others, which also has what would be a
terrible name except for the fact that it has attached meaning to that name by
absolutely dominating key markets starting with search, so it's name conveys
meaning but only because of the firm’s own history.)

------
ryacko
After Levandowski got into a car accident with a self-driving car and bragged
about it to his coworkers, I think machine learning won’t solve everything.

~~~
pietroglyph
I don't think the article says that machine learning will solve everything...
It's just talking about a new product in this space that _uses_ machine
learning.

~~~
pizzazzaro
This new product is being pushed as a "revolution" that, by the subtext of the
sales pitch, is supposed to "solve all your cybersecurity problems."

Sorry, that defense doesnt hold in this case.

~~~
adrianN
Is there a sales pitch that doesn't claim to solve all your problems?

