Home > Categories > Security Incident and Event Management > Google’s Backstory SIEM Offers Unprecedented (but Potentially Risky) Data Collection Capabilities

Software Category

Security Incident and Event Management

Write Review

Google’s Backstory SIEM Offers Unprecedented (but Potentially Risky) Data Collection Capabilities

Chronicle’s Backstory marks Google’s first foray into the SIEM industry by introducing a SIEM that claims full data retention “forever.” Organizations must weigh the benefits of Backstory’s cloud-based SIEM against their perceptions of Google’s data collection practices.

Backstory will use the data it collects from customers to make more sophisticated analytics that may affect the privacy of data users and complicate data ownership.

Rather than store a company’s logs on-premises, Backstory enables users to store their security telemetry via a cloud service built as a specialized layer on top of Google’s core infrastructure. While not necessarily a part of Google, as Chronicle is subject to separate legal and privacy agreements, organizations may still remain suspicious of storing corporate data with Chronicle.

While Chronicle claims that it improves an analyst’s capabilities to find and respond to threats by providing petabytes of their own data without requiring them to write rules or queries, the decision to store all of an organization’s data that was ever created might raise concerns over data ownership and data retention. Nevertheless, the massive amount of data that Backstory can collect represents an impressive development in what current SIEM storage and machine learning may be capable of, and could very well be a game-changer for the SIEM market.

Our Take

Organizations should do their due diligence whenever they commit to any SIEM platform, and Chronicle’s Backstory should be no different. While Backstory’s link to Google offers significant advantages to organizations such as speed and a massive amount of historical data on security threats, it may or not may not be right for an organization’s level of acceptable risk around how its data is stored and used.

Further, organizations should keep in mind current and upcoming regulations such as GDPR and CCPA that generally require specific data retention policies that might complicate Backstory’s claims that it can retain data forever.


Want to Know More?

Select and Implement a SIEM Solution

Other Recent Research in Security Incident and Event Management

Security Incident and Event Management

Chronicle Expands Its North American Presence by Partnering With Herjavec Group

Chronicle, Alphabet’s enterprise security company, expands its North American partner base with Herjavec Group, its first Canadian partner. Herjavec Group is the first service provider in Canada to be certified in, and provide access to, Chronicle’s security intelligence products.

Security Incident and Event Management

IBM Raises Price on Software Support; Shoves Customers Toward the Cloud

IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.

Security Incident and Event Management

Organizations Report Higher Satisfaction When Switching to Software With an Info-Tech Award

Thinking about choosing a new software vendor but don't know where to start? Narrow down your shortlist by focusing on software that has received an Info-Tech Research Group award. New data from SoftwareReviews shows that organizations reported higher satisfaction when they switched to software that had received an Info-Tech award.

Security Incident and Event Management

Bomgar & BMC Team Up to Speed Trouble-Ticket Resolution

For organizations that experience time-sensitive incidents that must be resolved in the most optimal and efficient manner, Bomgar (Beyond Trust) and BMC Software may have the solution. The two vendors have teamed up to address a reduction in the time it takes to resolve problematic tickets and assist in lessening the impact of cyber threats to which all organizations are subjected.