So, Why Did I Join Chronicle Security?

near new Chronicle office

As I mentioned a few days ago, I recently joined Chronicle, the Alphabet security company. Now I’d like to share a bit more of my thinking and reasoning for this.

What I see in Chronicle is an amazing technology platform, transparent business model, stellar team and huge potential for changing how we do security. Now, this sounds absurdly enthusiastic, so let me qualify with some context.

During my years as an analyst, I was exposed to many hundreds of security vendors (such as via vendor briefings). While many had interesting technology (at least for some use cases), the effective mixture of technology, business model and, for lack of a better term, timing is really rare. One can have decent technology, good people — and be too early (or late) for the market. One can have great technology and then kill it with a predatory business model. Or, one can have an amazing marketing message that technology just does not deliver operationally.

Here I do see all the success components in place. Let me handle those one by one.

1. Technology platform — let’s start by saying that few people (and by “few” I really mean “nobody” :-)) over here are surprised by 250 millisecond data searches over trillions of logs and other telemetry records, but many of Chronicle Backstory characteristics are hard if not impossible to replicate elsewhere. Scale, performance, clean and enriched data combined with threat intelligence (TI) matching today deliver benefits for both incident response and threat hunting (if not threat detection yet)
2. Business model — Chronicle Backstory has no per event (per EPS) or per gigabyte pricing. One year data retention is included (more about this in the near future — a lot of fun can be had with an immediately accessible year-worth of logs). This makes the business model clear and transparent, as well as predictable. A higher-level reason I like this, therefore, is that our model is thus more customer-centric. Believe it or not, a chance to load up chatty logs like DNS and web proxy without any agonizing over numbers makes such a model quite disruptive for security operations.
3. Team — in brief, I really liked the caliber of people at Chronicle and the overall company culture. Culture really matters if you are trying to envision and build a new product, with unique capabilities, and I think a separate company with its own culture is the right way to do it.
4. Vision and potential — now, some of you may already blame me for being overly enthusiastic, but frankly this item is perhaps the most exciting of all. Given the platform of such scale and performance, the application of many analytic methods (such as those from other Alphabet companies) may deliver insights that are just not possible elsewhere. Some vendors may have the data, others may have analytics, perhaps some would have the scale, but I do not see anybody who has the combination.

Finally, keep in mind that I am writing this only a few months after Chronicle launched at RSA 2019. If some things seem unfinished to you, guess what? We barely just started! Hence a big part of my excitement (a very fact-based excitement, if I may call it that) is about what is possible in the future, given what we have today…