Introducing Chronicle, a new Alphabet business dedicated to cybersecurity

Today I’d like to introduce you to Chronicle, a new independent business within Alphabet that’s dedicated to helping companies find and stop cyber attacks before they cause harm. X, the moonshot factory, has been our home for the last two years while we figured out where we had the potential to make the biggest impact on this enormous problem. Now we’re ready to unveil our new company, which will have two parts: a new cybersecurity intelligence and analytics platform that we hope can help enterprises better manage and understand their own security-related data; and VirusTotal, a malware intelligence service acquired by Google in 2012 which will continue to operate as it has for the last few years.

Finding a way to 10x security teams who are struggling to stay ahead

Security threats are growing faster than security teams and budgets can keep up, and there’s already a huge talent shortage. The proliferation of data from the dozens of security products that a typical large organization deploys is paradoxically making it harder, not easier, for teams to detect and investigate threats.

Thousands of potential clues about hacking activity are overlooked or thrown away each day. At large companies, it’s not uncommon for IT systems to generate tens of thousands of security alerts a day. Security teams can usually filter these down to about a few thousand they think are worth investigating — but in a day’s work, they’re lucky if they can review a few hundred of them. Conversely, many investigations are hampered by the gaps in available information, simply because the cost of storing all the relevant data is increasing far faster than a typical organization’s budget.

As a result, it’s pretty common for hackers to go undetected for months, or for it to take a team months to fully understand what’s going on once they’ve detected an issue. All this adds up to more data breaches, more damage, and higher security costs.

We believe there’s a better way. We want to 10x the speed and impact of security teams’ work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find. We are building our intelligence and analytics platform to solve this problem.

Eliminating blind spots and bringing organization’s security picture into high-res

Chronicle has a significant asset: we’re building and running it on the same fast, powerful, highly-scalable infrastructure that powers a range of other Alphabet initiatives that require enormous processing power and storage. That gives us a couple of advantages:

We should be able to help teams search and retrieve useful information and run analysis in minutes, rather than the hours or days it currently takes.

Storage — in far greater amounts and for far lower cost than organizations currently can get it — should help them see patterns that emerge from multiple data sources and over years.

Add in some machine learning and better search capabilities, and we think we’ll be able to help organizations see their full security picture in much higher fidelity than they currently can. We hope that by making this mix of technologies available to more companies at affordable prices, we can give “the good guys” an advantage and help us all turn the tide against cybercrime.

How we came to be

Chronicle was officially founded as an X project in February 2016, a fortunate result of several of us meeting up at a point in our careers that we felt compelled to help secure our digital future. I had come to Google in 2015 as an executive-in-residence at GV after spending years in various IT roles, including a leadership role at one of the world’s largest cybersecurity companies. Mike Wiacek and Shapor Naghibzadeh had recently arrived at X after spending a combined 20+ years in Google’s security team.

And Bernardo Quintero had built VirusTotal into one of the world’s largest malware intelligence services, which alerts businesses and anti-virus providers about emerging malware threats. We knew we had complementary skills that could help businesses — especially those without Google’s deep computing expertise — with their cybersecurity challenges.

What’s next for Chronicle

We know this mission is going to take years, but we’re committed to seeing it through. Since we officially started our team in February 2016, we’ve added a number of other enterprise security experts like Carey Nachenberg, along with 13-year Google engineering veteran Will Robinson (and we’re hiring). We’ve also been working with a number of Fortune 500 companies who’ve provided invaluable counsel on the shape and direction of our work, and some are already testing a preview release of our new cybersecurity intelligence platform in an early alpha program.

We’re excited about being an independent company, yet part of Alphabet. We’ll have our own contracts and data policies with our customers, while at the same time having the benefit of being able to consult the world-class experts in machine learning and cloud computing (among many other topics) that reside in other parts of Alphabet.

None of us have to settle for cybercrime being a fact of life, or for a reactive, expensive existence of cleanup and damage control. We’re looking forward to working with many organizations in the coming years to give good the advantage again.