Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Security

Chronicle, the Google Moonshot Cybersecurity Startup That Was Supposed To Completely Change the Industry, is Imploding (vice.com) 41

Lorenzo Franceschi-Bicchierai and Joseph Cox, reporting for Motherboard: In early 2018, Google's parent conglomerate Alphabet announced the birth of a new "independent" startup that was supposed to revolutionize cybersecurity. Chronicle was meant to be a new type of startup. One of its products was designed to structure, organize, and help companies understand their security related data -- a "Google Photos for businesses' network security," as Forbes put it when the company announced its first product this year. The promise was radical: Chronicle would leverage machine learning and Alphabet's near-endless well of security telemetry data about known malware and internet infrastructure and use it to help security teams at companies detect intrusions that could threaten a company's network. Crucially, Chronicle would also remain independent from Google, according to Stephen Gillett, the startup's CEO.

"We want to 10x the speed and impact of security teams' work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find," Gillett wrote in a blog post announcing Chronicle. "We know this mission is going to take years, but we're committed to seeing it through." At the time it was unclear what Chronicle was going to be. But industry observers were excited for what they thought was going to be a significant disruptor in an industry that is full of relatively old technologies such as antivirus and firewalls, is rife with products that offer solutions in search of a problem and outright snake oil. "Chronicle is dead," a current employee told Motherboard. "Stephen [Gillett] and Google killed it." Employees have left because of a combination of Chronicle losing its original vision, a distant CEO, a lack of clarity about Chronicle's future, and disappointment that the startup has been swallowed into Google, according to interviews with five current and former employees who were present across different stages of Chronicle's growth.

This discussion has been archived. No new comments can be posted.

Chronicle, the Google Moonshot Cybersecurity Startup That Was Supposed To Completely Change the Industry, is Imploding

Comments Filter:
  • Comment removed based on user account deletion
    • Re: (Score:3, Insightful)

      by Calvin-X ( 120844 )

      Sure, and then you'd see something similar pop up to deal with all the realities such a view tends to ignore.

      There will always need to be some form of objective organization...until we're one with the stars.

  • Google killing another product, particularly one that was more hyperbole than reality, is par for the course. My rule of thumb for new ideas is that the bigger the hype or the fancier the marketing material the lower the probability for success.
    • Well, there’s also the problem that security-minded folks are very cognizant of the dangers of data harvesting and arent quiet about it. It’s possible that noises from within this startup displeased Google, so Lord Pichai altered the deal.

  • Proper compartmentalization is still the only thing that works. Don't trust anything more than it deserves, TCP/IP stacks written in C don't deserve much trust for instance. Any computer which has ever run a browser to access the internet should just be treated as rooted on principle.

    All these heuristics combing through packets and logs are band aids covering up for the sad joke which is IT security (with exception of some financial firms, cloud providers and three letter agencies). Better than nothing, but

    • by Viol8 ( 599362 )

      "TCP/IP stacks written in C don't deserve much trust for instance. "

      Have a guess what language almost all TCP/IP stacks are written in, no doubt including the machine you wrote this on. But feel free to write an implementation in Python, Ruby or - for a laugh - node.js and see if you can do better. Oh wait,their interpreters are wrtten in C... oops.

      • I don't know for sure, but it wouldn't surprise me if Uncle Sam has a TCP stack written in Ada. Pretty sure there have been working TCP implementations in Lisp for a long time. Maybe some mainframe implementations in assembly or in some old/exotic language?

        Back in the day I worked for one of those financial companies with not-a-joke security. The really critical parts of the network ran on an obscure, definitely-not-TCP/IP protocol over (owned not leased) buried private lines between Manhattan and New Jerse

    • What do you have against C? Are you an ultra-grognard who requires it to be in assembly or are you an ultra dumbass who thinks you can do it better in %currentyear's% fad language?

      • Comment removed based on user account deletion
        • by CODiNE ( 27417 )

          There's plenty of libraries for object oriented string or array types that can be used. If a native object type is desired just swap to C++.

          These issues would could be solved with a bit of QA and edge-case testing, throwing in 0, -1, INTMAX or empty fields where not expected. Really, the issue is bad software development practices. Also trusting unfiltered inputs is language agnostic flaw.

          • Comment removed based on user account deletion
            • by Viol8 ( 599362 )

              "C++ is just as intrinsically flimsy as C."

              Says someone who clearly knows nothing about it. Let me guess - you're a fad language user who's frustrated he can't grok grown up dev languages.

    • sad joke which is IT security

      Good IT is expensive. Bad IT is Costly.

      The joke is, IT security is only a joke by those shortcutting processes to save $$. The fix is to make those responsible for lax security pay for it. Right now, it is all on those affected indirectly (the consumer) and never on those responsible for allowing it to happen in the first place.

      And doing everything correctly doesn't necessarily mean we're all protected. We should look at cyber security like we look at terrorism, we have to be right 100% of the time.

    • Proper compartmentalization is still the only thing that works.

      What does "proper" mean?

      Don't trust anything more than it deserves, TCP/IP stacks written in C don't deserve much trust for instance.

      You can write insecure code in any language.

      All these heuristics combing through packets and logs are band aids covering up for the sad joke which is IT security (with exception of some financial firms, cloud providers and three letter agencies). Better than nothing, but pathetic nonetheless.

      Without IDS, how do you know when your isolation tactics have failed?

    • by gweihir ( 88907 )

      C is not a problem. It is, as a language, in no way less secure than the alternatives. That is just propaganda from morons that want cheap coders. The problem is that C does expose bad coders because their code will be bad in a more obvious fashion.

      Incidentally, basically all TCP/IP stacks are written in C. And one thing you are probably not equipped to grasp: Basically all Operating System kernels are written in C as well.

  • Comment removed based on user account deletion
  • >But industry observers were excited for what they thought was going to be a significant disruptor in an industry that is full of relatively old technologies such as antivirus and firewalls, is rife with products that offer solutions in search of a problem and outright snake oil.

    This isn't even a complete sentence

  • Cybersecurity can't be revolutionized in any appreciable sense because of the nature of the "product". The adage Good, Fast, Cheap...pick any two seems to fit here. Although I don't believe there is such a thing as a Cheap cybersecurity solution. You either pay for it in the cost of the product or the cost to productivity...or both. As an aside, I still find it amusing how many people thought BlackBerry [blackberry.com] was a phone company. They were always and remain a secure communications company that once sold phones th
  • Whenever an executive says "we're committed", pretend they said... nothing. Because it doesn't fucking matter. They're just words, and they aren't worth the paper they're printed on (or the digital equivalent).

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...