Chronicle, the Google Moonshot Cybersecurity Startup That Was Supposed To Completely Change the Industry, is Imploding (vice.com) 41
Lorenzo Franceschi-Bicchierai and Joseph Cox, reporting for Motherboard: In early 2018, Google's parent conglomerate Alphabet announced the birth of a new "independent" startup that was supposed to revolutionize cybersecurity. Chronicle was meant to be a new type of startup. One of its products was designed to structure, organize, and help companies understand their security related data -- a "Google Photos for businesses' network security," as Forbes put it when the company announced its first product this year. The promise was radical: Chronicle would leverage machine learning and Alphabet's near-endless well of security telemetry data about known malware and internet infrastructure and use it to help security teams at companies detect intrusions that could threaten a company's network. Crucially, Chronicle would also remain independent from Google, according to Stephen Gillett, the startup's CEO.
"We want to 10x the speed and impact of security teams' work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find," Gillett wrote in a blog post announcing Chronicle. "We know this mission is going to take years, but we're committed to seeing it through." At the time it was unclear what Chronicle was going to be. But industry observers were excited for what they thought was going to be a significant disruptor in an industry that is full of relatively old technologies such as antivirus and firewalls, is rife with products that offer solutions in search of a problem and outright snake oil. "Chronicle is dead," a current employee told Motherboard. "Stephen [Gillett] and Google killed it." Employees have left because of a combination of Chronicle losing its original vision, a distant CEO, a lack of clarity about Chronicle's future, and disappointment that the startup has been swallowed into Google, according to interviews with five current and former employees who were present across different stages of Chronicle's growth.
"We want to 10x the speed and impact of security teams' work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find," Gillett wrote in a blog post announcing Chronicle. "We know this mission is going to take years, but we're committed to seeing it through." At the time it was unclear what Chronicle was going to be. But industry observers were excited for what they thought was going to be a significant disruptor in an industry that is full of relatively old technologies such as antivirus and firewalls, is rife with products that offer solutions in search of a problem and outright snake oil. "Chronicle is dead," a current employee told Motherboard. "Stephen [Gillett] and Google killed it." Employees have left because of a combination of Chronicle losing its original vision, a distant CEO, a lack of clarity about Chronicle's future, and disappointment that the startup has been swallowed into Google, according to interviews with five current and former employees who were present across different stages of Chronicle's growth.
Re: (Score:1)
Not in this case, if you care for grammar rules. They are common contractions replacing the original phrases: "its" is short for it's and "it's" is short for it is.
Re: (Score:2)
Re: Google is now a bureaucracy (Score:2)
Alphabet IS Big Brother Google IS Alphabet
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Insightful)
Sure, and then you'd see something similar pop up to deal with all the realities such a view tends to ignore.
There will always need to be some form of objective organization...until we're one with the stars.
I'm not surprised (Score:2)
Re: (Score:2)
Well, there’s also the problem that security-minded folks are very cognizant of the dangers of data harvesting and arent quiet about it. It’s possible that noises from within this startup displeased Google, so Lord Pichai altered the deal.
Too big to fail? (Score:3)
Some companies might be too big to fail given the damage it might do to society (eg banks) , but Google isn't one of them. Its only major contribution to the world is currently a search engine. Guess what - there are others. The rest is irrelevant (to most people outside google) window dressing just like this latest spin off that failed.
Re: (Score:3)
Some companies might be too big to fail given the damage it might do to society (eg banks)
This is itself a problem. Organizations protected from imploding due to incompetence lends themselves to just that, incompetence. We've already seen this with Banks making risky decisions knowing that when failure happens, they will be rescued and nobody responsible means that everyone gets away with idiocy.
IMHO, when companies are "too big to fail" get to a point of "failing" we should let them fail. We should go after the board of directors, the Top Level Executives and everyone responsible, and leave the
Re: (Score:2)
Re: (Score:2)
Thats easy to say if your life savings arn't with said bank. A consumer bank that goes bust can literally put its depositers on the street.
Re: (Score:2)
IMHO, when companies are "too big to fail" get to a point of "failing" we should let them fail.
Why wait? I have a better idea. Rather than wait for them to fail, evaluate companies annually. If they're deemed too big to fail, that automatically triggers the Sherman Antitrust Act and they're broken up. Any company so big that its potential failure is a danger to a national economy is too big to exist. And there's already a law for this. It needs to be used.
Re: (Score:2)
Re: Too big to fail? (Score:2)
Most of Big Brother Google's software has been going down hill for several years.
It's almost like smart people don't want to work for an overtly evil, risibly hypocritical company run by a gaggle of Social Just-Us Nazis hell-bent on destroying their own society. Who woulda thunk it?
Re: (Score:2)
Um, $1B is peanuts. I worked for a company that was $6.2B at the peak, it was 650 employees and we managed a few hundred strip malls and power centers around the country and in a few international markets. We were certainly neither too big to succeed nor too big to fail. Now if you had set the bar at say $100B then that I would agree with, most of the truly lumbering behemoths that pose systemic risk to the economy and are too unwieldy to be truly successful but are so large that they have an outsized impac
The future of security is the past (Score:2)
Proper compartmentalization is still the only thing that works. Don't trust anything more than it deserves, TCP/IP stacks written in C don't deserve much trust for instance. Any computer which has ever run a browser to access the internet should just be treated as rooted on principle.
All these heuristics combing through packets and logs are band aids covering up for the sad joke which is IT security (with exception of some financial firms, cloud providers and three letter agencies). Better than nothing, but
Re: (Score:3)
"TCP/IP stacks written in C don't deserve much trust for instance. "
Have a guess what language almost all TCP/IP stacks are written in, no doubt including the machine you wrote this on. But feel free to write an implementation in Python, Ruby or - for a laugh - node.js and see if you can do better. Oh wait,their interpreters are wrtten in C... oops.
Re: The future of security is the past (Score:2)
I don't know for sure, but it wouldn't surprise me if Uncle Sam has a TCP stack written in Ada. Pretty sure there have been working TCP implementations in Lisp for a long time. Maybe some mainframe implementations in assembly or in some old/exotic language?
Back in the day I worked for one of those financial companies with not-a-joke security. The really critical parts of the network ran on an obscure, definitely-not-TCP/IP protocol over (owned not leased) buried private lines between Manhattan and New Jerse
Re: (Score:3)
What do you have against C? Are you an ultra-grognard who requires it to be in assembly or are you an ultra dumbass who thinks you can do it better in %currentyear's% fad language?
Re: (Score:2)
Re: (Score:2)
There's plenty of libraries for object oriented string or array types that can be used. If a native object type is desired just swap to C++.
These issues would could be solved with a bit of QA and edge-case testing, throwing in 0, -1, INTMAX or empty fields where not expected. Really, the issue is bad software development practices. Also trusting unfiltered inputs is language agnostic flaw.
Re: (Score:2)
Re: (Score:2)
"C++ is just as intrinsically flimsy as C."
Says someone who clearly knows nothing about it. Let me guess - you're a fad language user who's frustrated he can't grok grown up dev languages.
Re: (Score:2)
sad joke which is IT security
Good IT is expensive. Bad IT is Costly.
The joke is, IT security is only a joke by those shortcutting processes to save $$. The fix is to make those responsible for lax security pay for it. Right now, it is all on those affected indirectly (the consumer) and never on those responsible for allowing it to happen in the first place.
And doing everything correctly doesn't necessarily mean we're all protected. We should look at cyber security like we look at terrorism, we have to be right 100% of the time.
Re: (Score:2)
Proper compartmentalization is still the only thing that works.
What does "proper" mean?
Don't trust anything more than it deserves, TCP/IP stacks written in C don't deserve much trust for instance.
You can write insecure code in any language.
All these heuristics combing through packets and logs are band aids covering up for the sad joke which is IT security (with exception of some financial firms, cloud providers and three letter agencies). Better than nothing, but pathetic nonetheless.
Without IDS, how do you know when your isolation tactics have failed?
Re: (Score:3)
C is not a problem. It is, as a language, in no way less secure than the alternatives. That is just propaganda from morons that want cheap coders. The problem is that C does expose bad coders because their code will be bad in a more obvious fashion.
Incidentally, basically all TCP/IP stacks are written in C. And one thing you are probably not equipped to grasp: Basically all Operating System kernels are written in C as well.
Re: (Score:2)
Re: (Score:2)
I'll forever remember 2004-2011 as being the height of the internet, in no small part because of Google. Such a shame to see them decline this quickly. I put the blame squarely on Sundar Pichai too.
Re: (Score:2)
Re: Shit happens when you don't care what you're d (Score:2)
I, too, remember when Google used to be _good_ at searching the internet.
Re: (Score:2)
Years ago, Google was an engineering driven company. Then, they let too many non-technical mediocrities into the company...
That would explain why they can currently only tolerate a single left leaning viewpoint.
Top Vice Quality (Score:1)
>But industry observers were excited for what they thought was going to be a significant disruptor in an industry that is full of relatively old technologies such as antivirus and firewalls, is rife with products that offer solutions in search of a problem and outright snake oil.
This isn't even a complete sentence
Revolutionize LOL (Score:2)
gee, what a shock. (Score:2)
Whenever an executive says "we're committed", pretend they said... nothing. Because it doesn't fucking matter. They're just words, and they aren't worth the paper they're printed on (or the digital equivalent).