The annual RSA conference is always a place for cybersecurity startups to make a splash as the industry focuses on new ways to thwart hacker and malware attacks. What made this year’s gathering different was that an Alphabet cybersecurity startup rolled out its first product for business network security.
Chronicle — the security startup spawned by Google-owner Alphabet (GOOGL) — aims to leverage its parent’s cloud-computing platform. Customers can set up “private clouds” storing their security data. Like sibling Google, Chronicle will use artificial-intelligence tools to analyze huge amounts of data.
During the RSA conference, Chronicle unveiled its first product. Called Backstory, it’s a cloud-computing-based service for large companies. Backstory enables companies to investigate security incidents, identify vulnerabilities and address potential threats such as malware-infected files. The Alphabet cybersecurity startup lets customers upload security logs and Internet Protocol addresses for analysis.
Incumbents in the industry are still assessing the Alphabet cybersecurity startup threat. They wonder how it could hurt them in terms of taking away enterprise customers. Wall Street analysts, meanwhile, lump Chronicle into a category called security information and event management (or SIEM) tools.
Splunk (SPLK) is one of the leaders in security analytics for large enterprise customers. Rapid7 (RPD) competes for midsize accounts. Palo Alto Networks (PANW) in February acquired Demisto to broaden its cloud platform into SIEM and a related field called security orchestration, automation and response, or SOAR. FireEye (FEYE) is another player in the security analytics market.
Alphabet Cybersecurity Startup Pricing Key
Some Wall Street analysts took Chronicle’s Backstory rollout in stride.
“Despite the industry’s continued search for a ‘Splunk killer’, those with the highest hopes are perhaps the earliest on,” BTIG Research analyst Joel Fishbein said in a report to clients. “There was considerable buzz for Chronicle’s Backstory at the conference, but the final consensus was that it was still very green.”
Microsoft (MSFT) also debuted a cloud-based SIEM service at the RSA conference. A new wave of startups, such as Exabeam, also aim to use artificial intelligence tools to improve threat detection.
“Both Chronicle and Microsoft’s Azure Sentinel benefit from the scale of their cloud platforms in enabling the ingestion, analysis and storage of a large volume of data,” Morgan Stanley analyst Melissa Franchi said in her note to clients. “It seems like both products are integrating with the wide security ecosystem.”
Franchi added that both Chronicle and Microsoft’s Azure Sentinel services could price aggressively to snare customers from Splunk.
Alphabet Startup Not Only Cloud Security Player
Credit Suisse analyst Brad Zelick has a similar view.
“Customers continue to appreciate the value they derive from Splunk, but pushback on pricing has intensified,” Zelick said in his note. “In years past, no real competitor existed, whereas this year we saw a large crop of promising SIEM alternatives, including Chronicle, Exabeam and Microsoft.”
William Blair’s Jonathan Ho says Microsoft seems to focus on providing security tools to Office 365 customers. He calls Chronicle a “more full-featured SIEM.”
And Raymond James’ Michael Turits says Chronicle and Microsoft’s Sentinel service face hurdles. He noted in a report that Amazon Web Services, the cloud unit of Amazon.com (AMZN), also has added security offerings.
“Backstory seems more likely to be sold as a search-based SIEM complement than as a SIEM itself, but is aimed with its headcount-based pricing to contrast with Splunk’s ingestion-based pricing,” Turits said. “While we believe these offerings could add to existing price pressure on high-end SIEM solutions including Splunk and customer interest at the show seemed high, we expect them to face the same hurdles cited above for cloud native solutions including cloud lock-in, lower maturity, and less extensive feature sets.”
Chronicle Just One Google Project
At the RSA conference, Chronicle disclosed its first official partners — U.K.-based Avast and Sunnyvale, Calif.’s Proofpoint (PFPT). It’s also working with Carbon Black (CBLK), which sells endpoint protection software.
Many fast-growing cybersecurity firms are in the endpoint market. They detect malware on laptops, mobile phones and other devices that access corporate networks. These firms focus on providing secure connections between internal business apps and remote users.
Alphabet spun off the cybersecurity startup in early 2018.
Chronicle is just one of tech conglomerate Alphabet’s forays into new markets. There’s also the Waymo self-driving-car business, the Verily life-sciences unit and other moonshot-type projects.
Follow Reinhardt Krause on Twitter @reinhardtk_tech
YOU MAY ALSO LIKE: