While ‘Bricktop’ from the film Snatch might his own idea of what “what “nemesis” means”, the dictionary defines it as “punishment or defeat that is deserved and cannot be avoided”
Now I don’t know if Splunk deserve punishment but I do know their pricing is extortionate so anything that shakes up the SIEM market can only be a good thing.
On Monday at the RSA event, Chroncile (a sister company to Google, also owned by Alphabet) announced the release of Backstory, a cloud based SIEM product.
For quite some time Splunk has dominated the SIEM space with most Security Information Officers having to make the impossible decision of remortgaging their house to purchase Splunk or locking themselves away for months to implement the opensource equivalent known as ELK (comprosed of ElasticSearch, LogStash and Kibana).
So what is Backstory?
At the moment details are scant but it appears that it will be a cloud based SIEM service which can plugin a number of log sources natively (more to be added). Its power however will come from the vast amounts of threat data they have at their fingertips and the fact it runs on Google infrastructure. Its likely that known C&C (Command and Control) servers, etc. will be preprogrammed in to the system to allow users to look for many threats without any training of the system.
Irrespective of the details as they come out, a drop of more than 5% in Splunk’s share price after the announcement is a good indicator of a market shake up which is always good for the end customer.
