How Chronicle’s VirusTotal search engine plays into Alphabe…


Earlier this year, Google parent Alphabet unveiled a new, top-level company called Chronicle that would be dedicated to cybersecurity.

Initially created within X, Alphabet’s so-called “moonshot factory” unit, Chronicle has said that it’s developing a security analytics platform for corporate customers, harnessing the company’s strengths in search, artificial intelligence, raw computing, and data storage power. But Chronicle also includes an often-overlooked security product called VirusTotal, sometimes described as “Google for malware.”

Bernardo Quintero [Photo: courtesy of VirusTotal]

Acquired by Google in 2012, the Malaga, Spain, based company was first created by cybersecurity developer Bernardo Quintero in 2004, who’s worked on antivirus technology since he was a teenager. Quintero’s earlier projects included a Spanish-language cybersecurity newsletter and a tool designed to defeat dial-up-era malware that ran up charges calling premium toll hotlines. VirusTotal enables anyone to upload a file they suspect may contain malware to have it scanned by dozens of antivirus tools from vendors like Symantec, TrendMicro, Kaspersky, and Avast.

“When I started [VirusTotal] there were eight or nine antivirus companies working in the first version of the service,” says Quintero.

Now, there are more than 70, and the tool can extract other metadata from files as well, whether it’s a photo or an executable program, studying the uploaded content in secure virtual cloud machines. Security experts can also use the platform to share information about potential new malware files.

“They can have fast access to the malware samples to improve their product,” Quintero says.

VirusTotal played a role in the analysis of the infamous Stuxnet worm, when it collected some of the first samples, and it’s been cited in commercial and academic security research, including recent work on cryptocurrency-stealing malware.

Since Alphabet’s acquisition, VirusTotal has been largely independently managed, but it’s been able to take advantage of the larger company’s cloud computing and search capabilities—some of the same strengths that Alphabet intends to leverage for its larger Chronicle efforts.

“We’ve increased search capabilities,” says Chronicle CEO Stephen Gillett. “We’ve invested a large amount of infrastructure to make scanning faster and better.”

More fundamentally, Alphabet has also helped VirusTotal, which prior to Chronicle’s debut was administratively part of the company’s internal cybersecurity unit, combat denial of service attacks that had threatened it as an independent platform.

“For us, it was a way to perfect our mission,” says Quintero.

VirusTotal Graph [Image: courtesy of VirusTotal]

VirusTotal has also added a data visualization component, called VirusTotal Graph, that can help suss out the relationships between malware files and the URLs and IP addresses that distribute them. And this year, it unveiled a feature called VirusTotal Monitor, which lets legitimate software makers upload their applications and information about them so participating antivirus companies can avoid mistakenly flagging them as malware. The innocuous software samples are stored in a secure, private cloud, and antivirus vendors are only given access to the data if their software begins to mistakenly flag the files as viruses.

Another feature, called VirusTotal Intelligence, lets security researchers sift through the set of uploaded files to find ones matching certain criteria. A bank, for example, could spot malware trying to interact with its websites.

Gillett declined to comment too extensively on plans for Chronicle’s next project, though he emphasized it would also take advantage of Alphabet’s strengths to help customers sift through vast quantities of security data.

“We should be able to help teams search and retrieve useful information and run analysis in minutes, rather than the hours or days it currently takes,” he wrote in a January blog post. “Storage—in far greater amounts and for far lower cost than organizations currently can get it—should help them see patterns that emerge from multiple data sources and over years.”

Chronicle isn’t Alphabet’s only high-profile security project—the company’s Jigsaw unit focuses on tools to make the world safer, including combating misinformation and radicalization, and Google’s Project Zero team has focused on spotting bugs in software before they can do harm. More recently, Alphabet has announced plans to help safeguard elections, including by helping keep Google accounts safe from unauthorized access.

Contributing to cybersecurity in a world where it’s often lacking is an important mission for the company, Gillett says.

“For Alphabet, and for me personally as the founder and CEO of Chronicle, I believe there’s no better moonshot for Alphabet to be going after,” he says.

Site Search 360 Trends

Be the first to comment

Leave a Reply

Your email address will not be published.


*