UPDATED 09:00 EDT / JULY 20 2021

SECURITY

Google advances ‘invisible’ cloud security with intrusion detection, analytics and more

Google LLC is advancing its vision of “invisible security” with a raft of updates to its existing security services, as well as some new ones, announced at its Security Summit today.

Sunil Potti, Google’s vice president and general manager of cloud security, said in a blog post that one of the problems with traditional security services is that they’re focused on solving problems caused by other security tools, as opposed to the root cause of issues. What’s needed to protect against the endless and very dangerous threats faced by enterprises is a completely new approach to security that’s more suited to the reality of today’s cloud world, he said.

“In our Cloud, we’ve successfully built advanced, cloud-native defenses from the ground up to serve individuals, governments and businesses around the world at massive scale,” Potti said. “We want to bring these innovations to you, in ways that allow your employees, customers and developers to be as productive as ever, with stronger security that’s a frictionless part of everything they do.”

To that end, Google is focused on providing “invisible security,” wherein security tools are engineered into the technologies people use.

Managed intrusion detection

Google’s new Cloud IDS offering epitomizes that vision. Announced in preview today, Cloud IDS is said to be a cloud-native, managed intrusion detection system that enterprises can deploy in just a few clicks in order to protect themselves against malware, spyware, command-and-control attacks and other network-based threats, Potti said.

Google worked closely with Palo Alto Networks Inc. to develop Cloud IDS. The system incorporates that company’s advanced threat detection technologies to detect malicious network activity with very low false positives. It’s essentially a managed version of Palo Alto’s threat detection services, available in Google Cloud, where scaling, availability and updates are all automated.

Google Cloud IDS stands out for its flexibility, the company says. It can easily be integrated with third-party security information and event management and security orchestration, automation and response platforms, enabling users to both investigate and automatically respond to any alerts, Potti said. Existing integrations at launch include Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform and Palo Alto’s Cortex XSOAR.

“You can leverage the data that Cloud IDS generates to investigate and correlate threats in your own SIEM, and respond to them with your SOAR,” Potti explained.

Google said Cloud IDS would particularly benefit customers in regulated industries such as financial services, retail and healthcare where compliance requirements mandate the use of an intrusion detection system.

Enterprise Strategy Group analyst Jon Oltsik said Cloud IDS will help enterprises to replicate their familiar on-premises network security stacks in the cloud. “Google Cloud IDS provides network threat detection as a service, helping enterprises mature their security programs and align on-premises security with a cloud-native implementation,” he said.

Expanded security analytics

Google does offer its own SIEM tool in Google Chronicle, and its capabilities are being boosted considerably through integrations with Google Cloud data analytics services Looker and BigQuery.

Chronicle is a platform allows security teams to cost effectively store and analyze all their security data in one place and investigate and detect threats at speed and scale. The integrations with Looker, which is a business intelligence platform, and BigQuery, a cloud data warehouse service, will help to expand Chronicle’s reporting, compliance, visual security workflow and data exploration capabilities, Google product manager Rajesh Gwalani explained in a second blog post.

The integration enables Chronicle users to access what Gwalani described as “brand new, embedded Looker-driven dashboards” in five categories. The dashboards include a Chronicle security overview that surface high level insights on things such as ingested events and alerts. Then, digging deeper, users can access a data ingestion and health dashboard that provides an overview of all security telemetry ingested by Chronicle.

Other dashboards provide insights into indicators of compromise matches, triggered detection rules and user sign-ins. Besides those default dashboards, users can also create customized ones to provide an overview of their Chronicle security landscape defined by their own parameters. That way, they can be used to create powerful visualizations for ransomware detections, for example.

Modernizing security operations

Google says that what it’s really doing with Chronicle is modernizing security operations by transforming how companies solve challenges and engineer their workflows to achieve secure outcomes.

That is a difficult and complex journey, and some organizations might need a helping hand. Google is now providing that help with its new Autonomic Security Operations program that combines products, integrations, blueprints, technical content and an accelerator program to reimagine their security operations centers with Chronicle.

One of Google’s key partners on Autonomic Security Operations will be BT Group plc, which will bring the solution to the global market though a managed security offering, Potti said.

Cybersecurity insurance

One of the more interesting announcements today is an expansion of Google’s Risk Protection Program, which is now available to all Google Cloud customers in preview.

The Risk Protection Program connects Google Cloud customers to insurance providers including Allianz Global Corporate & Specialty and Munich Re Group. Those companies have both created specialized cyber insurance policies, available exclusively to Google Cloud customers.

To obtain such a policy, enterprises must use Google’s Risk Manager diagnostic tool to measure and manage their risk and obtain a report on their security posture. Then they send those reports to their insurance provider of choice. The insurer then assesses the customers’ level of risk and eligibility for the Cloud Protection + insurance plan.

Zero trust for government

One final announcement today pertained to a very specific offering for Google Cloud’s government customers. Potti said Google is adding new Zero Trust capabilities specifically for U.S. federal, state and local government agencies.

Zero trust is a security paradigm that involves shifting access control from a traditional network firewall to individual devices and users, enabling employees to work securely from any location. Google’s zero-trust offering is called BeyondCorp Enterprise, and grants access to computer system based on the details of each individual user and device that requests it.

Potti said Google Cloud is launching three new zero trust offerings within BeyondCorp Enterprise for government agencies that will help them to meet National Institute of Standards and Technology standards. They include a new Zero Trust Assessment and Planning offering delivered by its professional services organization. As the name suggests, it’s all about helping government agencies to plan and implement zero trust-based security. Google said its cloud’s PSO team will advise government organizations on the culture change, policies and technology needed to achieve a zero-trust framework.

Next up is Secure Application Access Anywhere, which provides secure application access and monitoring services. It’s designed as a more scalable and responsive alternative to government network boundary systems, Google said. It leverages Google Anthos, a hybrid cloud application development platform, to deploy applications in software containers, isolating the components of those apps so they can be secured and monitored more easily.

The new Active Cyber Threat Detection offering, meanwhile, is meant to help government agencies quickly determine if they have been compromised by cyberattacks. It relies on Chronicle’s threat hunting, detection and investigation capabilities and helps agencies to analyze both historic and current log data to detect any infiltration within their systems.

The COVID-19 pandemic and the disruption it caused with the move to remote work has exposed government agencies to dozens of new threats, said Adelaide O’Brien, an analyst with International Data Corp.

“The enhanced reliance on virtual work and interactions created new threat surfaces and new vulnerabilities exploited by organized actors,” he said. “To mitigate this crisis, it is critical that federal agencies take a sweeping approach to protect the security and privacy of digital assets and cultivate the ability to anticipate, identify, contain, measure and address cyber-risks.”

Analyst Holger Mueller of Constellation Research Inc. told SiliconANGLE that today’s announcements underscore how Google Cloud is working to make security a differentiator in order to sway enterprise decision-makers in its favor. “This is why Google Cloud is announcing better ways to automate security actions, improve its advisory offerings and expand its assurance program,” Mueller said. “Much of this is essential too, as security has become table stakes.”

With reporting from Robert Hof

Images: Google

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU