Google Cloud is expanding its Security Command Center service with the availability of Virtual Machine Threat Detection in public preview starting today.

VMTD works by scanning virtual machine instances in Google Compute Engine to detect a wide range of security threats, including things like cryptomining malware, which hijack virtual machines and redirect their computing power to mine cryptocurrencies. One of the best things about VMTD is that it collects signals that can identify such threats without running additional software, meaning there’s no performance impact from running it.

The Security Command Center gives customers an overview of their Google Cloud environments, helping customers gain visibility into their cloud assets and discover vulnerabilities and threats that may be targeting them. It also helps customers to maintain compliance based on industry standards and benchmarks.

VMTD adds to those capabilities, using agentless memory scanning to detect threats inside VM-based architectures running in Google Cloud. Whereas traditional security software relies on deploying software agents inside a guest VM to gather signals and telemetry that may indicate the presence of a threat, doing so comes at a cost of reduced performance.

“For Compute Engine, we wanted to see if we could collect signals to aid in threat detection without requiring our customers to run additional software,” Google Cloud Product Manager Timothy Peacock wrote in a blog post. “Not running an agent inside of their instance means less performance impact, lowered operational burden for agent deployment and management, and exposing less attack surface to potential adversaries.”

Instead, with VMTD, Google instruments the hypervisor, which is the software that runs underneath and orchestrates multiple VMs, to detect security threats.

Google said the threat of cryptomining malware, also known as cryptojacking, is something enterprises should be concerned about. The latest Google Cybersecurity Action Team Threat Horizons Report found that 86% of compromised cloud instances were being used to mine cryptocurrencies such as bitcoin. Other threats include ransomware and data exfiltration.

The preview of VMTD can only detect cryptomining attacks for now, but in the future, Peacock said, Google is planning to add additional detective capabilities and perhaps also integration with other areas of Google Cloud.

The VMTD service is available now for Security Command Center Premium customers only, accessible within the Settings page. Peacock said the service will not be enabled by default – meaning customers have to opt in – to safeguard user trust.

Image: rawpixel.com/Freepik