Google Cloud is expanding the capabilities of its Cloud Armor networking defense service to protect customers in gaming, telecommunications and other industries that run workloads behind external network load balancers or virtual machines with public IP addresses or use protocol forwarding.

Until now, these customers lacked a Google Cloud-native defensive capability to protect those workloads, meaning they were at high risk of distributed denial-of-service and other attacks.

To remedy that, Google Cloud today introduced Cloud Armor Advanced Network DDoS Protection, providing customers with always-on attack detection and mitigation for such workloads. The new service will help to defend customers from some of the most common volumetric DDoS and protocol DDoS attacks, such as so-called SYN flood, UDP flood, DNS reflection and NTP amplification attacks.

In a blog post announcing the update, Google Cloud Product Manager Lihi Shadmi explains how Cloud Armor Advanced Network DDoS Protection runs behind the scenes, at the edge of Google’s network, where it passively monitors two kinds of signals. The first pertains to the customer’s workload’s health, while the second analyzes incoming traffic. Whenever Cloud Armor detects early signs of workload distress or a sudden change in traffic patterns compared to the usual baseline, it will alert customers that an attack is taking place. It’s an always-on monitoring mechanism with a low false-positive attack detection rate that doesn’t add latency to traffic flows, Shadmi said.

Once an attack has been detected, Cloud Armor analyzes the traffic to determine the attack signature, based on its curated signature database. Using this information, it can then deploy the most appropriate mitigation at the edge of the network.

“Cloud Armor stops the incoming attack before it reaches the customer’s workloads while allowing legitimate traffic to pass through,” Shadmi wrote. “The mitigations are in effect only during an attack. Once Cloud Armor identifies the attack has ended, it will disable the mitigations. The whole process, from detection to mitigation, takes mere seconds.”

The service will keep a record of past and ongoing DDoS attacks that customers can access at any time. During an attack, it will generate three types of event logs — the detection and start of mitigation, updates about the status of the attack every five minutes for as long as it remains active, and then the conclusion of the attack and the end of mitigation. Customers will also be able to see information such as the attack classification and traffic volumes.

Google said customers can apply Cloud Armor Advanced Network DDoS Protection by enrolling in Cloud Armor’s Managed Protection Plus program. They’ll need to configure the service to provide protection on a per-region basis, for all Google Cloud regions they’re using.

Cloud Armor’s Managed Protection Plus subscription requires a one-year commitment, but Shadmi said customers can access flexible cancellation terms for the first 30 days in order to try Advanced Network DDoS Protection or any other premium feature they’re interested in.

Images: Google Cloud