Google launches Cloud Armor Adaptive Protection to prevent DDoS attacks
Google LLC said today it’s advancing intelligent automation within its cloud network security controls as part of its ongoing mission to shore up its customers’ defenses.
One of the biggest threats that many businesses face today is distributed denial-of-service attacks on their infrastructure. They’re designed to take websites and applications offline by overloading them with traffic and requests.
Google, thanks to its status as one of the biggest internet companies in the world, has become something of an expert in warding off DDoS attacks. In a blog post today, Google Network Security Product Management Lead Peter Blum, and Google Cloud Platform & Google Workspace Security Lead Sam Lugani related how the company recently managed to thwart a massive 2.54-terabit-per-second DDoS attack on its systems.
“Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact,” Blum and Lugani said.
Now, Google is offering its customers the benefit of its expertise. Google Cloud Armor Adaptive Protection is a new feature within Google’s Cloud Armor offering available today that helps to protect services running in Google Cloud, or other clouds or on-premises systems, from similarly massive DDoS attacks.
Adaptive Protection relies on multiple machine learning models that analyze security signals for each web service to detect any potential attack against them and can protect against even the highest-volume attacks. It works by learning what normal application and service traffic looks like, so it can quickly spot when something is amiss.
“For example, attackers frequently target a high volume of requests against dynamic pages like search results or reports in web apps in order to exhaust server resources to generate the page,” Blum and Lugani explained.
Adaptive Protection automatically generates an alert when it suspects an attack is taking place. It goes further too, by providing context about why it thinks the traffic it has detected is malicious, and provides rules to mitigate the attack. It means customers get all the context they need to make a decision on whether and how to stop the potentially malicious traffic, without having to spend hours analyzing traffic logs to triage the ongoing attack first.
“This protection is woven into our cloud fabric and only alerts the operator for more serious issues with context, an attack signature and a Cloud Armor rule that they can then deploy in preview or blocking mode,” Blum and Lugani said. “Cloud Armor Adaptive Protection is going to simplify protection in a big way, and will be rolling out to the public in preview soon.”
Firewall updates
DDoS attacks are not the only threat that Google’s enterprise customers need to deal with. They also must protect against unauthorized access to their networks, which is typically done with the installation of a network firewall that allows only trusted users and services to gain entry.
Google is helping shore up customer’s firewalls with a new feature called Firewall Insights that it says will enable more simplified control, enabling easier management of complex network environments. With Firewall Insights, users can optimize their firewall configurations with numerous detection capabilities. They include shadowed rule detection, which helps to identify firewall rules that have accidentally been “shadowed”’ by conflicting rules with higher priorities.
“In other words, you can automatically detect rules that can’t be reached during firewall rule evaluation due to overlapping rules with higher priorities,” Blum and Lugani said.
The main benefit of this is detecting redundant firewall rules, open ports and IP ranges and helping to tighten overall security boundaries. In addition, it can help admins to surface any sudden hit increases on firewall rules and identify the source of that traffic to spot emerging attacks on the network.
Firewall Insights will be generally available soon.
Google is adding more flexible and scalable firewall controls as well with a new feature called Hierarchical Firewall Policies that will also be made available soon. The idea with this is to centralize control of firewall security at the organization and folder level, while helping to delegate more granular control for specific projects with their respective administrators.
“This allows security administrators at different levels in the hierarchy to define and deploy consistent firewall rules across a number of projects so that they are applied to all VMs in currently existing and yet-to-be-created projects,” Blum and Lugani said.
Updated Packet Mirroring controls
In a final update, Google is adding more advanced controls to its Cloud Packet Mirroring service that allows customers to mirror networking traffic from Virtual Private Clouds to third-party network inspection services. The idea with this is that customers can use those tools to inspect their network traffic at scale for purposes such as intrusion detection, application performance monitoring and better security visibility.
Blum and Lugani said Google will be adding new filters to mirror packets that will be made generally available soon.
“With traffic direction control, you can now mirror either the ingress or egress traffic, helping users better manage their traffic volume and reduce costs,” they said.
Image: Standret/Freepik
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU