8 Top Announcements From The Google Cloud Security Summit

‘Every day, every week, there’s something coming up, and it’s to a point where, in fact, many companies — through ransomware or otherwise — are actually almost abdicating their responsibility,’ says Sunil Potti, Google Cloud’s general manager and vice president of cloud security. ‘There’s a meme going around where a CISO is hesitant to spend $1 million on security tools, but writes a check for $10 million for ransomware very quickly.’

Organizations need a “hard reset” to rethink their cloud security approaches in the wake of increasing risks from attacks on software supply chains, zero-day issues in email services and ransomware attacks on critical infrastructure industries, according to Sunil Potti, Google Cloud’s general manager and vice president of cloud security.

At its online Security Summit today, Google Cloud today unveiled new offerings to support its cloud platform, products and services with “engineered-in, invisible security.” The security products and services include the integration of its cloud-native Chronicle security analytics platform with its Looker and BigQuery analytics platforms, Autonomic Security Operations and the previews of a managed intrusion detection system and a risk protection program.

“We fundamentally believe to trust the cloud more, you have to be able to trust it less,” Potti said. “This zero-trust approach tends to be an underpinning for us to bring unprecedented visibility, transparency and control to customers not only on GCP (Google Cloud Platform), but also in their own data centers or on Amazon or Azure, or other clouds of their choice with products like BeyondCorp Enterprise or Chronicle.”

Security controls covering only 80 percent of an organization’s services equates to 0 percent coverage, Potti noted.

“We all seem to have this feeling like every day, every week, there’s something coming up, and it’s to a point where, in fact, many companies — through ransomware or otherwise — are actually almost abdicating their responsibility,” Potti said. “There’s a meme going around where a CISO is hesitant to spend a million dollars on security tools, but writes a check for $10 million for ransomware very quickly.”

Google Cloud also announced three new services offerings to help U.S. federal, state and local government organizations implement zero-trust architecture in line with President Joseph Biden’s executive order in May on improving the nation’s cybersecurity, along with National Institute of Standards and Technology standards.

Biden’s executive order comes down to accelerating the journey to zero-trust architecture, solid cyber-analytics, along with diagnosis and an ability to rapidly recover, according to Mike Daniels, vice president of global public sector sales for Google Cloud.

“Partially as a result of the pandemic, which expanded the threat offload tremendously with respect to remote work, and then with the exclamation points of Solarwinds, and the Colonial Pipeline, the threat landscape suddenly heated up tremendously again…and that threatened national security, critical infrastructure and the delivery, frankly, of essential services for the nation to operate,” Daniels said. “It was a really good reminder about the importance of top-level security infrastructure, securing third-party vendors and eliminating reliance on a single cloud vendor as resilience became really important.”

Here’s a closer look at the top eight security announcements from today’s Google Cloud Security Summit.

Cloud IDS

Now in preview, Cloud IDS is Google Cloud’s managed intrusion detection system. The network security offering provides cloud-native network threat detection that helps detect malware, spyware, command-and-control attacks and other network-based threats.

Cloud IDS is built with Palo Alto Networks’ advanced threat detection capabilities and is backed by its threat analysis engine and security research teams that continually add to the catalog of known threat signatures and leverage other threat detection mechanisms to stay abreast of unknown threats. In addition to visibility into traffic to and from the internet, it also can monitor east-west traffic, including both intra- and inter-VPC communication for suspicious lateral movement.

The system detects malicious activity with low false positives, according to Potti. “With Cloud IDS, customers get easy deployment in just a few clicks, and it’s easy to operate, with Google managing scaling, availability and threat detection updates,” Potti said. “Customers in regulated industries such as financial services, retail and healthcare can use Cloud IDS to help support compliance requirements that mandate the use of an IDS.”

When Cloud IDS detects network threats, users can create custom workflows within Google Cloud to take remedial action based on alerts that are prioritized by severity. Cloud IDS can be used with Google Cloud’s security partners’ security information and event management (SIEM) and security orchestration, automation and response (SOAR) solutions for additional visibility into network threats and security analytics on Cloud IDS alerts.

For the public preview, Cloud IDS will integrate with Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform and Palo Alto Networks Cortex XSOAR. Cloud IDS also soon will integrate with Google Cloud’s Chronicle and Security Command Center.

Cloud Armor Updates

Google Cloud announced several updates for Cloud Armor, its distributed denial-of-service (DDoS) defense service and web-application firewall (WAF) that helps customers protect their websites and services from denial-of-service and web attacks with the same infrastructure, network and technology that Google uses to protect its own internet-facing properties.

The cloud provider announced the general availability of four new preconfigured WAF rules and a reference architecture to help its customers protect against OWASP Top 10 web-app vulnerability risks. The new WAF rules — scanner detection, PHP injection, session fixation and protocol enforcement — help protect customers’ websites and services from attacks such as HTTP request smuggling and unwanted scanners and crawlers.

Google Cloud unveiled preview releases of Cloud Armor protection for content served from Cloud Content Delivery Network (Cloud CDN) or Google Cloud Storage (GCS) backend buckets. Customers now can enforce geography-based access policies and block unwanted users to comply with licensing or regulatory requirements by deploying Cloud Armor edge security policies in front of their Cloud CDN- or GCS-enabled services to filter requests before they’re served from cache.

Google Cloud also announced per-client rate limiting in Cloud Armor, now in preview, with the introduction of two rule actions: throttle and rate-based-ban. “Now users can help ensure the availability of their applications, prevent abuse and mitigate malicious activity like credential stuffing by configuring Cloud Armor to throttle clients to a specified request rate or block all traffic from abusive clients,” said Emil Kiner, Google Cloud’s Cloud Armor project manager. “Rate-limiting rules will be available to all Cloud Armor customers (both Standard and Managed Protection Plus) in the upcoming weeks.”

Chronicle Integration With Looker And BigQuery

Chronicle, Google Cloud’s cloud-native security analytics platform, is now integrated with its Looker and BigQuery analytics platforms to strengthen its reporting, compliance, visual security workflows, data exploration and security-driven data science capabilities.

Security teams now can access new embedded, Looker-driven dashboards in five content categories: Chronicle security overview, a set of overview visualizations that surface high-level insights such as statistics and trends on ingested events, number of alerts and a global threat map; data ingestion and health, an overview of all security telemetry ingested into Chronicle, including data types and volume; indicator of compromise (IOC) matches, a granular view into IOC matches detected in Chronicle, with views into IOC matches across IPs, domains and assets; rule detections, detailed insight into the top 10 triggered detection rules, the top users, IPs and assets associated with rules; and user sign-in data, insights into sign-in data across an organization, including sign-in statuses over time and top sign-ins by application and user. Customers also can create their own dashboards from scratch.

Chronicle’s integration with BigQuery, Google Cloud’s serverless and multi-cloud data warehouse, is designed to make it easier for analysts to leverage complex, massive security data sets to find problems faster. Chronicle customers can export petabytes of security telemetry into BigQuery.

Each Chronicle tenant now includes a private, managed BigQuery data lake featuring data export at regular intervals and 180 days of data retention included at no extra cost. In addition to Looker, customers can use any BigQuery-compatible tool — including Google Data Studio, Grafana, Google Sheets and Tableau — to create security visualizations with Chronicle data, according to the cloud provider.

Autonomic Security Operations

Autonomic Security Operations is a stack of products, integrations and tools to improve organizations’ abilities to withstand security attacks through an adaptive, agile and highly automated approach to threat management, according to Google Cloud.

The prescriptive solution combines products, integrations, blueprints, technical content and an accelerator program to allow customers to take advantage of Google’s technology stack built on Chronicle and its security operations expertise, whether they want to reimagine their security operations center (SOC) or augment their team with a managed security service provider, according to Potti.

Google Cloud is partnering with London-based managed network IT services provider BT to bring the Autonomic Security Operations solution to the managed security services market.

Risk Protection Program

Google Cloud will expand the availability of its Risk Protection Program on July 28 to all customers in public preview.

The program is designed to reduce security risk and provides access to an exclusive cyber insurance policy designed exclusively for Google Cloud customers.

“Our commitment to shared fate requires that we help customers build a more comprehensive and efficient risk management program,” Potti said. “With the Risk Protection Program, we are pushing the boundaries of the security capabilities customers should expect a cloud platform to deliver.”

The Risk Protection Program helps customers connect with Google Cloud insurance partners Allianz Global Corporate & Specialty (AGCS) and Munich Re, which have designed a specialized cyber insurance policy exclusively for Google Cloud customers called Cloud Protection +.

Google Cloud customers can use Risk Manager, a diagnostic tool in preview that scans their workloads on Google Cloud and provides reports of proactive security recommendations to minimize misconfigurations. Customers can send the reports to AGCS and Munich Re, which can leverage them to assess the customers’ security postures and underwriting eligibility for Cloud Protection +.

Zero Trust Assessment and Planning

Google Cloud’s Zero Trust Assessment and Planning offering is designed to help government customers reach security goals through zero-trust architecture planning for core applications and data. It’s delivered in phases through Google Cloud’s professional services organization, which will advise government organizations on the culture change, policies and technology needed to achieve a zero-trust framework. The new personalized service helps government agencies leverage Google Cloud tools to support existing assets and infrastructure in cloud-based, on-premises or hybrid environments.

“Zero trust is something that everyone wants to get to, but no one knows where to begin and how to do this in a logical way,” Daniels said. “The ‘how step’ is incredibly important, and it’s different for each one of our government organizations based on the IT landscape they have, what are the most pressing threats. This is a set of offerings…that consists of assessments, workshops and strategy development that really help our government customers understand the ‘how step’: How do we start achieving this and make material progress along this path, with a blueprint and a roadmap that gets us to where we need to go at the end, keeping in mind budgets, legacy tech infrastructure that we have to deal with and making the most of that along the way.”

Secure Application Access Anywhere

The Secure Application Access Anywhere offering is a container-based solution for secure application access and monitoring that can serve as a scalable, highly responsive alternative to government network boundary systems.

The offering, which is being delivered in partnership with Palo Alto Networks and Google Cloud’s professional services organization, leverages Google Cloud’s hybrid and multi-cloud Anthos platform to deploy and manage containers that provide secure access and monitoring for applications in cloud or on-premises environments.

“This is highly differentiated from network boundary-type constraints of internet access point control, controlled access points...anywhere where we’re trying to use a network boundaries structure to do this,” Daniels said. “The weaknesses of that got pointed out during the pandemic just from a capability and throughput type standpoint. The thing that changed really for government, particularly for federal government, is it was a lot different to truly work from home versus being connected a little bit with respect to email.”

A recent successful prototype of the solution, deployed by the Defense Innovation Unit (DIU), helped accelerate its zero-trust journey by providing fast, secure and controlled access by users to SaaS apps directly over the internet, according to Google Cloud. The DIU is a U.S. Department of Defense organization that helps the U.S. military make faster use of emerging commercial technologies.

“This started really pre-pandemic, but the timing was absolutely spot on in the sense that they were exploring alternatives to this cap system with respect to access, and we completed that prototype with a success letter from the DIU just recently,” Daniels said.

Active Cyber Threat Detection

The new Active Cyber Threat Detection offering is designed to help government organizations quickly determine if they’ve been compromised by cyberattacks that they haven’t yet detected.

Delivered through Google Cloud partner Fishtech’s CYDERES security-as-a-service division based in Kansas City, Mo., Active Cyber Threat Detection leverages the capabilities of Google Cloud’s Chronicle platform, enabling government organizations to readily analyze their historic and current log data to detect threats confidently and quickly.