Advancing our trusted cloud with engineered-in, invisible security

Security has risen to the forefront of concerns for enterprises and governments around the globe. Attacks ripping across the software supply chain, zero-day issues in widely used email services, and ransomware attacks on critical infrastructure industries all provide evidence that adversaries are getting bolder, more successful and more prevalent. 

Despite these increasing risks, many security products seem to focus on solving problems created by other security products, rather than the root causes of the issues. But confidence and security can’t be achieved simply by buying another new product, or taking the same approaches while referring to them as the latest marketing buzzword. We need a hard reset - to rethink our approach to security with today’s environment in mind.

In our Cloud, we’ve successfully built advanced, cloud-native defenses from the ground up to serve individuals, governments and businesses around the world at massive scale. We want to bring these innovations to you, in ways that allow your employees, customers and developers to be as productive as ever, with stronger security that’s a frictionless part of everything they do.

It’s all part of our vision for invisible security, which enables Google to deliver the most trusted cloud, in which:

• Security technologies are engineered-in

• Security operations as a siloed center will eventually disappear

• Niche security talent gets democratized

• Shared responsibility evolves to shared fate

To realize our vision, we are announcing a raft of new product and solution offerings that bring together the best of Google, help organizations address their most pressing security challenges, and deliver you a trusted cloud. 

“Google is a strategic partner in our journey towards a data driven bank, with the cloud at the core of this strategy. The partnership with Google comprises four main areas: Data and Technology, Digital Marketing, Customer Financial Services and Sustainability,” said Alvaro Garrido, Chief Security Officer at BBVA. “By working directly with Google’s trusted cloud team, we benefit from their expertise and knowledge and they get feedback from a large company that, by its nature, has to be at the forefront of cybersecurity. For example, we are working closely with Google on adopting a Zero Trust Model that can help our organization increase flexibility for our workforce and increase security.”

Cloud-native network threat detection with Cloud IDS

One of our trusted cloud pillars is delivering you consistent, verifiable control throughout the cloud. Today we’re announcing Cloud IDS, our cloud-native, managed intrusion detection system that helps detect malware, spyware, command-and-control attacks, and other network-based threats. 

Cloud IDS is built with Palo Alto Networks’ advanced threat detection technologies to deliver highly effective security - the ability for the system to detect malicious activity with low false positives. With Cloud IDS, customers get easy deployment in just a few clicks and it's easy to operate with Google managing scaling, availability, and threat detection updates. Customers in regulated industries such as financial services, retail, and healthcare can use Cloud IDS to help support compliance requirements that mandate the use of an IDS. 

To respond to the network threats that Cloud IDS detects, you can create custom workflows within Google Cloud to take remediation action based on alerts. Cloud IDS can be used with our security partners’ SIEM and SOAR solutions so that you can get additional visibility into network threats, security analytics on Cloud IDS’s alerts, and can set up automated threat responses based on Cloud IDS’s alerts. You can also leverage the data that Cloud IDS generates to investigate and correlate threats in your own SIEM (Security Information and Event Management) and respond to them with your SOAR (Security Orchestration and Automated Response). At public preview, Cloud IDS will integrate with Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform, and Palo Alto Networks Cortex XSOAR. And soon, Cloud IDS will integrate with Google Cloud’s Chronicle and Security Command Center as well. To learn more, read our announcement here.

“We continue to expand our partnership with Google Cloud to help customers achieve their business goals as they move to the cloud. By combining the simplicity of native cloud controls in Google Cloud and our best-in-class security to help keep our customers’ networks safe with Cloud IDS, customers will no longer need to strike a compromise between security and simplicity on their most important digital initiatives.” —Muninder Singh Sambi, Senior Vice President of Product Management, Palo Alto Networks

"As enterprises move applications and workloads in the cloud, security teams want to replicate their on-premises network security stack in the cloud. Google Cloud IDS provides network threat detection as a service, helping enterprises mature their security programs and align on-premises security with a cloud-native implementation. This is why Google created Cloud IDS, built with Palo Alto Networks, to provide customers with a simple and powerful network security offering that can span a hybrid IT infrastructure." —Jon Oltsik, Senior Principal Analyst and Fellow, Enterprise Strategy Group (ESG) 

To further bolster network security, we’re also announcing the public preview release of Cloud Armor Adaptive Protection, a machine learning-powered, DoS detection and blocking mechanism. We’re helping customers mitigate OWASP Top 10 web vulnerabilities with the general availability of four additional preconfigured WAF rules, enhancements to our rule engine, and a new whitepaper and reference architecture. Finally, we’re announcing the public preview of rate limiting and integrated protection for content served from Google Cloud CDN and GCS.

 Extending the power of Chronicle with BigQuery and Looker

Today we announce a major milestone for Chronicle, our cloud-native security analytics platform, significantly increasing the prowess of analysts everywhere with the integration of Google Cloud’s industry-leading analytics platforms Looker and BigQuery. These integrations further advance Chronicle’s capabilities for reporting, compliance, visual security workflows, data exploration, security-driven data science, and more.

Security teams can access brand new, embedded Looker-driven dashboards in five content categories:

• Chronicle security overview - a set of overview visualizations that surface high level insights such as statistics and trends on ingested events, number of alerts, and a global threat map

• Data ingestion and health - an overview of all security telemetry ingested into Chronicle, including data types and volume

• IOC matches - a granular view into IOC matches detected in Chronicle, with views into IOC matches across IPs, domains, and assets

• Rule detections - detailed insight into the top 10 triggered detection rules, the top users, IPs, and assets associated with rules, and more

• User sign-in data - insights into sign-in data across the organization including sign-in status over time as well as top sign-ins by application and user

It’s also simple and straightforward to create your own dashboards from scratch based on a number of parameters. In the example below, Windows security logs or EDR logs can be used to create powerful visualizations for ransomware detections including top hosts impacted by ransomware, number of alerts over time, fake process creations, and lateral movement activity.

Modernizing security ops… introducing Autonomic Security Operations

Modernizing your security operations program to protect against modern-day threats is a significant undertaking -- transforming how people solve security challenges, how workflows are engineered to achieve secure outcomes, and how technologies can be leveraged to maximize ROI. 

Today, we’re thrilled to announce Autonomic Security Operations, a prescriptive solution to guide organizations through this journey. Autonomic Security Operations combines products, integrations, blueprints, technical content, and an accelerator program to enable customers to take advantage of our best-in-class technology stack built on Chronicle, and Google’s deep security operations expertise, whether they’re looking to reimagine their Security Operations Center (SOC) or augment their team with an expert MSSP.

We are also partnering with BT to bring our new Autonomic Security Operations solution to the managed security services market. This offering is just the first stage in BT and Google’s growing security relationship.

“We’re thrilled to partner with Google to bring Autonomic Security Operations to the global market through a managed security service offering. The deep experience we’ve gained from protecting the world’s largest brands and our networks across 180 countries will combine with Google’s technology vision and capabilities through ASO, providing our customers with world-class security capabilities.” —Kevin Brown, Managing Director, BT Security 

Autonomic Security Operations is backed by our robust partner ecosystem, supported by long-standing relationships with Cyderes and SADA Systems, among others, to accelerate the Security Operations modernization journey. Learn more about our commitment to transforming your Security Operations program here and download our Autonomic Security Operations Whitepaper.

Shared Fate Risk Management

Our commitment to shared fate requires that we help customers build a more comprehensive and efficient risk management program.

On July 28th, we will be expanding availability of the Risk Protection Program to all Google Cloud customers in public preview. With the Risk Protection Program, we are pushing the boundaries of the security capabilities customers should expect a cloud platform to deliver.

The program helps Google Cloud customers connect with our insurer partners, Allianz Global Corporate & Specialty (AGCS) and Munich Re, who designed a specialized cyber insurance policy exclusively for Google Cloud customers called Cloud Protection +. Our Google Cloud security diagnostic tool called Risk Manager enables customers to measure and manage their risk on Google Cloud and obtain a report on their security posture. Customers can use Risk Manager to send reports to AGCS and Munich Re, who in turn can leverage the reports to assess customers’ security posture and underwriting eligibility for Cloud Protection +. 

These capabilities help you leverage invisible security when you transform your applications in our trusted cloud, or while you operate in a multi-cloud or private cloud environment. To learn more about how we can help you rethink, reshape, and transform your security program, visit cloud.google.com/security and our Cloud Security Best Practices Center.