Google Cloud today announced a range of new security tools to help both private businesses and the public sector face the modern-day threat landscape.
Security has become a forefront enterprise and government concern as cyberattacks interrupt the supply chain, vulnerabilities are found in widespread services, and ransomware attacks prove relentless against global targets.
Despite the increased risk and ever-growing attack surface, "most security products seem to focus on solving products created by other security products, rather than the root causes of the issues," said Sunil Potti, vice president and general manager of Google Cloud Security, in a blog post. Confidence and security cannot be obtained by simply buying yet another new security tool, he said.
Google's approach involves "invisible security," in which it builds security technologies into its platform and aims to remove security operations as a siloed center. "Invisible security is about making security simple – and doing simple is hard," said Potti in a press briefing last week.
Today's updates include the launch of Cloud IDS, a cloud-native intrusion detection system (IDS) to identify malware, spyware, command-and-control attacks, and other network-based threats.
Cloud IDS is built on Palo Alto Networks' threat detection technologies, Potti noted, adding that organizations in regulated industries, such as financial services, retail, and healthcare, can use the tool to help support compliance requirements that mandate the use of intrusion detection.
Organizations can use Cloud IDS to gain visibility into traffic going to and from the Internet, as well as east-west traffic that includes intra- and inter-VPC (virtual private cloud) communication. Security teams can create custom workflows within Google Cloud to act on threats detected, use data Cloud IDS generates to investigate threats in their security information and event management (SIEM) systems, and respond with their security orchestration and automated response (SOAR) tools.
Now in public preview, Cloud IDS will integrate with Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform, and Palo Alto Networks' Cortex XSOAR. Google says it will soon also integrate with Google Cloud's Chronicle and Security Command Center.
The effort to simplify security extends to the launch of Autonomic Security Operations, a new service intended to help modernize security operations programs. This combines products, integrations, blueprints, technical content, and an accelerator program so organizations can give their security operations center (SOC) a boost. Google is teaming up with BT to bring its Autonomic Security Operations to the managed security services market, the company reports.
Today also brings updates to Chronicle, Google's cloud-native security analytics platform, which will be integrated with Google Cloud analytics tools Looker and BigQuery. Security teams will be able to access embedded Looker-driven dashboards across content categories, including an overview of all the security telemetry ingested in Chronicle, a granular view into indicator of compromise (IoC) matches detected in Chronicle, insights into user sign-in data, and more detailed insight into the top triggered detection rules, as well as the top users, IPs, and assets associated with each rule.
Security Tools for the Public Sector
Along with its enterprise-focused tools, Google is launching new services to aid US government organizations in protecting against security threats and complying with the recent executive order to improve federal cybersecurity.
The first of these is Zero Trust Assessment and Planning, which is delivered through Google Cloud's professional services organization and built to advise government organizations on the culture change, policies, and technology needed to implement a zero-trust framework. It's built to deliver the service in phases and support existing government assets and infrastructure.
Google Cloud today also announced Secure Application Access Anywhere, a new container-based tool that can be used as an alternative to government network boundary systems. The tool, a prototype of which was recently tested by the Department of Defense's Defense Innovation Unit, uses Google Cloud's Anthos to deploy and manage containers that facilitate secure access and monitoring for applications in cloud and on-premises environments.
Third is Google Cloud's new Active Cyber Threat Detection services, designed to help government agencies determine whether they have been compromised by analyzing their historic and current log data. The service is delivered through Fishtech's Cyderes and uses the capabilities of Google Cloud's Chronicle threat hunting, detection, and investigation platform.