News, news analysis, and commentary on the latest trends in cybersecurity technology.

Today's announcements include a cloud-native intrusion detection system and government-focused offerings that comply with the White House's executive order.

Kelly Sheridan, Former Senior Editor, Dark Reading

July 20, 2021

4 Min Read
Google campus office Seattle
dbvirago via Adobe Stock

Google Cloud today announced a range of new security tools to help both private businesses and the public sector face the modern-day threat landscape.

Security has become a forefront enterprise and government concern as cyberattacks interrupt the supply chain, vulnerabilities are found in widespread services, and ransomware attacks prove relentless against global targets.

Despite the increased risk and ever-growing attack surface, "most security products seem to focus on solving products created by other security products, rather than the root causes of the issues," said Sunil Potti, vice president and general manager of Google Cloud Security, in a blog post. Confidence and security cannot be obtained by simply buying yet another new security tool, he said.

Google's approach involves "invisible security," in which it builds security technologies into its platform and aims to remove security operations as a siloed center. "Invisible security is about making security simple – and doing simple is hard," said Potti in a press briefing last week.

Today's updates include the launch of Cloud IDS, a cloud-native intrusion detection system (IDS) to identify malware, spyware, command-and-control attacks, and other network-based threats.

Cloud IDS is built on Palo Alto Networks' threat detection technologies, Potti noted, adding that organizations in regulated industries, such as financial services, retail, and healthcare, can use the tool to help support compliance requirements that mandate the use of intrusion detection.

Organizations can use Cloud IDS to gain visibility into traffic going to and from the Internet, as well as east-west traffic that includes intra- and inter-VPC (virtual private cloud) communication. Security teams can create custom workflows within Google Cloud to act on threats detected, use data Cloud IDS generates to investigate threats in their security information and event management (SIEM) systems, and respond with their security orchestration and automated response (SOAR) tools.

Now in public preview, Cloud IDS will integrate with Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform, and Palo Alto Networks' Cortex XSOAR. Google says it will soon also integrate with Google Cloud's Chronicle and Security Command Center.

The effort to simplify security extends to the launch of Autonomic Security Operations, a new service intended to help modernize security operations programs. This combines products, integrations, blueprints, technical content, and an accelerator program so organizations can give their security operations center (SOC) a boost. Google is teaming up with BT to bring its Autonomic Security Operations to the managed security services market, the company reports.

Today also brings updates to Chronicle, Google's cloud-native security analytics platform, which will be integrated with Google Cloud analytics tools Looker and BigQuery. Security teams will be able to access embedded Looker-driven dashboards across content categories, including an overview of all the security telemetry ingested in Chronicle, a granular view into indicator of compromise (IoC) matches detected in Chronicle, insights into user sign-in data, and more detailed insight into the top triggered detection rules, as well as the top users, IPs, and assets associated with each rule.

Security Tools for the Public Sector
Along with its enterprise-focused tools, Google is launching new services to aid US government organizations in protecting against security threats and complying with the recent executive order to improve federal cybersecurity.

The first of these is Zero Trust Assessment and Planning, which is delivered through Google Cloud's professional services organization and built to advise government organizations on the culture change, policies, and technology needed to implement a zero-trust framework. It's built to deliver the service in phases and support existing government assets and infrastructure.

Google Cloud today also announced Secure Application Access Anywhere, a new container-based tool that can be used as an alternative to government network boundary systems. The tool, a prototype of which was recently tested by the Department of Defense's Defense Innovation Unit, uses Google Cloud's Anthos to deploy and manage containers that facilitate secure access and monitoring for applications in cloud and on-premises environments.

Third is Google Cloud's new Active Cyber Threat Detection services, designed to help government agencies determine whether they have been compromised by analyzing their historic and current log data. The service is delivered through Fishtech's Cyderes and uses the capabilities of Google Cloud's Chronicle threat hunting, detection, and investigation platform.

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights