As more and more applications move to the cloud, cloud network security teams have to keep them secure against an ever-evolving threat landscape. Shielding applications against network threats is also one of the most important criteria for regulatory compliance.  To address these challenges, many cloud network security teams build their own complex network threat detection solutions based on open source or third-party IDS components. These customized solutions can be difficult and costly to operate, and they often lack the scalability that is required to protect dynamic cloud applications.

To meet this challenge, Google Cloud has announced the general availability of Google Cloud Intrusion Detection System (IDS) – a cloud-native managed network security solution, where key security capabilities are continuously engineered into our trusted cloud platform.  This core network security offering helps detect network-based threats and helps organizations meet compliance standards that call for the use of an intrusion detection system.

Cloud IDS is built with Palo Alto Networks’ industry-leading threat detection technologies,  providing high levels of security efficacy that enable you to detect malicious activity with few false positives.  The general availability release includes these enhancements:

• Service availability in all regions
• Auto-scaling available in all regions
• Detection signatures automatically updated daily
• Support for customers’ HIPAA compliance requirements (under the Google Cloud HIPAA Business Associate Agreement)
• ISO27001 certification (and in the audit process to support customers’ PCI-DSS compliance requirements by year end)
• Integration with Chronicle, Google’s security analytics platform, to help organizations investigate threats surfaced by Cloud IDS.

Managed network threat detection with full traffic visibility:

Cloud IDS delivers cloud-native, managed, network-based threat detection. It features simple setup and deployment, and gives customers visibility into traffic entering their cloud environment (north-south traffic) and into traffic between workloads (east-west traffic). Cloud IDS empowers security teams to focus their resources on high priority issues instead of designing and operating complex network threat detection solutions.4

“Cloud IDS delivers cloud-native, managed, network-based threat detection. It features simple setup and deployment, and gives customers visibility into traffic entering their cloud environment (north-south traffic) and into traffic between workloads (east-west traffic). Cloud IDS empowers security teams to focus their resources on high priority issues instead of designing and operating complex network threat detection solutions,” according to  Google.

“Google Cloud customers will be able to deploy on-demand application visibility and threat detection between workloads or containers in any Google Cloud virtual private cloud (VPC) to support their compliance goals and protect applications,” said Palo Alto Networks Senior Vice President Muninder Singh Sambi in a separate post.

Google Cloud VPC threat detection preceding Google Cloud IDS was limited in its scope, he said. It was also complex to design and implement, and—most crucially for cloud-native businesses—couldn’t scale dynamically to handle cloud bursting events, which are necessary to handle peaks in IT demand.

“Until now, detecting threats in traffic between workloads within the trust boundary of a VPC has been a significant hurdle for cloud network security teams, leading to compliance challenges and blind spots for the Security Operations Center (SOC),” he said.

“The Palo Alto Networks ML-powered threat analysis engine processes over 15 trillion transactions per day, automatically collected from across our global network of firewalls and endpoint agents. The result is 4.3 million unique security updates made per day to ensure you’re covered against the latest threats,” Sambi added.

Google Cloud IDS comes at at time when hyper-scalers, including Google, Amazon and Microsoft, are rapidly increasing their global Wide Area Network (WAN) reach. Businesses are increasingly turning to the public cloud and multi-cloud as more companies pivot to being cloud-native or at least cloud-adjacent.

In December Google announced plans to move into Germany, Israel, and Saudi Arabia with new cloud regions planned for 2022. Those join 29 cloud regions and 88 zones already in use.

Cloud IDS is now available in all regions. It provides protection against malware, virus and spyware, command and control (C2) attacks, and vulnerabilities such as buffer overflow and illegal code execution attacks. Auto-scaling capability dynamically adjusts Cloud IDS as needed when your traffic throughput changes so that you can automatically keep up with your scale needs. Threat signature updates are applied daily so you can stay ahead of the new threat variants. You can now use Chronicle to investigate the threats surfaced in Cloud IDS. With Chronicle’s integration, you can store and analyze Cloud IDS threat logs along with all your security telemetry data in one place so that you can effectively investigate and respond to threats at scale.

Google has patented their IDS, which is defined as follows:

An intrusion detection system for detection of intrusion or attempted intrusion by an unauthorized party or entity to a computer system or network, the intrusion detection system comprising means for monitoring the activity relative to the computer system or network, means for receiving and storing one or more general rules, each of the general rules being representative of characteristics associated with a plurality of specific instances of intrusion or attempted intrusion, and matching means for receiving data relating to activity relative to said computer system or network from the monitoring means and for comparing, in a semantic manner, sets of actions forming the activity against the one or more general rules to identify an intrusion or attempted intrusion. Inductive logic techniques are proposed for suggesting new intrusion detection rules for inclusion into the system, based on examples of sinister traffic.

References:

https://cloud.google.com/blog/products/identity-security/announcing-general-availability-of-google-cloud-ids

https://www.paloaltonetworks.com/blog/2021/07/google-cloud-network-threat-detection/

https://patents.google.com/patent/WO2003090046A2

Google Cloud IDS simplifies virtual private cloud network threat detection