Google Cloud on Tuesday is introducing a range of new security products, for both its private and public sector customers, as they look to respond to the quickly-evolving threat landscape. The new public sector tools will help agencies comply with President Joe Biden’s cybersecurity executive order. Meanwhile, other Google Cloud customers will have access to more automated security operations, as well new threat detection capabilities powered by Palo Alto Networks technology.
The new products follow a series of dramatic cybersecurity incidents, including the Colonial Pipeline ransomware attack that shut down gas and oil deliveries throughout the southeast, the SolarWinds software supply chain attack and an extensive hack on Microsoft Exchange servers.
For CSOs, however, there’s no room to breathe easy. “If anything, the attack surface is going to get worse,” Sunil Potti, Google Cloud VP and GM of cloud security, said to reporters last week.
Rather than “build products that fix problems with other products,” he said, Google has focused on building “invisible security” into the cloud. “Invisible security is about making security simple,” Potti said. “When you embrace GCP security, you’re not just getting a safer environment, but you’re simplifying your overall operations.”
To that end, Google Cloud is introducing Autonomic Security Operations, a turnkey offering that the company is bringing to the managed security services market in partnership with BT. The service provides access to products, integrations, blueprints, technical content and an accelerator program to helps customers emulate a best-in-class Security Operations Center (SOC).
Google is also introducing Cloud IDS, a cloud-native, managed Intrusion Detection System that leverages Palo Alto Networks technology to help customers detect malware, spyware, command-and-control attacks and other network-based threats.
Cloud IDS should be particularly important for industry with compliance requirements that mandate the use of an IDS, such as financial services, retail and healthcare.
The new offering makes it easier to deploy and manage network threat detection, and it provides visibility into traffic flowing into the cloud, as well as traffic between workloads.
To respond to threats detected by Cloud IDS, customers can create custom remediation workflows within Google Cloud. The data Cloud IDS generates can be integrated into SIEM (Security Information and Event Management) and SOAR (Security Orchestration and Automated Response) solutions.
At public preview, Cloud IDS will integrate with Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform, and Palo Alto Networks Cortex XSOAR. It should also soon integrate with Google Cloud’s Chronicle and Security Command Center.
Meanwhile, Google is stepping up the capabilities in Chronicle, its cloud-native security analytics platform, by integrating it with Google’s analytics platforms Looker and BigQuery. Among other things, this will allow customers to use newly-embedded dashboards, driven by Looker, in five content categories: Chronicle security overview, data ingestion and health, IOC matches, rule detections and user sign-in data.
Google is also expanding the availability of its Risk Protection Program to all Google Cloud customers in public preview. The program helps customers connect with Google’s insurer partners, Allianz Global Corporate & Specialty (AGCS) and Munich Re, who designed a specialized cyber insurance policy for Google Cloud customers.
For the public sector, Google has a series of new services that will help organizations maintain compliance with the cybersecurity executive order President Biden signed in early May. The executive order comes down to a few simple goals, Mike Daniels, Google Cloud’s public sector VP, said: “accelerating the journey to a zero-trust architecture, solid cyber analytics along with diagnosis, and an ability to rapidly recover.”
To aid in that effort, Google is introducing a new Zero Trust Assessment and Planning offering, delivered via Google Cloud’s professional services organization (PSO). Google’s PSO team will help organizations assess their most pressing threats based on their IT landscape and create a roadmap to zero-trust security that considers factors like budget limitations and legacy technology.
“Most of the time, zero trust is something that everyone wants to get to, but no one knows where to begin,” Daniels said.
Next, Google Cloud is introducing Secure Application Access Anywhere, a new, container-based service for secure application access and monitoring. Google’s PSO team provides the service in partnership with Palo Alto Networks. It gives customers access to Google Cloud’s Anthos to deploy and manage containers that provide secure access and monitoring for applications, in cloud or on-premise environments.
Lasty, the new Active Cyber Threat Detection service helps government organizations quickly determine if they may have been compromised by cyberattacks that they have not yet detected. It will help them quickly analyze history and current log data, leveraging capabilities from Google’s Chronicle. It will be delivered via Google Cloud partner Fishtech CYDERES.