Google Cloud today announced new threat detection capabilities with the general availability launch of Cloud IDS, a cloud-native network security offering that aims to provide simplified deployment and use compared to existing options.
An IDS, or intrusion detection system, enables customers to detect network-based threats while meeting regulatory compliance requirements.
Workloads that are migrated to cloud environments don’t relieve customers of network security obligations. Instead, customers must secure their software-defined cloud networks — which are highly dynamic and present unique challenges for security professionals.
A recent survey of cloud engineering professionals found that 36% of organizations suffered a serious cloud security data leak or a breach in the past 12 months. And 64% said they expect the problem to get worse or remain the same over the next year, according to the report from Fugue and Sonatype.
Cloud security challenge
To address their cloud network security needs, security teams often build cloud network threat detection solutions of their own, using components from open source or third parties, Google Cloud said in a blog post. “These bespoke solutions can be difficult and costly to operate, and they often lack the scalability that is required to protect dynamic cloud applications,” the company said in the post.
Cloud IDS aims to relieve security teams of the need to spend time designing and operating their own cloud network threat detection. The offering provides customers with visibility both into “north-south” traffic that is entering their cloud environment, as well as into “east-west” traffic that is occurring between workloads, Google Cloud said.
Cloud IDS offers protections against malware and spyware, command and control attacks, and other vulnerabilities, including illegal code execution and buffer overflow, the company said.
Simplified deployment and use
Google Cloud said that Cloud IDS — which was developed with the help of threat detection capabilities provided by Palo Alto Networks — offers a number of advantages around deployment, use, and management.
The solution can be deployed in “just a few clicks,” and can be “easily” managed via a user interface, a command-line interface, or APIs, Google Cloud said in an email to VentureBeat.
Cloud IDS also stands out because there is no need to architect for high performance and availability — which is already built in with auto-scaling that dynamically adjusts based upon traffic, the company said.
Crucially, there is also no need to create your own attack signatures, Google Cloud said. Because Cloud IDS is an “end-to-end” cloud-native solution built with Palo Alto Networks technology, customers can immediately leverage an “extensive” catalog of attack signatures and detection mechanisms for known attacks, as well as anomaly detection for unknown attacks, the company said. The detection signatures are automatically updated on a daily basis, as well, the company said.
Cloud IDS was originally unveiled in July, and the integrations that were promised during that initial announcement are available now. The offering is integrated with five platforms from other vendors: Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform, and Palo Alto Networks Cortex XSOAR.
Additionally, Cloud IDS is integrated with Google Chronicle, the company’s security analytics platform, enabling investigation of threats that are uncovered by Cloud IDS. Google Cloud plans to launch additional integrations in 2022 but did not provide specifics.
The company said that pricing for the offering is based on a per-hour charge for the Cloud IDS endpoint as well as on how much traffic ends up being inspected.
In terms of target users, Cloud IDS can help customers that are migrating from an on-premises environment to the cloud and who have had an IDS solution deployed on-premises, according to Google Cloud. It’s also ideal for customers that need to achieve compliance with standards such as HIPAA, PCI, and ISO, the company said.
Customers that have been using Cloud IDS already include Avaya, Lytics, and Meditech.
Ultimately, Cloud IDS provides “high levels of security efficacy that enable you to detect malicious activity with few false positives,” Google Cloud said in its blog post. Venture Beat