CLOUD INTRUSION DETECTION SYSTEM


Cloud IDS – the newest Google Cloud security feature

Cloud Intrusion Detection System (IDS) is Google Cloud’s solution for detecting network-based threats at both the network and application layers. This includes malware, spyware, command-in-control attacks, and many more. Cloud IDS recruits the best-in-class infrastructure and security for advanced threats from GCP and Palo Alto Technologies respectively. This gives you a cloud-native, managed, and industry-leading security service, without the downside of managing the infrastructure required to host an advanced IDS. It allows you to detect exploit attempts and evasive techniques including remote code execution, buffer overflows, obfuscation, and protocol fragmentation. How does it achieve this?

Cloud IDS is responsible for analyzing and managing the threats that come into your system. It relies on other GCP services within GCP’s ecosystem along with your settings to accomplish this. Traffic from your virtual private cloud (consisting of instances made from Compute or Kubernetes engines) needs to be directed to IDS for analysis. To direct traffic to VMs hosting the IDS system, you first need to specify a Cloud IDS endpoint.

After an endpoint has been specified, traffic from specific instances is cloned by setting up a packet mirroring policy. All the data from the traffic along with packet data, payloads, and headers is forwarded to Cloud IDS for examination. Here, you can select the packets that get mirrored as a result of the high flexibility allowed. You can choose to forward packets from a single or multiple subnets, instances with specific network tags, or even select instances by name.

From here, Cloud IDS VMs analyze the forwarded traffic. It recruits Palo Alto’s security for advanced threats to detect threats within this traffic. Suppose threats are detected, they are logged into Cloud Logging as a result of its integration into the GCP ecosystem. You can view alerts on the Cloud Logging interface and use tools such as BigQuery or PubSub to execute automatic actions depending on the threats that were discovered by Cloud IDS.

Needless to say, Google Cloud will automatically set up these VMs for your IDS service. It will also set up a load balancer to manage your traffic across available VMs. Cloud IDS permits you to select the level of threats for which you would want to be alerted (from informational threats to critical threats). Identified threats are displayed on the IDS dashboard; you can click on them to reveal information such as the source and destination IP addresses, etc. Cloud IDS has inbuilt high-performance capabilities, there is no need to architect it for the latter. 

It’s easily deployable with just a few clicks and since it is cloud-native, the rest is handled by Google Cloud. It can scale automatically to meet traffic demands. The security efficacy and breadth is industry-leading, courtesy of Palo Alto Networks, the leading global cybersecurity provider. Using the App-ID™ from Palo Alto Networks, Cloud IDS can recognize malicious apps posing as authentic. In this way you determine the identities of the apps you regularly work with; the malicious ones become easily identifiable.

Cloud IDS enables you to integrate the functionality of Google Cloud with Palo Alto Network’s Advanced IDS to generate a managed cloud-scale security system.

Get in touch with us

Ready to start your next project with us? Give us a call or send us an email and we will get back to you as soon as possible!

Call us

+43 (720) 34 91 83

Offices

Am Heumarkt 4/17, 1030 Wien, Austria