CLOUD INTRUSION DETECTION SYSTEM

---

Cloud IDS – the newest Google Cloud security feature

Cloud Intrusion Detection System (IDS) is Google Cloud’s solution for detecting network-based threats at both the network and application layers. This includes malware, spyware, command-in-control attacks, and many more. Cloud IDS recruits the best-in-class infrastructure and security for advanced threats from GCP and Palo Alto Technologies respectively. This gives you a cloud-native, managed, and industry-leading security service, without the downside of managing the infrastructure required to host an advanced IDS. It allows you to detect exploit attempts and evasive techniques including remote code execution, buffer overflows, obfuscation, and protocol fragmentation. How does it achieve this?

Cloud IDS is responsible for analyzing and managing the threats that come into your system. It relies on other GCP services within GCP’s ecosystem along with your settings to accomplish this. Traffic from your virtual private cloud (consisting of instances made from Compute or Kubernetes engines) needs to be directed to IDS for analysis. To direct traffic to VMs hosting the IDS system, you first need to specify a Cloud IDS endpoint.

After an endpoint has been specified, traffic from specific instances is cloned by setting up a packet mirroring policy. All the data from the traffic along with packet data, payloads, and headers is forwarded to Cloud IDS for examination. Here, you can select the packets that get mirrored as a result of the high flexibility allowed. You can choose to forward packets from a single or multiple subnets, instances with specific network tags, or even select instances by name.

From here, Cloud IDS VMs analyze the forwarded traffic. It recruits Palo Alto’s security for advanced threats to detect threats within this traffic. Suppose threats are detected, they are logged into Cloud Logging as a result of its integration into the GCP ecosystem. You can view alerts on the Cloud Logging interface and use tools such as BigQuery or PubSub to execute automatic actions depending on the threats that were discovered by Cloud IDS.

Cloud IDS and Palo Alto Networks

Needless to say, Google Cloud will automatically set up these VMs for your IDS service. It will also set up a load balancer to manage your traffic across available VMs. This solution permits you to select the level of threats for which you would want to be alerted (from informational threats to critical threats). Identified threats are displayed on the IDS dashboard; you can click on them to reveal information such as the source and destination IP addresses, etc. It has inbuilt high-performance capabilities, there is no need to architect it for the latter. 

It’s easily deployable with just a few clicks and since it is cloud-native, the rest is handled by Google Cloud. It can scale automatically to meet traffic demands. The security efficacy and breadth is industry-leading, courtesy of Palo Alto Networks, the leading global cybersecurity provider. Using the App-ID™ from Palo Alto Networks, Cloud IDS can recognize malicious apps posing as authentic. In this way you determine the identities of the apps you regularly work with; the malicious ones become easily identifiable.

You may also like…

Cloud Logging and Monitoring

Cloud logging and monitoring is the process of storing logs across all Cloud products with the possibility to search, monitor, and alert based on various metrics. You can store, search, analyze, monitor, and alert on log data from…

Google Workspace vs. Office 365

Everything you ever wanted to know about the two big competitors – Google Workspace and Office 365 in this eBook – Suitable for both beginners as well as professionals. Points covered in this eBook…

How to – Google Cloud Migration?

Google Cloud Migration refers to a process by which enterprises move part of or all their on-premises data center capabilities to Google Cloud, including their app deployed on-premises and other services. It can also mean moving…