Cloud IDS for network-based threat detection is now generally available
Megan Yahya
Product Manager Cloud IDS
Gregory M. Lebovitz
Product Management, Network Security Portfolio, Google Cloud
As more and more applications move to the cloud, cloud network security teams have to keep them secure against an ever-evolving threat landscape. Shielding applications against network threats is also one of the most important criteria for regulatory compliance. For example, effective intrusion detection is a requirement of the Payment Card Industry Data Security Standard - PCI DSS 3.2.1. To address these challenges, many cloud network security teams build their own complex network threat detection solutions based on open source or third-party IDS components. These bespoke solutions can be difficult and costly to operate, and they often lack the scalability that is required to protect dynamic cloud applications.
Earlier this year, we announced Cloud IDS, a new cloud-native network security offering that delivers on our vision of Invisible Security, where key security capabilities are continuously engineered into our trusted cloud platform. Today we’re excited to announce the general availability of Cloud IDS. This core network security offering helps detect network-based threats and helps organizations meet compliance standards that call for the use of an intrusion detection system.
Cloud IDS is built with Palo Alto Networks’ industry-leading threat detection technologies, providing high levels of security efficacy that enable you to detect malicious activity with few false positives.
The general availability release includes these enhancements:
Service availability in all regions
Auto-scaling available in all regions
Detection signatures automatically updated daily
Support for customers’ HIPAA compliance requirements (under the Google Cloud HIPAA Business Associate Agreement)
ISO27001 certification (and in the audit process to support customers’ PCI-DSS compliance requirements by year end)
Integration with Chronicle, Google’s security analytics platform, to help organizations investigate threats surfaced by Cloud IDS.
Managed network threat detection with full traffic visibility
Cloud IDS delivers cloud-native, managed, network-based threat detection. It features simple setup and deployment, and gives customers visibility into traffic entering their cloud environment (north-south traffic) and into traffic between workloads (east-west traffic). Cloud IDS empowers security teams to focus their resources on high priority issues instead of designing and operating complex network threat detection solutions.
Avaya
Avaya is a leader in cloud communications and collaboration solutions. Cloud IDS was enabled for Avaya’s Google Cloud environment to address network threat detection requirements. John Akerboom, Sr. Director for Architecture & Experience Platforms at Avaya shared his experience with Cloud IDS:
"It was easy to setup: a couple clicks, a few settings, and a few minutes later it was up and running," explained Akerboom. "We had a scanner running, and some pen testing going on. We went into the Google Cloud IDS UI and saw all those things in progress."
Lytics
Graham Forest, Principal Operations Engineer at Lytics, a cloud-native, customer data platform (CDP) vendor headquartered in Oregon, summarized his take on Cloud IDS this way:
"It's built-in to our platform on Google Cloud; it's just a toggle, with a giant team of Google SREs behind it. The implementation cost is extremely low; reliability and architecture complexity are not impacted, and maintenance cost is low."
Forest chose Cloud IDS for these main reasons:
"Our customers require compliance validation, like SOC2, and our larger financial customers run their own audits on our service. Our initial interest was to fulfill those compliance requirements. But we also want indication when attackers are attempting to breach our network, and we want to know immediately. We get both with this solution!"
MEDITECH
Medical Information Technology, Inc. (MEDITECH) empowers providers and patients around the world with its Expanse EHR (Electronic Health Record), setting new standards for electronic medical record usability, efficiency, and provider and patient satisfaction. The company's cloud-native solutions are built on Google Cloud, representing the latest step in MEDITECH's journey to deliver innovative, cost-effective healthcare technology that is also safe and secure.
"In healthcare, infrastructure and patient data security are absolutely crucial. Keeping our environment secure is our primary reason for deploying Cloud IDS," said Tom Moriarty, Manager, Information Security, MEDITECH. "The ease of setup and its cloud-native design add value, by protecting access to high quality healthcare for a diverse range of geographic settings and healthcare needs."
MEDITECH also has previous experience with Cloud IDS' threat detection from Palo Alto Networks. "We are using Palo Alto Networks IDS and IPS in our on-premises network, and we look forward to leveraging the same advantages in our cloud hosted environment," said Moriarty.
MEDITECH's confidence in these offerings stems from deploying them in-house. “We are using Google Chronicle as our security analytics tool for our corporate environment. By integrating Cloud IDS with Chronicle, we are able to analyze threats surfaced by Cloud IDS. This also helps us address our compliance requirements,” Moriarty concluded.
Read more about MEDITECH’s use of Cloud IDS in their detailed case study.
Detect at scale, investigate, and respond to threats in all regions
Cloud IDS is now available in all regions. It provides protection against malware, virus and spyware, command and control (C2) attacks, and vulnerabilities such as buffer overflow and illegal code execution attacks. Autoscaling capability dynamically adjusts Cloud IDS as needed when your traffic throughput changes so that you can automatically keep up with your scale needs. Threat signature updates are applied daily so you can stay ahead of the new threat variants. You can now use Chronicle to investigate the threats surfaced in Cloud IDS. With Chronicle’s integration, you can store and analyze Cloud IDS threat logs along with all your security telemetry data in one place so that you can effectively investigate and respond to threats at scale.
Getting started
You can get started with Cloud IDS through the GCP console. Watch a Getting started with Cloud IDS video that walks you through the high-level architecture and a product demo.
Cloud IDS pricing is based on a per-hour charge for the Cloud IDS endpoint and the amount of traffic that is inspected. You can learn more about Cloud IDS and request a 30 day trial credit on the Cloud IDS webpage.