Google Cloud tapped Palo Alto Networks’ threat detection for its new managed intrusion detection system, Cloud IDS, available in preview today.
The cloud provider announced this and other new security products at its Security Summit event today.
Cloud IDS is a cloud-native network threat detection service built on Google Cloud infrastructure that uses Palo Alto Networks’ threat-detection technologies. These are based on the security vendor’s VM-Series next-generation firewall and backed by its Unit 42 security research team. Palo Alto Networks’ threat-analysis engine continually updates the catalog of known threats and uses as anomaly detection for unknown threats.
Additionally, Cloud IDS provides visibility into traffic to and from the internet and it also monitors east-west traffic. “It is able to detect malware, spyware, and command and control attacks, both coming in from the internet and within the infrastructure, and other network-based threats,” said Shailesh Shukla, VP and GM of networking at Google Cloud, in an interview with SDxCentral.
“One of the benefits for enterprises is that they can leverage Cloud IDS to gain a tremendous amount of insight into network-based threats,” Shukla continued, adding that some companies have industry-specific requirements for intrusion detection systems. “We enable them to meet some compliance needs in their vertical industry.”
“So this is a combination of making IDS cloud native, making it really simple to operate, deploy, and manage, and having the best-in-class technology underneath, which comes from Palo Alto Networks,” Shukla said.
Palo Alto Networks’ threat-analysis engine processes about 15 trillion transactions per day, said Muninder Singh Sambi, SVP of product management.
“We also have the industry’s best threat intel team,” he added, referring to the vendor’s 200-plus-member Unit 42 organization. “You can think of them as the threat ninjas that look at all of these transactions that we see and are able to provide valuable insights as to whether these are threats or benign requests.”
All of this data pulled into the threat-analysis engine, combined with Unit 42’s research into existing and unknown threats, translates into about 4.3 million security upgrades a day, Singh Sambi said.
In addition to detecting exploits and evasion attempts at both the network and application layers, Cloud IDS also prioritizes threats based on severity.
And once it detects these threats, customers can create custom workflows in Google Cloud to respond to these threats based on alerts.
Customer can also use Cloud IDS data to investigate and correlate threats in existing security information and event management (SIEM) and security orchestration and automated response (SOAR) tools from Splunk, Exabeam, Devo, and Palo Alto Networks XSOAR, and it will soon integrate with Google Cloud’s Chronicle as well.
“Several customers” are already using Cloud IDS in private preview including Bitly and digital banking service Dave.com, and it will “very shortly” be available in public preview, Shukla said.