Cloud IDS - Google New Threat Detection Service
However, experts believe that the installation and support of the new service will require operational security skills and significant financial investments.
Google Cloud has already implemented Cloud Armor firewalls (controls traffic between the Internet and the client's virtual private cloud) and VPC Firewall (controls traffic inside the VPC). Now, the company has introduced another AI-powered Cloud Armor Adaptive Protection feature (currently in preview) for detecting DDoS attacks and application-level attacks such as SQL injection.
At the preview stage, Cloud Armor Adaptive Protection is offered free of charge, but then it will require a Managed Protection Plus subscription ($ 3K / mo for 100 protected resources).
Cloud IDS is built with Palo Alto Networks’ advanced threat detection technologies to deliver highly effective security - the ability for the system to detect malicious activity with low false positives. With Cloud IDS, customers get easy deployment in just a few clicks and it's easy to operate with Google managing scaling, availability, and threat detection updates. Customers in regulated industries such as financial services, retail, and healthcare can use Cloud IDS to help support compliance requirements that mandate the use of an IDS.
Intrusion Detection Service analyzes network data packets in and out of a VPC (Virtual Private Cloud). The service is powered by built-in threat detection technologies from Palo Alto Networks, and when a threat is detected, it issues a notification to the user. By itself, it does not block traffic.
To respond to the network threats that Cloud IDS detects, you can create custom workflows within Google Cloud to take remediation action based on alerts. Cloud IDS can be used with our security partners’ SIEM and SOAR solutions so that you can get additional visibility into network threats, security analytics on Cloud IDS’s alerts, and can set up automated threat responses based on Cloud IDS’s alerts.
At the public preview, Cloud IDS will integrate with Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform, and Palo Alto Networks Cortex XSOAR. And soon, Cloud IDS will integrate with Google Cloud’s Chronicle and Security Command Center as well.
Google does not disclose the cost of the service, pointing out that “you pay as you go and depend on two indicators” - the number of IDS installations and the volume of traffic analyzed. But, judging by the cost of Managed Protection Plus, it will cost a lot.
Like Cloud Armor Adaptive Protection, IDS is offered for free in preview.