Google have announced three new services for better threat security detection and protection for enterprises using Google Cloud Platform (GCP): Web Risk API, Cloud Armor, and Cloud HSM.
The Web Risk API is a new Google Cloud service, released in beta, that has been designed to keep application users safe on the web. Google has built this service on the same technology that powers its Safe Browsing feature. The service can warn users against more than a million unsafe URLs, which Google keeps up-to-date by examining billions of URLs each day. As Jennifer Lin, director of Google Cloud Products, explains in the announcement blog post:
With the Web Risk API, you can quickly identify known bad sites, warn users before they click links in your site that may lead to infected pages, and prevent users from posting links to known malicious pages (for example, adding a malicious URL into a comment) from your site.
Next, Google is making Cloud Armor, a Distributed Denial of Service (DDoS) defence and Web Application Firewall (WAF) service for GCP, generally available (GA). This service was introduced last year with several other Cloud Security tools, and was reported on by InfoQ.
John Pescatore, director of emerging trends at SANS Institute, said in a datacenterknowledge article:
The most successful DDoS protection services, such as Akamai, Neustar, and CloudFlare, are all cloud-based. That allows them to scale the horsepower up when the volume of DDoS attacks increase. Given the scale of its global platform, it's natural for Google to have a cloud-based DDoS protection service as well.
Note that Amazon with AWS Shield and Microsoft through Azure DDoS Protection offer cloud-based DDoS mitigation.
With the GA-release, Google includes a new Cloud Armor dashboard that is available in Stackdriver Monitoring – which will make it easy for network admins or Security Operations teams to monitor and analyze traffic subject to Cloud Armor protection and it lets them understand the effectiveness of Cloud Armor security policies. Also, these teams can evaluate and validate the potential impact of proposed rules in preview mode across their whole project, or drill down into individual security policies or backend services.
Lastly, Google is also making its Cloud HSM, a managed cloud-hosted hardware security module (HSM) service on GCP, generally available. With Cloud HSM, Google offers a managed service that allows organizations to protect encryption keys and perform cryptographic operations by the FIPS 140-2 Level 3 encryption standard.
Besides Google Amazon, IBM and Microsoft offer cloud HSM services to help enterprises protect their data in the cloud. Amazon was the first with AWS CloudHSM, followed by Google August last year, then IBM and Microsoft with KeyVault.
Google’s Cloud HSM is available in several regions in the US and Europe, with more regions coming soon. Pricing details of the Cloud HSM are available on the website.