Highlights:

  • Google Cloud unveiled Cloud Armor Advanced Network DDoS Protection, which gives clients constant attack monitoring and mitigation for certain workloads.
  • Customers can view the service’s archive of previous and ongoing DDoS attacks at any time.

To protect users in the gaming, telecoms, and other sectors that use workloads behind external network load balancers, virtual machines with public IP addresses, or protocol forwarding, Google Cloud is expanding its Cloud Armor network protection service’s features.

These clients were at a high risk of distributed denial-of-service and other types of attacks until now because they lacked a Google Cloud-native defensive capability to safeguard their workloads.

To address this, Google Cloud unveiled Cloud Armor Advanced Network DDoS Protection, which gives clients constant attack monitoring and mitigation for certain workloads. In particular, the so-called SYN flood, UDP flood, DNS reflection, and NTP amplification attacks as well as other volumetric DDoS and protocol DDoS attacks will be protected by the new service.

Lihi Shadmi, the Product Manager for Google Cloud, describes how Cloud Armor Advanced Network DDoS Protection operates in the background at the edge of Google’s network, where it passively monitors two different types of signals. The first concerns the health of the customer’s workload, while the second examines incoming traffic. When Cloud Armor notices early indications of workload duress or a sharp deviation from the expected baseline in traffic patterns, it will notify clients that an attack is underway. According to Shadmi, it is an always-on monitoring system with a low rate of false-positive attack detection and no latency added to network flows.

Cloud Armor checks the traffic to ascertain the attack signature using its well curated signature database when an attack is detected. It can then use this knowledge to deliver the best mitigation at the network’s edge.

“Cloud Armor stops the incoming attack before it reaches the customer’s workloads while allowing legitimate traffic to pass through. The mitigations are in effect only during an attack. Once Cloud Armor identifies the attack has ended, it will disable the mitigations. The whole process, from detection to mitigation, takes mere seconds,” wrote Shadmi.

Customers can view the service’s archive of previous and ongoing DDoS attacks at any time. Three different kinds of event logs are produced during an attack: the detection and beginning of mitigation, updates on the attack’s status every five minutes for as long as it is active, and finally the end of the attack and mitigation. Customers will also be able to see details like traffic volumes and attack categorization.

According to Google, customers can sign up for Cloud Armor’s Managed Protection Plus service to apply for Cloud Armor Advanced Network DDoS Protection. For all the Google Cloud regions they use, they must set up the service to offer security on a per-region basis.

Customers can access flexible cancellation conditions for the first 30 days to test Advanced Network DDoS Protection or any other premium feature they’re interested in using before committing to Cloud Armor’s Managed Protection Plus subscription, according to Shadmi.