Google unveils ‘self-driving’ cloud security feature

Google today unveiled a slew of new security solutions for protecting its cloud. The announcements — made during the company’s Security Summit — include a new intrusion detection system, multiple integrations, and an autonomic security operations stack. Additionally, Google Cloud also announced it’s expanding the availability of its Risk Protection Program.

During a news conference and in a blog post detailing the new solutions, Sunil Potti, VP and GM for Google Cloud Security, framed the launches as part of a larger vision for “invisible security” within the company’s cloud. He explained the aim for all security technologies to be engineered in, niche security talent to be democratized, and siloes to “eventually” disappear.

“Rather than essentially build products that fix problems with other products, which is the case in most security products these days, you have to hit the reset button and embrace something fundamental,” Potti said during an earlier news conference. He added that they assume failure is going to happen, and are designing so the cloud will still be safe.

Security has been top of mind for enterprises, governments, and users lately, especially following an uptick in large-scale and highly visible attacks like those on SolarWinds, Kaeyesa, and critical infrastructure. The year 2020 alone saw more data breaches than the previous 15 years combined, and recent research published by Tripwire found most experts believe public cloud security is “just barely adequate.” Additionally, 21% said cloud companies aren’t doing enough to protect their users.

The new security announcements are fairly significant, and along with them, Google also announced several offerings related to zero trust data.

Chronicle integrates with Looker and BigQuery

Google Cloud announced it’s integrating Chronicle, its own cloud-native security analytics platform, with two of Google Cloud’s analytics platforms: Looker (which Google acquired last year) and BigQuery (which Google recently integrated with another new cloud product, Datastream). The company says the integrations will boost Chronicle’s capabilities for reporting, compliance, data exploration, visual security workflows, security-driven data science, and more.

The integration is set to allow security teams to access five Looker-driven dashboards: Chronicle security overview, IOC matches, rule detections, user sign-ins, and data ingestion and health. Users can also easily create custom dashboards based on their own parameters, according to Google Cloud.

Potti said the idea is “to democratize using a tool like Chronicle” and “make things simple, so that a security analyst doesn’t need to have a PhD, work at the NSA, or so forth.”

“The idea is to actually bring in some of the goodness of our own software that powers Google,” he said. “But without requiring that depth of knowledge or that obligation to hire that talent.”

Cloud IDS launches to fend off threats

Google Cloud additionally unveiled Cloud IDS, a new cloud-native, managed intrusion detection system it says can help detect malware, spyware, command-and-control attacks, and other network-based threats.

Built with Palo Alto Networks’ advanced threat detection technologies, Google Cloud is touting the system’s ability to detect malicious activity with low false positives. The company also says it’s easy to deploy “in just a few clicks,” and that users can create custom workflows within Google Cloud to respond to any threats the system detects.

“You may have heard about self driving data centers and so forth. So this is essentially applying that construct to SOCs,” Potti said.

For customers in regulated industries such as financial services and health care that mandate the use of an IDS, the system may be particularly helpful with ensuring compliance. Cloud IDS will initially integrate with Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, The Devo Platform, and Palo Alto Networks Cortex XSOAR, with integrations for Chronicle and Google Cloud’s Security Command Center to come.

Autonomic Security Operations leverages the Google stack

With the goal of helping customers modernize their security operations against emerging threats, Google Cloud also announced Autonomic Security Operations. A combination of products, integrations, blueprints, technical content, and an accelerator program, Google Cloud says the new offering will enable customers to take advantage of both the company’s security expertise and existing technology stack built on Chronicle.

To bring Autonomic Security Operations to the managed services security market, Google Cloud is also partnering with BT. BT made headlines last year for becoming the first European network to partner with Google to provide free Stadia cloud gaming to its users, and now the two companies are positioning this new announcement as the first stage in a “growing security relationship.”

Risk Protection Program expands availability

Rounding out the announcements, Google Cloud also revealed its expanding availability of its Risk Protection Program to all Google Cloud customers in public preview. The program helps customers connect with Google Cloud’s insurance partners and will offer the expanded availability starting July 28.

The company is framing this offering as part of its “commitment to shared fate,” meaning its intent to be an active partner to customers as they deploy its technologies. During the news conference, Potti said, “There’s a shield of safety or assurance being provided through this protection program that the more you can consume Google Cloud, the more we’re able to kind of provide that assurance.”

That may be true, but it also makes clear Google’s own interest here in getting its customers to immerse themselves in its cloud more and more. Last year, Google was the only public cloud provider to lose ground, slipping from 28% to 24% of Tripwire respondents saying they use the cloud. This comes as competitors — including Amazon Web Services (AWS) and Microsoft Azure — continued to gain market share. For companies that are mostly or entirely cloud, Tripwire found 85% are using AWS alone or as part of a multi-cloud environment.