Google recently revealed that Cloud Armor, a service that delivers distributed denial of service (DDoS) defences and a web application firewall (WAF) to defend customers against web threats, has been enhanced.
Cloud Armor has been generally available since 2019, and it employs the same infrastructure and technologies that Google uses to defend its own web assets.
Google announced Cloud Armor Adaptive Protection, which uses machine learning to defend against Layer 7 DDoS attacks, to improve the service’s capabilities. The new functionality, which is still under preview, is available to all Cloud Armor subscribers, according to Google.
In addition, Google announced the general availability of four new preconfigured WAF rules, as well as a reference design and a sneak peek at new Cloud Armor security for material sent through Cloud CDN or Google Cloud Storage backend buckets.
Adaptive Protection learns what normal traffic patterns should be by monitoring traffic out-of-band, creating a constantly developing baseline for each application or service. As a result, it can detect and examine abnormal traffic patterns in real time, as well as neutralise attacks.
Google used to be able to combat volumetric and protocol-based attacks (Layer 3 and Layer 4) at the edge, but now it’s focusing on application layer (Layer 7) attacks, which are becoming more common. According to the business, such assaults use genuine online requests in large enough volumes to bring down websites and services.
“With the proliferation of readily available DDoS attack tools and for-hire botnets, the size and frequency of DDoS attacks has grown increasingly intense. Because assaults might originate from millions of unique IP addresses, manually triaging and analysing attacks to build and implement blocking rules becomes time and resource expensive, allowing high-volume attacks to damage applications,” Google explains.
Adaptive Protection alerts are forwarded to the Cloud Armor dashboard, Cloud Logging, and Security Command Center, according to the business. Following that, attack-specific signatures and a WAF rule are created to efficiently detect and mitigate application-level assaults. The WAF rule is shown to users, who can select whether or not to use it.
Adaptive Protection is already employed by Google in Project Shield, a programme that helps it secure news sources, human rights organisations, and election monitoring sites.
Customers can start using Adaptive Protection by going to the Cloud Armor area of the Console and “enabling” the policy. Once the capacity is available to the general public, certain functions will require a subscription.