VM-Series Now Integrates with GCP Packet Mirroring
Announcing New VM-Series Integration with Google Cloud Packet Mirroring Service
Google Cloud announced the availability of a new Packet Mirroring service in beta, allowing you to troubleshoot your existing Virtual Private Clouds (VPCs) This feature provides a non-intrusive way to monitor the network traffic to and from your Google Compute Engine and Google Kubernetes Engine (GKE).
Palo Alto Networks has built integration of our VM-Series Virtualized Next-Generation Firewall with the new Google Cloud Packet Mirroring service. The VM-Series is the industry-leading virtualized firewall protecting your applications and data with next-generation security features that deliver superior visibility, precise control, and threat prevention at the application level.
The VM-Series virtual firewall on Google Cloud deployed out of band now supports two critical security outcomes:
Granular visibility into application traffic and detection of network-borne threats through inspection of mirrored traffic.
Rapid detection and response against advanced attacks using an AI-driven approach, such as Cortex by Palo Alto Networks.
Application visibility and threat detection
The VM-Series virtual firewall on Google Cloud can analyze, filter, and process the raw traffic available through the Packet Mirroring service within Google Cloud and provide contextually rich application, content, and threat information. The need for extracting data out of Google Cloud for further processing is eliminated, saving cost and providing deep insight into network traffic. Based on this more in-depth inspection, customers can choose to enable alerts for a wide range of security issues, including:
High priority security alerts – Attacks for known exploits, for example, an attempt to exploit CVE-2017-5638 for Apache Struts-based web servers running in Google Cloud. Primarily, the VM-Series virtual firewall is serving as an intrusion detection system (IDS).
Traffic to inappropriate, malicious destinations and command-and-control systems – Detect if the source/destination is inappropriate or malicious, whether there are geo-blocking restrictions to be met or if there is Bitcoin traffic or an SSH session to a known command-and-control (C2) domain.
Based on the visibility and detection (in logs), you can filter for events and enable alerts and actions that can trigger remediation using Action-Oriented Log Forwarding using HTTP(S). This provides a webhook to create a ticket in a service desk system or a security orchestration and response tool, such as Demisto, or launch a Google Cloud function, which can quarantine by shutting down the instance or lock down the firewall rule.
Rapid detection and response against advanced attacks
The VM-Series virtual firewall supports enhanced application logging, which converts raw packet data from Google Cloud mirrored network traffic into context-aware network activity information for storage in Palo Alto Networks cloud services, including Cortex Data Lake. Security applications, such as Cortex XDR, can start analyzing the rich data collected, using analytics and machine learning to detect stealthy attacks and expedite security investigations accurately. Identified threats can be mitigated through automated response from Demisto and other security orchestration and response tools.
To learn more about VM-Series Integrating with GCP Packet Mirroring, we encourage you to follow these links: