Cloud IDS: Threat Detection Service Like Never Before

Palo Alto Networks is proud to partner with Google Cloud to offer Google Cloud Intrusion Detection System (Cloud IDS)— a network threat detection system delivered as a cloud-native service built with the industry-leading security technologies of Palo Alto Networks. Now in preview, Cloud IDS will allow organizations to deploy best-in-class network threat detection capability powered by Palo Alto Networks with the simplicity and scale of Google Cloud native service.

Discover unprecedented application visibility and threat detection

Cloud IDS can analyze the raw traffic data from Google Cloud workloads and provide contextually rich application and threat information. More importantly, organizations can monitor even the traffic traversing within the VPC boundary using Cloud IDS. This capability complements the visibility and protection VM-Series virtual firewalls provide with traffic crossing the VPC boundary.

Based on this more in-depth inspection, customers can choose to enable alerts for a wide range of security issues, for example:

• High priority security alerts: Attacks for known exploits (for example, an attempt to exploit CVE-2017-5638 for Apache Struts-based web servers running in GCP). 
• Traffic to inappropriate, malicious destinations and command-and-control systems: Detect whether the source/destination is inappropriate or malicious, whether there are geoblocking restrictions to be met, or whether there is bitcoin traffic or an SSH session to a known command-and-control (C2) domain.

Figure 1: Comprehensive visibility and protection of workload traffic

Combining Cloud IDS with VM-Series allows Google Cloud customers to implement a critical principle of Zero Trust: Trust but verify. While the VM-Series protects the trust boundaries (VPCs), with Cloud IDS customers can now verify the application traffic and detect any lateral threat movement within the trust boundary. 

Advanced security analysis with minimal investment

With the constantly evolving nature of the threat landscape, customers find it difficult—especially with limited resources—to address every incident and alert that occurs in their cloud environments. Cloud IDS, powered by the Palo Alto Networks Threat Prevention security service, helps cut through the clutter of false positives to prioritize threat alerts effectively and take rapid remediation actions. 

Customers can also export the logs to their custom Security Information and Event Management systems (SIEMs) such as Splunk Cloud Platform, Splunk Enterprise Platform, Exabeam Advanced Analytics, and the Devo Platform. Additionally, Palo Alto Customers using SIEMs to correlate logs from different Palo Alto Networks security platform products can adapt their specific custom configurations to Cloud IDS logs with minimal or no additional investment. 

All of this enables a holistic view of infrastructure and security posture, enabling faster investigation, analysis, and response to the threats detected on Google Cloud with minimal additional investment. Furthermore, integrations with SOAR tools such as Cortex XSOAR allow customers to automate responses to the alerts and events detected.

Achieving compliance the cloud gets far easier

The compliance mandates of PCI-DSS, HIPAA, and other regulatory standards require customers to use an IDS/IPS to monitor and detect network-based threats. Using Cloud IDS, customers can now quickly and easily support their compliance objectives in a matter of a few clicks. In addition, Cloud IDS policy options such as monitoring all or select subnets within a VPC or monitoring based on network tags ensure that the customers stay compliant even in a dynamically changing environment.

Learn more about Google Cloud IDS.